certman/client/certificates.go

package client

import (
	"fmt"
	"io"
	"os"
	"path/filepath"
	"strings"

	"git.nevets.tech/Keys/certman/common"
)

func PullCerts(config *common.AppConfig, domainConfig *common.DomainConfig, gitWorkspace *common.GitWorkspace) error {
	// Ex: https://git.example.com/Org/Repo-suffix.git
	// Clones repo and stores in gitWorkspace, skip if clone fails (doesn't exist?)
	repoUrl := config.Git.Server + "/" + config.Git.OrgName + "/" + gitWorkspace.Domain + domainConfig.Repo.RepoSuffix + ".git"
	err := common.CloneRepo(repoUrl, gitWorkspace, common.Client, config)
	if err != nil {
		return fmt.Errorf("Error cloning domain repo %s: %v\n", gitWorkspace.Domain, err)
	}
	return nil
}

func DecryptAndWriteCertificates(certsDir string, config *common.AppConfig, domainConfig *common.DomainConfig, gitWorkspace *common.GitWorkspace) error {
	// Get files in repo
	fileInfos, err := gitWorkspace.FS.ReadDir("/")
	if err != nil {
		return fmt.Errorf("Error reading directory in memFS on domain %s: %v\n", gitWorkspace.Domain, err)
	}
	// Iterate over files, filtering by .crpt (encrypted) files in case other files were accidentally added
	for _, fileInfo := range fileInfos {
		if strings.HasSuffix(fileInfo.Name(), ".crpt") {
			filename, _ := strings.CutSuffix(fileInfo.Name(), ".crpt")
			file, err := gitWorkspace.FS.Open(fileInfo.Name())
			if err != nil {
				fmt.Printf("Error opening file in memFS on domain %s: %v\n", gitWorkspace.Domain, err)
				continue
			}
			fileBytes, err := io.ReadAll(file)
			if err != nil {
				fmt.Printf("Error reading file in memFS on domain %s: %v\n", gitWorkspace.Domain, err)
				file.Close()
				continue
			}
			err = file.Close()
			if err != nil {
				fmt.Printf("Error closing file on domain %s: %v\n", gitWorkspace.Domain, err)
				continue
			}

			err = common.DecryptFileFromBytes(domainConfig.Certificates.CryptoKey, fileBytes, filepath.Join(certsDir, filename), nil)
			if err != nil {
				fmt.Printf("Error decrypting file %s in domain %s: %v\n", filename, gitWorkspace.Domain, err)
				continue
			}

			headRef, err := gitWorkspace.Repo.Head()
			if err != nil {
				fmt.Printf("Error getting head reference for domain %s: %v\n", gitWorkspace.Domain, err)
				continue
			}

			err = common.WriteCommitHash(headRef.Hash().String(), config, domainConfig)
			if err != nil {
				fmt.Printf("Error writing commit hash: %v\n", err)
				continue
			}
		}
	}
	return nil
}

func DecryptCertificates(certPath, cryptoKey string) error {
	// Get files in repo
	fileInfos, err := os.ReadDir(certPath)
	if err != nil {
		return fmt.Errorf("error reading directory: %v", err)
	}
	// Iterate over files, filtering by .crpt (encrypted) files in case other files were accidentally added
	for _, fileInfo := range fileInfos {
		if strings.HasSuffix(fileInfo.Name(), ".crpt") {
			filename, _ := strings.CutSuffix(fileInfo.Name(), ".crpt")
			file, err := os.OpenFile(fileInfo.Name(), os.O_RDONLY, 0640)
			if err != nil {
				fmt.Printf("Error opening file: %v\n", err)
				continue
			}
			fileBytes, err := io.ReadAll(file)
			if err != nil {
				fmt.Printf("Error reading file: %v\n", err)
				file.Close()
				continue
			}
			err = file.Close()
			if err != nil {
				fmt.Printf("Error closing file: %v\n", err)
				continue
			}

			err = common.DecryptFileFromBytes(cryptoKey, fileBytes, filepath.Join(certPath, filename), nil)
			if err != nil {
				fmt.Printf("Error decrypting file %s: %v\n", filename, err)
				continue
			}
		}
	}

	return nil
}