Identity management plumbing to Go

2025-08-14 02:27:38 -07:00 · 2019-09-30 18:59:57 -07:00 · 2019-09-30 18:59:57 -07:00 · 47a08ccbd4
commit 47a08ccbd4
parent 7fc78129f4
7 changed files with 247 additions and 6 deletions
--- a/go/cmd/zerotier/cli/identity.go
+++ b/go/cmd/zerotier/cli/identity.go
@ -13,6 +13,135 @@

 package cli

+import (
+	"encoding/hex"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strings"
+
+	"zerotier/pkg/zerotier"
+)
+
+/*
+  identity <command> [args]            Identity management commands
+    new                                Create new identity (including secret)
+    getpublic <identity>               Extract only public part of identity
+    validate <identity>                Locally validate an identity
+    sign <identity> <file>             Sign a file with an identity's key
+    verify <identity> <file> <sig>     Verify a signature
+*/
+
 // Identity command
 func Identity(args []string) {
+	if len(args) > 0 {
+		switch args[0] {
+
+		case "new":
+			idType := zerotier.IdentityTypeC25519
+			if len(args) > 1 {
+				if len(args) > 2 {
+					Help()
+					os.Exit(1)
+				}
+				switch args[1] {
+				case "c25519":
+				case "p384":
+					idType = zerotier.IdentityTypeP384
+				default:
+					Help()
+					os.Exit(1)
+				}
+			}
+			id, err := zerotier.NewIdentity(idType)
+			if err != nil {
+				fmt.Printf("ERROR: internal error generating identity: %s\n", err.Error())
+				os.Exit(1)
+			}
+			fmt.Println(id.PrivateKeyString())
+			os.Exit(0)
+
+		case "getpublic":
+			if len(args) == 2 {
+				idData, err := ioutil.ReadFile(args[1])
+				if err != nil {
+					fmt.Printf("ERROR: unable to read identity: %s\n", err.Error())
+					os.Exit(1)
+				}
+				id, err := zerotier.NewIdentityFromString(string(idData))
+				if err != nil {
+					fmt.Printf("ERROR: identity in file '%s' invalid: %s\n", args[1], err.Error())
+					os.Exit(1)
+				}
+				fmt.Println(id.String())
+				os.Exit(0)
+			}
+
+		case "validate":
+			if len(args) == 2 {
+				idData, err := ioutil.ReadFile(args[1])
+				if err != nil {
+					fmt.Printf("ERROR: unable to read identity: %s\n", err.Error())
+					os.Exit(1)
+				}
+				id, err := zerotier.NewIdentityFromString(string(idData))
+				if err != nil {
+					fmt.Printf("ERROR: identity in file '%s' invalid: %s\n", args[1], err.Error())
+					os.Exit(1)
+				}
+				if id.LocallyValidate() {
+					fmt.Println("OK")
+					os.Exit(0)
+				}
+				fmt.Println("FAILED")
+				os.Exit(1)
+			}
+
+		case "sign", "verify":
+			if len(args) > 2 {
+				idData, err := ioutil.ReadFile(args[1])
+				if err != nil {
+					fmt.Printf("ERROR: unable to read identity: %s\n", err.Error())
+					os.Exit(1)
+				}
+				id, err := zerotier.NewIdentityFromString(string(idData))
+				if err != nil {
+					fmt.Printf("ERROR: identity in file '%s' invalid: %s\n", args[1], err.Error())
+					os.Exit(1)
+				}
+				msg, err := ioutil.ReadFile(args[2])
+				if err != nil {
+					fmt.Printf("ERROR: unable to read input file: %s\n", err.Error())
+					os.Exit(1)
+				}
+
+				if args[0] == "verify" {
+					if len(args) == 4 {
+						sig, err := hex.DecodeString(strings.TrimSpace(args[3]))
+						if err != nil {
+							fmt.Println("FAILED")
+							os.Exit(1)
+						}
+						if id.Verify(msg, sig) {
+							fmt.Println("OK")
+							os.Exit(0)
+						}
+					}
+					fmt.Println("FAILED")
+					os.Exit(1)
+				} else {
+					sig, err := id.Sign(msg)
+					if err != nil {
+						fmt.Printf("ERROR: internal error signing message: %s\n", err.Error())
+						os.Exit(1)
+					}
+					fmt.Println(hex.EncodeToString(sig))
+					os.Exit(0)
+				}
+			}
+
+		}
+	}
+	Help()
+	os.Exit(1)
 }