Major Refactoring, Client can now be used as a library

client/certificates.go

@@ -0,0 +1,109 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"git.nevets.tech/Keys/certman/common"
+)
+
+func PullCerts(config *common.AppConfig, domainConfig *common.DomainConfig, gitWorkspace *common.GitWorkspace) error {
+	// Ex: https://git.example.com/Org/Repo-suffix.git
+	// Clones repo and stores in gitWorkspace, skip if clone fails (doesn't exist?)
+	repoUrl := config.Git.Server + "/" + config.Git.OrgName + "/" + gitWorkspace.Domain + domainConfig.Repo.RepoSuffix + ".git"
+	err := common.CloneRepo(repoUrl, gitWorkspace, common.Client, config)
+	if err != nil {
+		return fmt.Errorf("Error cloning domain repo %s: %v\n", gitWorkspace.Domain, err)
+	}
+	return nil
+}
+
+func DecryptAndWriteCertificates(certsDir string, config *common.AppConfig, domainConfig *common.DomainConfig, gitWorkspace *common.GitWorkspace) error {
+	// Get files in repo
+	fileInfos, err := gitWorkspace.FS.ReadDir("/")
+	if err != nil {
+		return fmt.Errorf("Error reading directory in memFS on domain %s: %v\n", gitWorkspace.Domain, err)
+	}
+	// Iterate over files, filtering by .crpt (encrypted) files in case other files were accidentally added
+	for _, fileInfo := range fileInfos {
+		if strings.HasSuffix(fileInfo.Name(), ".crpt") {
+			filename, _ := strings.CutSuffix(fileInfo.Name(), ".crpt")
+			file, err := gitWorkspace.FS.Open(fileInfo.Name())
+			if err != nil {
+				fmt.Printf("Error opening file in memFS on domain %s: %v\n", gitWorkspace.Domain, err)
+				continue
+			}
+			fileBytes, err := io.ReadAll(file)
+			if err != nil {
+				fmt.Printf("Error reading file in memFS on domain %s: %v\n", gitWorkspace.Domain, err)
+				file.Close()
+				continue
+			}
+			err = file.Close()
+			if err != nil {
+				fmt.Printf("Error closing file on domain %s: %v\n", gitWorkspace.Domain, err)
+				continue
+			}
+
+			err = common.DecryptFileFromBytes(domainConfig.Certificates.CryptoKey, fileBytes, filepath.Join(certsDir, filename), nil)
+			if err != nil {
+				fmt.Printf("Error decrypting file %s in domain %s: %v\n", filename, gitWorkspace.Domain, err)
+				continue
+			}
+
+			headRef, err := gitWorkspace.Repo.Head()
+			if err != nil {
+				fmt.Printf("Error getting head reference for domain %s: %v\n", gitWorkspace.Domain, err)
+				continue
+			}
+
+			err = common.WriteCommitHash(headRef.Hash().String(), config, domainConfig)
+			if err != nil {
+				fmt.Printf("Error writing commit hash: %v\n", err)
+				continue
+			}
+		}
+	}
+	return nil
+}
+
+func DecryptCertificates(certPath, cryptoKey string) error {
+	// Get files in repo
+	fileInfos, err := os.ReadDir(certPath)
+	if err != nil {
+		return fmt.Errorf("error reading directory: %v", err)
+	}
+	// Iterate over files, filtering by .crpt (encrypted) files in case other files were accidentally added
+	for _, fileInfo := range fileInfos {
+		if strings.HasSuffix(fileInfo.Name(), ".crpt") {
+			filename, _ := strings.CutSuffix(fileInfo.Name(), ".crpt")
+			file, err := os.OpenFile(fileInfo.Name(), os.O_RDONLY, 0640)
+			if err != nil {
+				fmt.Printf("Error opening file: %v\n", err)
+				continue
+			}
+			fileBytes, err := io.ReadAll(file)
+			if err != nil {
+				fmt.Printf("Error reading file: %v\n", err)
+				file.Close()
+				continue
+			}
+			err = file.Close()
+			if err != nil {
+				fmt.Printf("Error closing file: %v\n", err)
+				continue
+			}
+
+			err = common.DecryptFileFromBytes(cryptoKey, fileBytes, filepath.Join(certPath, filename), nil)
+			if err != nil {
+				fmt.Printf("Error decrypting file %s: %v\n", filename, err)
+				continue
+			}
+		}
+	}
+
+	return nil
+}