feat(identity): added --add-recipient and --remove-recipient flags for multi-recipient keys
This commit is contained in:
parent
f9ff2c0d62
commit
579e6a1eee
12 changed files with 575 additions and 51 deletions
139
cmd/identity.go
139
cmd/identity.go
|
|
@ -3,6 +3,7 @@ package cmd
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"filippo.io/age"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
|
|
@ -24,6 +25,14 @@ func identityRun(cmd *cobra.Command, args []string) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
addRecipient, err := cmd.Flags().GetString("add-recipient")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
removeRecipient, err := cmd.Flags().GetString("remove-recipient")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if createNew {
|
||||
existing, err := loadIdentity()
|
||||
|
|
@ -45,6 +54,14 @@ func identityRun(cmd *cobra.Command, args []string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
if addRecipient != "" {
|
||||
return identityAddRecipient(addRecipient)
|
||||
}
|
||||
|
||||
if removeRecipient != "" {
|
||||
return identityRemoveRecipient(removeRecipient)
|
||||
}
|
||||
|
||||
if showPath {
|
||||
path, err := identityPath()
|
||||
if err != nil {
|
||||
|
|
@ -66,12 +83,132 @@ func identityRun(cmd *cobra.Command, args []string) error {
|
|||
path, _ := identityPath()
|
||||
okf("pubkey %s", id.Recipient())
|
||||
okf("identity %s", path)
|
||||
|
||||
extra, err := loadRecipients()
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot load recipients: %v", err)
|
||||
}
|
||||
for _, r := range extra {
|
||||
okf("recipient %s", r)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func identityAddRecipient(key string) error {
|
||||
r, err := age.ParseX25519Recipient(key)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot add recipient: %v", err)
|
||||
}
|
||||
|
||||
identity, err := loadIdentity()
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot add recipient: %v", err)
|
||||
}
|
||||
if identity == nil {
|
||||
return withHint(
|
||||
fmt.Errorf("cannot add recipient: no identity found"),
|
||||
"create one first with 'pda identity --new'",
|
||||
)
|
||||
}
|
||||
|
||||
if r.String() == identity.Recipient().String() {
|
||||
return fmt.Errorf("cannot add recipient: key is your own identity")
|
||||
}
|
||||
|
||||
existing, err := loadRecipients()
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot add recipient: %v", err)
|
||||
}
|
||||
for _, e := range existing {
|
||||
if e.String() == r.String() {
|
||||
return fmt.Errorf("cannot add recipient: key already present")
|
||||
}
|
||||
}
|
||||
|
||||
existing = append(existing, r)
|
||||
if err := saveRecipients(existing); err != nil {
|
||||
return fmt.Errorf("cannot add recipient: %v", err)
|
||||
}
|
||||
|
||||
recipients, err := allRecipients(identity)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot add recipient: %v", err)
|
||||
}
|
||||
|
||||
count, err := reencryptAllStores(identity, recipients)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot add recipient: %v", err)
|
||||
}
|
||||
|
||||
okf("added recipient %s", r)
|
||||
if count > 0 {
|
||||
okf("re-encrypted %d secret(s)", count)
|
||||
}
|
||||
return autoSync("added recipient")
|
||||
}
|
||||
|
||||
func identityRemoveRecipient(key string) error {
|
||||
r, err := age.ParseX25519Recipient(key)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot remove recipient: %v", err)
|
||||
}
|
||||
|
||||
identity, err := loadIdentity()
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot remove recipient: %v", err)
|
||||
}
|
||||
if identity == nil {
|
||||
return withHint(
|
||||
fmt.Errorf("cannot remove recipient: no identity found"),
|
||||
"create one first with 'pda identity --new'",
|
||||
)
|
||||
}
|
||||
|
||||
existing, err := loadRecipients()
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot remove recipient: %v", err)
|
||||
}
|
||||
|
||||
found := false
|
||||
var updated []*age.X25519Recipient
|
||||
for _, e := range existing {
|
||||
if e.String() == r.String() {
|
||||
found = true
|
||||
continue
|
||||
}
|
||||
updated = append(updated, e)
|
||||
}
|
||||
if !found {
|
||||
return fmt.Errorf("cannot remove recipient: key not found")
|
||||
}
|
||||
|
||||
if err := saveRecipients(updated); err != nil {
|
||||
return fmt.Errorf("cannot remove recipient: %v", err)
|
||||
}
|
||||
|
||||
recipients, err := allRecipients(identity)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot remove recipient: %v", err)
|
||||
}
|
||||
|
||||
count, err := reencryptAllStores(identity, recipients)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot remove recipient: %v", err)
|
||||
}
|
||||
|
||||
okf("removed recipient %s", r)
|
||||
if count > 0 {
|
||||
okf("re-encrypted %d secret(s)", count)
|
||||
}
|
||||
return autoSync("removed recipient")
|
||||
}
|
||||
|
||||
func init() {
|
||||
identityCmd.Flags().Bool("new", false, "generate a new identity (errors if one already exists)")
|
||||
identityCmd.Flags().Bool("path", false, "print only the identity file path")
|
||||
identityCmd.MarkFlagsMutuallyExclusive("new", "path")
|
||||
identityCmd.Flags().String("add-recipient", "", "add an age public key as an additional encryption recipient")
|
||||
identityCmd.Flags().String("remove-recipient", "", "remove an age public key from the recipient list")
|
||||
identityCmd.MarkFlagsMutuallyExclusive("new", "path", "add-recipient", "remove-recipient")
|
||||
rootCmd.AddCommand(identityCmd)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue