1 package main
2
3 import (
4 "fmt"
5 "os"
6 "time"
7
8 "github.com/flynn/go-docopt"
9 "github.com/theupdateframework/go-tuf"
10 "github.com/theupdateframework/go-tuf/data"
11 )
12
13 func init() {
14 register("add-key", cmdAddKey, `
15 usage: tuf add-key [--scheme=<scheme>] [--expires=<days>] [--public-key=<path>] <role>
16
17 Adds a new signing key for the given role.
18
19 The root metadata file will be staged
20 with the addition of the key's ID to the role's list of key IDs.
21
22 Options:
23 --public-key=<path> The Path to the file containing value of the public key. If absent, will be read from stdin.
24 --expires=<days> Set the metadata file to expire <days> days from now.
25 --scheme=<scheme> Set the key scheme to use [default: ed25519].
26 `)
27 }
28
29 func cmdAddKey(args *docopt.Args, repo *tuf.Repo) error {
30 role := args.String["<role>"]
31 var keyids []string
32
33 var keyScheme data.KeyScheme
34 switch t := args.String["--scheme"]; t {
35 case string(data.KeySchemeEd25519),
36 string(data.KeySchemeECDSA_SHA2_P256),
37 string(data.KeySchemeRSASSA_PSS_SHA256):
38 keyScheme = data.KeyScheme(t)
39 default:
40 fmt.Fprintf(os.Stderr, "tuf: key schema %s not recognised\n", t)
41 return nil
42 }
43 f := args.String["--public-key"]
44 var publicValue string
45 if f != "" {
46 bytes, err := os.ReadFile(f)
47 if err != nil {
48 return err
49 }
50 publicValue = string(bytes)
51 } else {
52 var input string
53 _, err := fmt.Scan(&input)
54 if err != nil {
55 return err
56 }
57 publicValue = input
58 }
59 var err error
60 var expires time.Time
61 if arg := args.String["--expires"]; arg != "" {
62 expires, err = parseExpires(arg)
63 if err != nil {
64 return err
65 }
66 } else {
67 expires = data.DefaultExpires(role)
68 }
69 keyids, err = repo.AddKeyWithSchemeAndExpires(role, expires, keyScheme, publicValue)
70 if err != nil {
71 return err
72 }
73 for _, id := range keyids {
74 fmt.Fprintf(os.Stdout, "Add key with ID %s\n", id)
75 }
76 return nil
77 }
78
View as plain text