diff --git a/cmd/root.go b/cmd/root.go index 6175eb79..f2f975a7 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -17,7 +17,6 @@ import ( cfgcmd "github.com/foundriesio/fioctl/subcommands/config" "github.com/foundriesio/fioctl/subcommands/devices" "github.com/foundriesio/fioctl/subcommands/docker" - "github.com/foundriesio/fioctl/subcommands/el2g" "github.com/foundriesio/fioctl/subcommands/events" "github.com/foundriesio/fioctl/subcommands/factories" "github.com/foundriesio/fioctl/subcommands/git" @@ -83,7 +82,6 @@ func init() { rootCmd.AddCommand(devices.NewCommand()) rootCmd.AddCommand(docker.NewCommand()) rootCmd.AddCommand(git.NewCommand()) - rootCmd.AddCommand(el2g.NewCommand()) rootCmd.AddCommand(events.NewCommand()) rootCmd.AddCommand(factories.NewCommand()) rootCmd.AddCommand(keys.NewCommand()) diff --git a/subcommands/el2g/aws.go b/subcommands/el2g/aws.go deleted file mode 100644 index 1d97ee76..00000000 --- a/subcommands/el2g/aws.go +++ /dev/null @@ -1,77 +0,0 @@ -package el2g - -import ( - "bytes" - "encoding/json" - "fmt" - "os" - "os/exec" - "runtime" - - "github.com/foundriesio/fioctl/subcommands" - "github.com/spf13/cobra" - "github.com/spf13/viper" -) - -func init() { - awsCmd := &cobra.Command{ - Use: "config-aws-iot", - Short: "Setup EdgeLock 2Go support in AWS IOT", - Run: doAwsIOT, - } - cmd.AddCommand(awsCmd) -} - -func doAwsIOT(cmd *cobra.Command, args []string) { - factory := viper.GetString("factory") - - fmt.Println("Getting registration code from AWS") - resp := run("/usr/bin/env", "aws", "iot", "get-registration-code") - fmt.Println(" |->", resp["registrationCode"]) - - fmt.Println("Configuring EdgeLock 2Go") - cert, err := api.El2gConfigAws(factory, resp["registrationCode"]) - subcommands.DieNotNil(err) - - cafile, err := os.CreateTemp("", "el2g-*.crt") - subcommands.DieNotNil(err) - defer os.Remove(cafile.Name()) - _, err = cafile.WriteString(cert.CA) - subcommands.DieNotNil(err) - - certfile, err := os.CreateTemp("", "el2g-*.crt") - subcommands.DieNotNil(err) - defer os.Remove(certfile.Name()) - _, err = certfile.WriteString(cert.Cert) - subcommands.DieNotNil(err) - - resp = run("/usr/bin/env", "aws", "iot", "register-ca-certificate", - "--ca-certificate", "file://"+cafile.Name(), - "--verification-cert", "file://"+certfile.Name()) - certId := resp["certificateId"] - fmt.Println(" |-> AWS Certificate ID", certId) - - c := exec.Command("/usr/bin/env", "aws", "iot", "update-ca-certificate", - "--certificate-id", certId, - "--new-status", "ACTIVE", - "--new-auto-registration-status", "ENABLE", - ) - c.Stdout = os.Stdout - c.Stderr = os.Stderr - subcommands.DieNotNil(c.Run()) - fmt.Println(" |-> ACTIVE") -} - -func run(args ...string) map[string]string { - if runtime.GOOS == "windows" && args[0] == "/usr/bin/env" { - args = args[1:] - } - cmd := exec.Command(args[0], args[1:]...) - var out bytes.Buffer - cmd.Stdout = &out - cmd.Stderr = os.Stderr - subcommands.DieNotNil(cmd.Run()) - var resp map[string]string - subcommands.DieNotNil(json.Unmarshal(out.Bytes(), &resp)) - return resp -} diff --git a/subcommands/el2g/cmd.go b/subcommands/el2g/cmd.go deleted file mode 100644 index 918fc04d..00000000 --- a/subcommands/el2g/cmd.go +++ /dev/null @@ -1,24 +0,0 @@ -package el2g - -import ( - "github.com/spf13/cobra" - - "github.com/foundriesio/fioctl/client" - "github.com/foundriesio/fioctl/subcommands" -) - -var api *client.Api - -var cmd = &cobra.Command{ - Use: "el2g", - Short: "Manage EdgeLock 2Go integration", - Long: "This is an optional feature that must be enabled by Foundries.io customer support", - PersistentPreRun: func(cmd *cobra.Command, args []string) { - api = subcommands.Login(cmd) - }, -} - -func NewCommand() *cobra.Command { - subcommands.RequireFactory(cmd) - return cmd -} diff --git a/subcommands/el2g/devices.go b/subcommands/el2g/devices.go deleted file mode 100644 index ef7b3fab..00000000 --- a/subcommands/el2g/devices.go +++ /dev/null @@ -1,157 +0,0 @@ -package el2g - -import ( - "fmt" - "math/big" - "strings" - - "github.com/cheynewallace/tabby" - "github.com/foundriesio/fioctl/subcommands" - "github.com/spf13/cobra" - "github.com/spf13/viper" -) - -var