Resend Password Utility

trisacrypto · May 22, 2024 · 3896016 · 3896016
1 parent c50bb60
commit 3896016
Showing 1 changed file with 107 additions and 0 deletions.
diff --git a/cmd/reissuer/main.go b/cmd/reissuer/main.go
@@ -127,6 +127,33 @@ func main() {
 				},
 			},
 		},
+		{
+			Name:   "password",
+			Usage:  "view or resend the password for the latest certificate request",
+			Action: resendPassword,
+			Before: connectDB,
+			After:  closeDB,
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "vasp",
+					Aliases:  []string{"vasp-id", "v"},
+					Usage:    "the VASP ID to send reissuance reminder notifications to",
+					Required: true,
+				},
+				&cli.BoolFlag{
+					Name:    "yes",
+					Aliases: []string{"y"},
+					Usage:   "skip the confirmation prompt and immediately send notifications",
+					Value:   false,
+				},
+				&cli.BoolFlag{
+					Name:    "show",
+					Aliases: []string{"s", "show-password"},
+					Usage:   "show the password on the command line and exit without emailing the user",
+					Value:   false,
+				},
+			},
+		},
 		{
 			Name:   "proto",
 			Usage:  "create an identity certificate protocol buffer from a certificate",
@@ -505,6 +532,86 @@ func reissueCerts(c *cli.Context) (err error) {
 	return nil
 }
 
+func resendPassword(c *cli.Context) (err error) {
+	var (
+		vasp           *pb.VASP
+		vaspName       string
+		certreqID      string
+		pkcs12password []byte
+		sm             *secrets.SecretManager
+		emailer        *emails.EmailManager
+		whisperLink    string
+		nsent          int
+	)
+
+	ctx, cancel := utils.WithDeadline(context.Background())
+	defer cancel()
+
+	// Fetch and identify the VASP specified by the user
+	vaspID := c.String("vasp")
+	if vasp, err = db.RetrieveVASP(ctx, vaspID); err != nil {
+		return cli.Exit(fmt.Errorf("could not find VASP record %s: %s", vaspID, err), 1)
+	}
+
+	if vaspName, err = vasp.Name(); err != nil {
+		vaspName = vasp.CommonName
+	}
+
+	// Get the latest certificate request for the VASP
+	if certreqID, err = models.GetLatestCertReqID(vasp); err != nil {
+		return cli.Exit(fmt.Errorf("could not get latest certificate request ID for vasp %s: %s", vaspName, err), 1)
+	}
+
+	// Connect to the secrets store and fetch the PKCS12 password if it exists
+	if sm, err = secrets.New(conf.Secrets); err != nil {
+		return cli.Exit(fmt.Errorf("could not connect to secret manager: %s", err), 1)
+	}
+
+	if pkcs12password, err = sm.With(certreqID).GetLatestVersion(ctx, "password"); err != nil {
+		return cli.Exit(fmt.Errorf("could not retrieve pkcs12 password for vasp %s certificate request %s: %s", vaspName, certreqID, err), 1)
+	}
+
+	// If print password and exit, do that without user confirmation
+	if c.Bool("show") {
+		fmt.Printf("retrieved password for %s (certificate request %s)\n", vaspName, certreqID)
+		if !c.Bool("yes") {
+			if !askForConfirmation("show PKCS12 password on the command line?") {
+				return cli.Exit(fmt.Errorf("canceled by user"), 1)
+			}
+		}
+
+		// Print password and exit
+		fmt.Println(string(pkcs12password))
+		return nil
+	}
+
+	// Check with the user if we should continue with resending the password
+	fmt.Printf("resending password for %s (certificate request %s)\n", vaspName, certreqID)
+	if !c.Bool("yes") {
+		if !askForConfirmation("continue and resend PKCS12 password?") {
+			return cli.Exit(fmt.Errorf("canceled by user"), 1)
+		}
+	}
+
+	// Create the Whisper link for the provided PKCS12 password.
+	if whisperLink, err = whisper.CreateSecretLink(fmt.Sprintf(whisperPasswordTemplate, string(pkcs12password)), "", 3, weekFromNow()); err != nil {
+		return cli.Exit(err, 1)
+	}
+
+	// Create the email manager.
+	if emailer, err = emails.New(conf.Email); err != nil {
+		return cli.Exit(err, 1)
+	}
+
+	// Send the notification email that certificate reissuance is forthcoming and provide whisper link to the PKCS12 password.
+	if nsent, err = emailer.SendReissuanceStarted(vasp, whisperLink); err != nil {
+		return cli.Exit(err, 1)
+	}
+
+	fmt.Printf("successfully sent %d Whisper password notifications for PKCS12 password %q\n", nsent, pkcs12password)
+	return nil
+}
+
 func makeCertificateProto(c *cli.Context) (err error) {
 	var archive *trust.Serializer
 	if pkcs12password := c.String("pkcs12password"); pkcs12password != "" {