Claims autogeneration, optional autogeneration (#11)

* added autogeneration to claims sign, allow disabling autogeneration of keys

* bumped version, fixed duplicate argument error

* reversed incorrect logic for autogeneration

Author: brooksmtownsend

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "wash"
-version = "0.1.3"
+version = "0.1.4"
 authors = ["Brooks Townsend <brooksmtownsend@gmail.com>"]
 edition = "2018"
 repository = "https://github.com/wascc/wash"

src/claims.rs

@@ -14,13 +14,15 @@
 
 // extern crate serde_derive;
 
-use nkeys::KeyPair;
+use crate::keys::extract_keypair;
+use nkeys::{KeyPair, KeyPairType};
 use serde::de::DeserializeOwned;
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 use std::fs::{read_to_string, File};
 use std::io::Read;
 use std::io::Write;
+use std::path::PathBuf;
 use structopt::clap::AppSettings;
 use structopt::StructOpt;
 use term_table::{
@@ -63,6 +65,30 @@ enum ClaimsCliCommand {
     Token(TokenCommand),
 }
 
+#[derive(StructOpt, Debug, Clone)]
+struct SignCommand {
+    /// File to read
+    source: String,
+    /// Target output file. If this flag is not provided, the signed module will be placed in the same directory as the source with a "_s" suffix
+    #[structopt(short = "o", long = "output")]
+    output: Option<String>,
+
+    // /// Location of key files for signing. Defaults to $WASH_KEYS ($HOME/.wash/keys)
+    // #[structopt(
+    //     short = "d",
+    //     long = "directory",
+    //     env = "WASH_KEYS",
+    //     hide_env_values = true
+    // )]
+    // directory: Option<String>,
+    /// Disables autogeneration of signing keys
+    #[structopt(long = "disable-keygen")]
+    disable_keygen: bool,
+
+    #[structopt(flatten)]
+    metadata: ActorMetadata,
+}
+
 #[derive(Debug, Clone, StructOpt)]
 enum TokenCommand {
     /// Generate a signed JWT for an actor module
@@ -81,13 +107,22 @@ enum TokenCommand {
 
 #[derive(Debug, Clone, StructOpt, Serialize, Deserialize)]
 struct GenerateCommon {
-    /// Issuer seed key path (usually a .nk file)
+    /// Path to issuer seed key. If this flag is not provided, the will be sourced from $WASH_KEYS ($HOME/.wash/keys) or generated for you if it cannot be found.
     #[structopt(short = "i", long = "issuer")]
-    issuer_key_path: String,
+    issuer: Option<String>,
 
-    /// Subject seed key path (usually a .nk file)
+    /// Path to subject seed key. If this flag is not provided, the will be sourced from $WASH_KEYS ($HOME/.wash/keys) or generated for you if it cannot be found.
     #[structopt(short = "u", long = "subject")]
-    subject_key_path: String,
+    subject: Option<String>,
+
+    /// Location of key files for signing. Defaults to $WASH_KEYS ($HOME/.wash/keys)
+    #[structopt(
+        short = "d",
+        long = "directory",
+        env = "WASH_KEYS",
+        hide_env_values = true
+    )]
+    directory: Option<String>,
 
     /// Indicates the token expires in the given amount of days. If this option is left off, the token will never expire
     #[structopt(short = "x", long = "expires")]
@@ -223,17 +258,6 @@ struct ActorMetadata {
     common: GenerateCommon,
 }
 
-#[derive(StructOpt, Debug, Clone)]
-struct SignCommand {
-    /// File to read
-    source: String,
-    /// Target output file
-    output: String,
-
-    #[structopt(flatten)]
-    metadata: ActorMetadata,
-}
-
 pub fn handle_command(cli: ClaimsCli) -> Result<(), Box<dyn ::std::error::Error>> {
     match cli.command {
         ClaimsCliCommand::Inspect { file, raw } => render_caps(&file, raw),
@@ -262,25 +286,22 @@ fn get_keypair_vec(paths: &[String]) -> Result<Vec<KeyPair>, Box<dyn ::std::erro
         .collect())
 }
 
