package client import ( "fmt" "io" "os" "path/filepath" "strings" "git.nevets.tech/Steven/certman/common" ) func PullCerts(config *common.AppConfig, domainConfig *common.DomainConfig, gitWorkspace *common.GitWorkspace) error { // Ex: https://git.example.com/Org/Repo-suffix.git // Clones repo and stores in gitWorkspace, skip if clone fails (doesn't exist?) repoUrl := config.Git.Server + "/" + config.Git.OrgName + "/" + gitWorkspace.Domain + domainConfig.Repo.RepoSuffix + ".git" err := common.CloneRepo(repoUrl, gitWorkspace, common.Client, config) if err != nil { return fmt.Errorf("Error cloning domain repo %s: %v\n", gitWorkspace.Domain, err) } return nil } func DecryptAndWriteCertificates(certsDir string, config *common.AppConfig, domainConfig *common.DomainConfig, gitWorkspace *common.GitWorkspace) error { // Get files in repo fileInfos, err := gitWorkspace.FS.ReadDir("/") if err != nil { return fmt.Errorf("Error reading directory in memFS on domain %s: %v\n", gitWorkspace.Domain, err) } // Iterate over files, filtering by .crpt (encrypted) files in case other files were accidentally added for _, fileInfo := range fileInfos { if strings.HasSuffix(fileInfo.Name(), ".crpt") { filename, _ := strings.CutSuffix(fileInfo.Name(), ".crpt") file, err := gitWorkspace.FS.Open(fileInfo.Name()) if err != nil { fmt.Printf("Error opening file in memFS on domain %s: %v\n", gitWorkspace.Domain, err) continue } fileBytes, err := io.ReadAll(file) if err != nil { fmt.Printf("Error reading file in memFS on domain %s: %v\n", gitWorkspace.Domain, err) file.Close() continue } err = file.Close() if err != nil { fmt.Printf("Error closing file on domain %s: %v\n", gitWorkspace.Domain, err) continue } err = common.DecryptFileFromBytes(domainConfig.Certificates.CryptoKey, fileBytes, filepath.Join(certsDir, filename), nil) if err != nil { fmt.Printf("Error decrypting file %s in domain %s: %v\n", filename, gitWorkspace.Domain, err) continue } headRef, err := gitWorkspace.Repo.Head() if err != nil { fmt.Printf("Error getting head reference for domain %s: %v\n", gitWorkspace.Domain, err) continue } err = common.WriteCommitHash(headRef.Hash().String(), config, domainConfig) if err != nil { fmt.Printf("Error writing commit hash: %v\n", err) continue } } } return nil } func DecryptCertificates(certPath, cryptoKey string) error { // Get files in repo fileInfos, err := os.ReadDir(certPath) if err != nil { return fmt.Errorf("error reading directory: %v", err) } // Iterate over files, filtering by .crpt (encrypted) files in case other files were accidentally added for _, fileInfo := range fileInfos { if strings.HasSuffix(fileInfo.Name(), ".crpt") { filename, _ := strings.CutSuffix(fileInfo.Name(), ".crpt") file, err := os.OpenFile(fileInfo.Name(), os.O_RDONLY, 0640) if err != nil { fmt.Printf("Error opening file: %v\n", err) continue } fileBytes, err := io.ReadAll(file) if err != nil { fmt.Printf("Error reading file: %v\n", err) file.Close() continue } err = file.Close() if err != nil { fmt.Printf("Error closing file: %v\n", err) continue } err = common.DecryptFileFromBytes(cryptoKey, fileBytes, filepath.Join(certPath, filename), nil) if err != nil { fmt.Printf("Error decrypting file %s: %v\n", filename, err) continue } } } return nil }