From ceec7c650048fd19ad64c06c6c6158be148f74c3 Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Fri, 18 Sep 2020 17:20:05 -0400 Subject: [PATCH 1/2] Remove add-realm tool This is no longer required as it's moved to the UI --- cmd/add-realm/main.go | 122 ------------------------------------------ 1 file changed, 122 deletions(-) delete mode 100644 cmd/add-realm/main.go diff --git a/cmd/add-realm/main.go b/cmd/add-realm/main.go deleted file mode 100644 index de067c039..000000000 --- a/cmd/add-realm/main.go +++ /dev/null @@ -1,122 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Adds a new realm. -package main - -import ( - "context" - "flag" - "fmt" - "os" - "strconv" - - "github.com/google/exposure-notifications-verification-server/pkg/config" - "github.com/google/exposure-notifications-verification-server/pkg/database" - - "github.com/google/exposure-notifications-server/pkg/logging" - - "github.com/sethvargo/go-envconfig" - "github.com/sethvargo/go-signalcontext" -) - -var ( - nameFlag = flag.String("name", "", "name of the realm to add") - useSystemSigningKey = flag.Bool("use-system-signing-key", false, "if set, the system signing key will be used, otherwise a per-realm signing key will be created.") - issFlag = flag.String("iss", "", "name is the issuer (iss) for the verification certificatates for this realm") - audFlag = flag.String("aud", "", "name is the audience (aud) for the verification certificatates for this realm") -) - -func main() { - flag.Parse() - - ctx, done := signalcontext.OnInterrupt() - - debug, _ := strconv.ParseBool(os.Getenv("LOG_DEBUG")) - logger := logging.NewLogger(debug) - ctx = logging.WithLogger(ctx, logger) - - err := realMain(ctx) - done() - - if err != nil { - logger.Fatal(err) - } -} - -func realMain(ctx context.Context) error { - logger := logging.FromContext(ctx) - - if *nameFlag == "" { - return fmt.Errorf("--name must be passed and cannot be empty") - } - - if !*useSystemSigningKey { - if *issFlag == "" { - return fmt.Errorf("-iss must be passed and cannot be empty when not using the system signing keys") - } - if *audFlag == "" { - return fmt.Errorf("-aud must be passed and cannot be empty when not using the system signing keys") - } - } - - var cfg database.Config - if err := config.ProcessWith(ctx, &cfg, envconfig.OsLookuper()); err != nil { - return fmt.Errorf("failed to process config: %w", err) - } - - db, err := cfg.Load(ctx) - if err != nil { - return fmt.Errorf("failed to load database config: %w", err) - } - if err := db.Open(ctx); err != nil { - return fmt.Errorf("failed to connect to database: %w", err) - } - defer db.Close() - - // See if realm exists. - realm, err := db.FindRealmByName(*nameFlag) - if err != nil { - logger.Infow("realm alredy exists, skipping create", "realm", realm) - } - - if realm == nil { - logger.Info("creating realm") - realm = database.NewRealmWithDefaults(*nameFlag) - if err := db.SaveRealm(realm); err != nil { - return fmt.Errorf("failed to create realm: %w", err) - } - logger.Infow("created realm", "realm", realm) - } - - if *useSystemSigningKey { - logger.Info("use-system-signing-key was passed, skipping creation of per-realm key.") - } else { - // Upgrade the realm to custom keys. - realm.UseRealmCertificateKey = true - realm.CertificateIssuer = *issFlag - realm.CertificateAudience = *audFlag - if err := db.SaveRealm(realm); err != nil { - return fmt.Errorf("error upgrading realm to custom signing keys: %w", err) - } - - kid, err := realm.CreateSigningKeyVersion(ctx, db) - if err != nil { - return fmt.Errorf("error creating signing keys for realm: %w", err) - } - logger.Info("created signing key for realm", "keyID", kid) - } - - return nil -} From df5e6026558bf60ae4d539a5ec7d05f19f2f8474 Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Fri, 18 Sep 2020 17:21:17 -0400 Subject: [PATCH 2/2] Move other things to tools/ --- docs/testing.md | 6 +++--- {cmd => tools}/get-certificate/main.go | 0 {cmd => tools}/get-code/main.go | 0 {cmd => tools}/get-token/main.go | 0 4 files changed, 3 insertions(+), 3 deletions(-) rename {cmd => tools}/get-certificate/main.go (100%) rename {cmd => tools}/get-code/main.go (100%) rename {cmd => tools}/get-token/main.go (100%) diff --git a/docs/testing.md b/docs/testing.md index 25817cfad..2a1ff3d29 100644 --- a/docs/testing.md +++ b/docs/testing.md @@ -7,7 +7,7 @@ This document describes the process for manually testing the system. 1. Request a verification code using the **Admin** API key: ```sh - go run ./cmd/get-code \ + go run ./tools/get-code \ -type "confirmed" \ -onset "2020-08-01" \ -apikey "ADMIN_API_KEY" @@ -20,7 +20,7 @@ This document describes the process for manually testing the system. **Device** API key: ```sh - go run ./cmd/get-token \ + go run ./tools/get-token \ -apikey "DEVICE_API_KEY" \ -code "CODE_FROM_STEP_2" ``` @@ -37,7 +37,7 @@ This document describes the process for manually testing the system. HMAC of the TEKs you plan to upload: ```sh - go run ./cmd/get-certificate \ + go run ./tools/get-certificate \ -apikey "DEVICE_API_KEY" \ -token "VERIFICATION_TOKEN" \ -hmac "HMAC_OF_TEKS" diff --git a/cmd/get-certificate/main.go b/tools/get-certificate/main.go similarity index 100% rename from cmd/get-certificate/main.go rename to tools/get-certificate/main.go diff --git a/cmd/get-code/main.go b/tools/get-code/main.go similarity index 100% rename from cmd/get-code/main.go rename to tools/get-code/main.go diff --git a/cmd/get-token/main.go b/tools/get-token/main.go similarity index 100% rename from cmd/get-token/main.go rename to tools/get-token/main.go