-fn get_keypairs(
-    common: &GenerateCommon,
-) -> Result<(KeyPair, KeyPair), Box<dyn ::std::error::Error>> {
-    if common.issuer_key_path.is_empty() {
-        return Err("Must specify an issuer key path".into());
-    }
-    if common.subject_key_path.is_empty() {
-        return Err("Must specify a subject key path".into());
-    }
-    let iss_key = read_to_string(&common.issuer_key_path)?;
-    let sub_key = read_to_string(&common.subject_key_path)?;
-    let issuer = KeyPair::from_seed(iss_key.trim_end())?;
-    let subject = KeyPair::from_seed(sub_key.trim_end())?;
-
-    Ok((issuer, subject))
-}
-
 fn generate_actor(actor: &ActorMetadata) -> Result<(), Box<dyn ::std::error::Error>> {
-    let (issuer, subject) = get_keypairs(&actor.common)?;
+    let issuer = extract_keypair(
+        actor.common.issuer.clone(),
+        None,
+        actor.common.directory.clone(),
+        KeyPairType::Account,
+        true,
+    )?;
+    let subject = extract_keypair(
+        actor.common.subject.clone(),
+        None,
+        actor.common.directory.clone(),
+        KeyPairType::Module,
+        true,
+    )?;
+
     let mut caps_list = vec![];
     if actor.keyvalue {
         caps_list.push(wascap::caps::KEY_VALUE.to_string());
@@ -397,21 +418,20 @@ fn sign_file(cmd: &SignCommand) -> Result<(), Box<dyn ::std::error::Error>> {
     let mut buf = Vec::new();
     sfile.read_to_end(&mut buf).unwrap();
 
-    let mod_kp = if !cmd.metadata.common.subject_key_path.is_empty() {
-        KeyPair::from_seed(&read_to_string(&cmd.metadata.common.subject_key_path)?.trim_end())?
-    } else {
-        let m = KeyPair::new_module();
-        println!("New module key created. SAVE this seed key: {}", m.seed()?);
-        m
-    };
-
-    let acct_kp = if !cmd.metadata.common.issuer_key_path.is_empty() {
-        KeyPair::from_seed(&read_to_string(&cmd.metadata.common.issuer_key_path)?.trim_end())?
-    } else {
-        let a = KeyPair::new_account();
-        println!("New account key created. SAVE this seed key: {}", a.seed()?);
-        a
-    };
+    let issuer = extract_keypair(
+        cmd.metadata.common.issuer.clone(),
+        Some(cmd.source.clone()),
+        cmd.metadata.common.directory.clone(),
+        KeyPairType::Account,
+        cmd.disable_keygen,
+    )?;
+    let subject = extract_keypair(
+        cmd.metadata.common.subject.clone(),
+        Some(cmd.source.clone()),
+        cmd.metadata.common.directory.clone(),
+        KeyPairType::Module,
+        cmd.disable_keygen,
+    )?;
 
     let mut caps_list = vec![];
     if cmd.metadata.keyvalue {
@@ -447,8 +467,8 @@ fn sign_file(cmd: &SignCommand) -> Result<(), Box<dyn ::std::error::Error>> {
     let signed = sign_buffer_with_claims(
         cmd.metadata.name.clone(),
         &buf,
-        mod_kp,
-        acct_kp,
+        issuer,
+        subject,
         cmd.metadata.common.expires_in_days,
         cmd.metadata.common.not_before_days,
         caps_list.clone(),
@@ -458,12 +478,31 @@ fn sign_file(cmd: &SignCommand) -> Result<(), Box<dyn ::std::error::Error>> {
         cmd.metadata.ver.clone(),
     )?;
 
-    let mut outfile = File::create(&cmd.output).unwrap();
+    let output = match cmd.output.clone() {
+        Some(out) => out,
+        None => {
+            let path = PathBuf::from(cmd.source.clone())
+                .parent()
+                .unwrap()
+                .to_str()
+                .unwrap()
+                .to_string();
+            let module_name = PathBuf::from(cmd.source.clone())
+                .file_stem()
+                .unwrap()
+                .to_str()
+                .unwrap()
+                .to_string();
+            format!("{}/{}_s.wasm", path, module_name)
+        }
+    };
+
+    let mut outfile = File::create(&output).unwrap();
     match outfile.write(&signed) {
         Ok(_) => {
             println!(
                 "Successfully signed {} with capabilities: {}",
-                cmd.output,
+                output,
                 caps_list.join(",")
             );
             Ok(())

