shimun/ssh-cert-dist
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

added: prohibit key update flag

Browse Source
This commit is contained in:
shimun 2022-12-24 20:57:55 +01:00
parent ccd7484979
commit 6e6111a164
Signed by: shimun
GPG Key ID: E0420647856EA39E
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
client/src/client.rs
View File

@ -3,10 +3,10 @@ use axum_extra::routing::TypedPath;
use clap::{Parser, Subcommand}; use clap::{Parser, Subcommand};
use reqwest::{Client, StatusCode}; use reqwest::{Client, StatusCode};
use ssh_key::Certificate; use ssh_key::Certificate;
use std::io::stdin;
use std::path::PathBuf; use std::path::PathBuf;
use std::time::{Duration, SystemTime}; use std::time::{Duration, SystemTime};
use tokio::fs; use tokio::fs;
use tokio::io::{stdin, AsyncBufReadExt, BufReader};
use tracing::{debug, error, info, instrument, trace}; use tracing::{debug, error, info, instrument, trace};
use url::Url; use url::Url;
@ -27,7 +27,9 @@ pub struct ClientArgs {
pub struct FetchArgs { pub struct FetchArgs {
#[clap(flatten)] #[clap(flatten)]
args: ClientArgs, args: ClientArgs,
#[clap(short = 'c', long = "cert-dir", env = env_key!("CERT_DIR") )] #[clap(short = 'k', long = "key-update", env = env_key!("KEY_UPDATE"))]
prohibit_key_update: bool,
#[clap(short = 'c', long = "cert-dir", env = env_key!("CERT_DIR"))]
cert_dir: PathBuf, cert_dir: PathBuf,
/// minimum time in days between now and expiry to consider checking /// minimum time in days between now and expiry to consider checking
#[clap(short = 'd', long = "days", default_value = "60", env = env_key!("MIN_DELTA_DAYS"))] #[clap(short = 'd', long = "days", default_value = "60", env = env_key!("MIN_DELTA_DAYS"))]
@ -109,6 +111,7 @@ async fn upload_cert(client: Client, url: Url, cert: Certificate) -> anyhow::Res
async fn fetch( async fn fetch(
FetchArgs { FetchArgs {
cert_dir, cert_dir,
prohibit_key_update,
min_delta_days: min_delta, min_delta_days: min_delta,
args: ClientArgs { api, interactive }, args: ClientArgs { api, interactive },
}: FetchArgs, }: FetchArgs,
@ -134,8 +137,13 @@ async fn fetch(
let client = client.clone(); let client = client.clone();
tokio::spawn(async move { fetch_cert(client, url, cert).await }) tokio::spawn(async move { fetch_cert(client, url, cert).await })
}); });
let mut stdin = BufReader::new(stdin()).lines();
for cert in updates { for cert in updates {
if let Ok(Some((cert, update))) = cert.await? { if let Ok(Some((cert, update))) = cert.await? {
if prohibit_key_update && cert.public_key() != update.public_key() {
debug!(?update, "skipping cert due to key change");
continue;
}
if interactive { if interactive {
println!("certificate update: {}", cert.key_id()); println!("certificate update: {}", cert.key_id());
println!( println!(
@ -144,9 +152,8 @@ async fn fetch(
update.valid_before() update.valid_before()
); );
println!("update? : (y/n)"); println!("update? : (y/n)");
let mut yes = String::with_capacity(3); let yes = stdin.next_line().await?;
stdin().read_line(&mut yes)?; if !matches!(yes, Some(line) if line.starts_with(['y', 'Y'])) {
if !yes.starts_with(['y', 'Y']) {
break; break;
} }
} }