github.com/silveraid/fabric-ca@v1.1.0-preview.0.20180127000700-71974f53ab08/cmd/fabric-ca-client/revoke.go (about) 1 /* 2 Copyright IBM Corp. 2017 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package main 18 19 import ( 20 "path/filepath" 21 22 "github.com/pkg/errors" 23 24 "github.com/cloudflare/cfssl/log" 25 "github.com/hyperledger/fabric-ca/api" 26 "github.com/hyperledger/fabric-ca/lib" 27 "github.com/hyperledger/fabric-ca/util" 28 "github.com/spf13/cobra" 29 ) 30 31 var errInput = errors.New("Invalid usage; either --revoke.name and/or both --revoke.serial and --revoke.aki are required") 32 33 func (c *ClientCmd) newRevokeCommand() *cobra.Command { 34 revokeCmd := &cobra.Command{ 35 Use: "revoke", 36 Short: "Revoke an identity", 37 Long: "Revoke an identity with Fabric CA server", 38 // PreRunE block for this command will check to make sure enrollment 39 // information exists before running the command 40 PreRunE: func(cmd *cobra.Command, args []string) error { 41 if len(args) > 0 { 42 return errors.Errorf(extraArgsError, args, cmd.UsageString()) 43 } 44 45 err := c.configInit() 46 if err != nil { 47 return err 48 } 49 50 log.Debugf("Client configuration settings: %+v", c.clientCfg) 51 52 return nil 53 }, 54 RunE: func(cmd *cobra.Command, args []string) error { 55 err := c.runRevoke(cmd) 56 if err != nil { 57 return err 58 } 59 60 return nil 61 }, 62 } 63 util.RegisterFlags(c.myViper, revokeCmd.Flags(), &c.revokeParams, nil) 64 return revokeCmd 65 } 66 67 // The client revoke main logic 68 func (c *ClientCmd) runRevoke(cmd *cobra.Command) error { 69 log.Debug("Entered runRevoke") 70 71 var err error 72 73 client := lib.Client{ 74 HomeDir: filepath.Dir(c.cfgFileName), 75 Config: c.clientCfg, 76 } 77 78 id, err := client.LoadMyIdentity() 79 if err != nil { 80 return err 81 } 82 83 // aki and serial # are required to revoke a certificate. The enrollment ID 84 // is required to revoke an identity. So, either aki and serial must be 85 // specified OR enrollment ID must be specified, else return an error. 86 // Note that all three can be specified, in which case server will revoke 87 // certificate associated with the specified aki, serial number. 88 if (c.clientCfg.Revoke.Name == "") && (c.clientCfg.Revoke.AKI == "" || 89 c.clientCfg.Revoke.Serial == "") { 90 cmd.Usage() 91 return errInput 92 } 93 94 req := &api.RevocationRequest{ 95 Name: c.clientCfg.Revoke.Name, 96 Serial: c.clientCfg.Revoke.Serial, 97 AKI: c.clientCfg.Revoke.AKI, 98 Reason: c.clientCfg.Revoke.Reason, 99 GenCRL: c.revokeParams.GenCRL, 100 CAName: c.clientCfg.CAName, 101 } 102 result, err := id.Revoke(req) 103 104 if err != nil { 105 return err 106 } 107 log.Infof("Sucessfully revoked certificates: %+v", result.RevokedCerts) 108 109 if req.GenCRL { 110 return storeCRL(c.clientCfg, result.CRL) 111 } 112 return nil 113 }