production bool - -func init() { - devicesCmd := &cobra.Command{ - Use: "devices", - Short: "Manage devices for EdgeLock 2Go", - } - cmd.AddCommand(devicesCmd) - - devicesCmd.AddCommand(&cobra.Command{ - Use: "list", - Short: "List devices configured to use EdgeLock 2Go", - Run: doList, - }) - - devicesCmd.AddCommand(&cobra.Command{ - Use: "show ", - Short: "Show the integration details for a device", - Args: cobra.ExactArgs(1), - Run: doShow, - }) - - add := &cobra.Command{ - Use: "add ", - Short: "Grant device access to EdgeLock 2GO", - Args: cobra.ExactArgs(2), - Run: doAdd, - Example: `# Add a device with an SE050 (product ID: 935389312472) -# The product IDs configured for you Factory can be found by running -# fioctl el2g status -# Device ID can be found on a device by running: -# $ ssscli se05x uid | grep "Unique ID:" | cut -d: -f2 -# ssscli se05x uid | grep "Unique ID:" | cut -d: -f2 -# 04005001eee3ba1ee96e60047e57da0f6880 -# This ID is hexadecimal and must be prefixed in the CLI with 0x0 (0x + 36 digits). -# For example: -fioctl el2g devices add 935389312472 0x04005001eee3ba1ee96e60047e57da0f6880 - -# A base-10 decimal ID(42 digits) may be used as well. To do the equivalent of -# the example above in decimal: -fioctl el2g devices add 935389312472 348555492004256518532939906410866457667712 - -# Add a production device with an SE051 HSM (product ID: 935414457472) -fioctl el2g devices add --production 935414457472 0x04005001eee3ba1ee96e60047e57da0f6880 -`, - } - add.Flags().BoolVarP(&production, "production", "", false, "A production device") - devicesCmd.AddCommand(add) - del := &cobra.Command{ - Use: "delete ", - Short: "Revoke device access to EdgeLock 2GO", - Args: cobra.ExactArgs(2), - Run: doDelete, - } - del.Flags().BoolVarP(&production, "production", "", false, "A production device") - devicesCmd.AddCommand(del) -} - -func doList(cmd *cobra.Command, args []string) { - factory := viper.GetString("factory") - devices, err := api.El2gDevices(factory) - subcommands.DieNotNil(err) - t := tabby.New() - t.AddHeader("GROUP", "ID") - for _, device := range devices { - t.AddLine(device.DeviceGroup, device.Id) - } - t.Print() -} - -func doShow(cmd *cobra.Command, args []string) { - factory := viper.GetString("factory") - deviceId := args[0] - verifyDeviceId(deviceId) - - info, err := api.El2gProductInfo(factory, deviceId) - subcommands.DieNotNil(err) - fmt.Println("Hardware Type:", info.Type) - fmt.Println("Hardware 12NC:", info.Nc12) - - fmt.Println("Secure Objects:") - objects, err := api.El2gSecureObjectProvisionings(factory, deviceId) - subcommands.DieNotNil(err) - t := subcommands.Tabby(1, "NAME", "TYPE", "STATUS") - foundCert := false - for _, obj := range objects { - t.AddLine(obj.Name, obj.Type, obj.State) - if len(obj.Cert) > 0 { - foundCert = true - } - } - t.Print() - - if foundCert { - fmt.Println("Certificates:") - for _, obj := range objects { - if len(obj.Cert) > 0 { - fmt.Println("#", obj.Name) - fmt.Println(obj.Cert) - fmt.Println() - } - } - } - -} - -func doAdd(cmd *cobra.Command, args []string) { - factory := viper.GetString("factory") - prodId := args[0] - deviceId := args[1] - verifyDeviceId(deviceId) - subcommands.DieNotNil(api.El2gAddDevice(factory, prodId, deviceId, production)) -} - -func doDelete(cmd *cobra.Command, args []string) { - factory := viper.GetString("factory") - prodId := args[0] - deviceId := args[1] - verifyDeviceId(deviceId) - subcommands.DieNotNil(api.El2gDeleteDevice(factory, prodId, deviceId, production)) -} - -func verifyDeviceId(id string) { - msg := "device IDs must be either 36 digit hex including a 0x0 prefix or 42 digit base-10 value. %s" - if strings.HasPrefix(id, "0x") { - if len(id) != 38 { - detail := fmt.Sprintf("Invalid hexadecimal length: %d", len(id)) - subcommands.DieNotNil(fmt.Errorf(msg, detail)) - } - n := new(big.Int) - if _, ok := n.SetString(id[2:], 16); !ok { - subcommands.DieNotNil(fmt.Errorf(msg, "Invalid base 16 conversion to big int")) - } - } else { - if len(id) != 42 { - detail := fmt.Sprintf("Invalid decimal length: %d", len(id)) - subcommands.DieNotNil(fmt.Errorf(msg, detail)) - } - n := new(big.Int) - if _, ok := n.SetString(id, 10); !ok { - subcommands.DieNotNil(fmt.Errorf(msg, "Invalid base 10 conversion to big int")) - } - } -} diff --git a/subcommands/el2g/gateway.go b/subcommands/el2g/gateway.go deleted file mode 100644 index b3032c47..00000000 --- a/subcommands/el2g/gateway.go +++ /dev/null @@ -1,65 +0,0 @@ -package el2g - -import ( - "fmt" - "os" - - "github.com/foundriesio/fioctl/client" - "github.com/foundriesio/fioctl/subcommands" - "github.com/foundriesio/fioctl/x509" - "github.com/spf13/cobra" - "github.com/spf13/viper" -) - -var ( - pkiDir string - hsmModule string - hsmPin string - hsmTokenLabel string -) - -func init() { - configCmd := &cobra.Command{ - Use: "config-device-gateway", - Short: "Setup EdgeLock 2Go support for device gateway", - Run: doDeviceGateway, - Example: ` - fioctl el2g config-device-gateway --pki-dir /tmp/factory-pki`, - } - cmd.AddCommand(configCmd) - configCmd.Flags().StringVarP(&pkiDir, "pki-dir", "", "", "Directory containing factory PKI keys") - configCmd.Flags().StringVarP(&hsmModule, "hsm-module", "", "", "Load a root CA key from a PKCS#11 compatible HSM using this module") - configCmd.Flags().StringVarP(&hsmPin, "hsm-pin", "", "", "The PKCS#11 PIN to log into the HSM") - configCmd.Flags().StringVarP(&hsmTokenLabel, "hsm-token-label", "", "", "The label of the HSM token containing the root CA key") - _ = configCmd.MarkFlagRequired("pki-dir") -} - -func doDeviceGateway(cmd *cobra.Command, args []string) { - factory := viper.GetString("factory") - - subcommands.DieNotNil(os.Chdir(pkiDir)) - hsm, err := x509.ValidateHsmArgs( - hsmModule, hsmPin, hsmTokenLabel, "--hsm-module", "--hsm-pin", "--hsm-token-label") - subcommands.DieNotNil(err) - x509.InitHsm(hsm) - - ca, err := api.FactoryGetCA(factory) - subcommands.DieNotNil(err) - - fmt.Println("Requesting CSR from EdgeLock 2Go") - csr, err := api.El2gCreateDg(factory) - subcommands.DieNotNil(err) - - fmt.Println("Signing CSR") - generatedCa := x509.SignEl2GoCsr(csr.Value) - - fmt.Println("Uploading signed certificate") - errPrefix := "Unable to upload certificate:\n" + generatedCa - subcommands.DieNotNil(api.El2gUploadDgCert(factory, csr.Id, ca.RootCrt, generatedCa), errPrefix) - - fmt.Println("Updating Factory allowed CA's with") - fmt.Println(generatedCa) - newCa := ca.CaCrt + "\n" + generatedCa - certs := client.CaCerts{CaCrt: newCa} - subcommands.DieNotNil(api.FactoryPatchCA(factory, certs)) -} diff --git a/subcommands/el2g/status.go b/subcommands/el2g/status.go deleted file mode 100644 index 3838a247..00000000 --- a/subcommands/el2g/status.go +++ /dev/null @@ -1,64 +0,0 @@ -package el2g - -import ( - "fmt" - "strconv" - - "github.com/foundriesio/fioctl/subcommands" - "github.com/spf13/cobra" - "github.com/spf13/viper" -) - -func init() { - cmd.AddCommand(&cobra.Command{ - Use: "status", - Short: "Show the overall status of the Edgelock 2Go integration", - Run: doStatus, - }) -} - -func doStatus(cmd *cobra.Command, args []string) { - factory := viper.GetString("factory") - - products, err := api.El2gProducts(factory) - subcommands.DieNotNil(err) - - overview, err := api.El2gOverview(factory) - subcommands.DieNotNil(err) - fmt.Println("# Subdomain:", overview.Subdomain) - fmt.Println("\n# Product IDs") - t := subcommands.Tabby(1, "ID", "NAME") - for _, id := range overview.ProductIds { - name := "" - for _, prod := range products { - if prod.Nc12 == strconv.Itoa(id) { - name = prod.Type - break - } - } - t.AddLine(id, name) - } - t.Print() - - secureObjects, err := api.El2gSecureObjects(factory) - subcommands.DieNotNil(err) - fmt.Println("\n# Secure Objects") - t = subcommands.Tabby(1, "TYPE", "NAME", "OBJECT ID") - for _, so := range secureObjects { - t.AddLine(so.Type, so.Name, so.ObjectId) - } - t.Print() - - fmt.Println("\n# Intermediate CAs") - cas, err := api.El2gIntermediateCas(factory) - subcommands.DieNotNil(err) - for i, ca := range cas { - if i > 0 { - fmt.Println() - } - fmt.Println("Name:", ca.Name) - fmt.Println("Algorithm:", ca.Algorithm) - fmt.Println("ID:", ca.Id) - fmt.Println(ca.Value) - } -}