src/keys.rs

@@ -170,9 +170,10 @@ fn determine_directory(directory: Option<String>) -> String {
 /// Helper function to locate and extract keypair from user input
 pub fn extract_keypair(
     input: Option<String>,
-    module_path: String,
+    module_path: Option<String>,
     directory: Option<String>,
     keypair_type: KeyPairType,
+    disable_keygen: bool,
 ) -> Result<KeyPair, Box<dyn std::error::Error>> {
     let seed = if let Some(input_str) = input {
         match File::open(input_str.clone()) {
@@ -185,10 +186,10 @@ pub fn extract_keypair(
             // User provided seed as an argument
             Err(_e) => input_str,
         }
-    } else {
+    } else if let Some(module) = module_path {
         // No seed value provided, attempting to source from provided or default directory
         let dir = determine_directory(directory);
-        let module_name = PathBuf::from(module_path)
+        let module_name = PathBuf::from(module)
             .file_stem()
             .unwrap()
             .to_str()
@@ -208,23 +209,28 @@ pub fn extract_keypair(
                 s
             }
             // No default key, generating for user
-            Err(_e) => {
+            Err(_e) if !disable_keygen => {
                 let kp = KeyPair::new(keypair_type);
-                println!("No keypair found in {}, we will generate one for you and place it there. If you'd like to use alternative keys, you can supply them as a flag.", path);
+                println!("No keypair found in \"{}\".\nWe will generate one for you and place it there.\nIf you'd like to use alternative keys, you can supply them as a flag.\n", path);
                 let seed = kp.seed()?;
                 fs::create_dir_all(Path::new(&path).parent().unwrap())?;
                 let mut f = File::create(path)?;
                 f.write_all(seed.as_bytes())?;
                 seed
             }
+            _ => {
+                return Err(format!(
+                    "No keypair found in {}, please ensure key exists or supply one as a flag",
+                    path
+                )
+                .into());
+            }
         }
+    } else {
+        return Err("Keypair path or string not supplied. Ensure provided keypair is valid".into());
     };
 
-    // from_seed returns nkeys::error::Error
-    match KeyPair::from_seed(&seed) {
-        Ok(kp) => Ok(kp),
-        Err(e) => Err(e.into()),
-    }
+    KeyPair::from_seed(&seed).map_err(|e| format!("{}", e).into())
 }
 
 fn keypair_type_to_string(keypair_type: KeyPairType) -> String {

src/par.rs

@@ -88,6 +88,10 @@ struct CreateCommand {
     /// Include a compressed provider archive
     #[structopt(long = "compress")]
     compress: bool,
+
+    /// Disables autogeneration of signing keys
+    #[structopt(long = "disable-keygen")]
+    disable_keygen: bool,
 }
 
 #[derive(StructOpt, Debug, Clone)]
@@ -127,6 +131,10 @@ struct InsertCommand {
     /// Path to subject seed key (service). If this flag is not provided, the will be sourced from $WASH_KEYS ($HOME/.wash/keys) or generated for you if it cannot be found.
     #[structopt(short = "s", long = "subject")]
     subject: Option<String>,
+
+    /// Disables autogeneration of signing keys
+    #[structopt(long = "disable-keygen")]
+    disable_keygen: bool,
 }
 
 pub fn handle_command(cli: ParCli) -> Result<()> {
@@ -153,15 +161,17 @@ fn handle_create(cmd: CreateCommand) -> Result<()> {
 
     let issuer = extract_keypair(
         cmd.issuer,
-        cmd.binary.clone(),
+        Some(cmd.binary.clone()),
         cmd.directory.clone(),
         KeyPairType::Account,
+        cmd.disable_keygen,
     )?;
     let subject = extract_keypair(
         cmd.subject,
-        cmd.binary.clone(),
+        Some(cmd.binary.clone()),
         cmd.directory,
         KeyPairType::Service,
+        cmd.disable_keygen,
     )?;
 
     par.add_library(&cmd.arch, &lib)
@@ -254,15 +264,17 @@ fn handle_insert(cmd: InsertCommand) -> Result<()> {
 
     let issuer = extract_keypair(
         cmd.issuer,
-        cmd.binary.clone(),
+        Some(cmd.binary.clone()),
         cmd.directory.clone(),
         KeyPairType::Account,
+        cmd.disable_keygen,
     )?;
     let subject = extract_keypair(
         cmd.subject,
-        cmd.binary.clone(),
+        Some(cmd.binary.clone()),
         cmd.directory,
         KeyPairType::Service,
+        cmd.disable_keygen,
     )?;
 
     let mut f = File::open(cmd.binary.clone())?;