b/154838259,163711992-Add new options in rotateKey.

Add below options in private and non private rotatekey cli command. -n = nbf time in minutes -p = Path to private key to be used by Apigee Edge -c = Path to certificate to be used by Apigee Edge
apigee-internal · Aug 20, 2020 · 8f6c0a8 · 8f6c0a8
1 parent ce23be1
commit 8f6c0a8
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 17 deletions.
diff --git a/cli/cmd-private.js b/cli/cmd-private.js
@@ -160,6 +160,9 @@ module.exports = function() {
         .option('-s, --secret <secret>', 'secret for authenticating with Edge')
         .option('-i, --kid <kid>', 'new key identifier')
         .option('-r, --rotatekeyuri <rotatekeyuri>', 'Rotate key url')
+        .option('-n, --nbf <nbf>', 'not before time in minutes')
+        .option('-p, --privatekey <privatekey>', 'Path to private key to be used by Apigee Edge')
+        .option('-c, --cert <cert>', 'Path to certificate to be used by Apigee Edge')
         .description('Rotate JWT Keys')
         .action((options) => {
             options.error = optionError(options);
@@ -181,6 +184,16 @@ module.exports = function() {
             if (options.rotatekeyuri && !options.rotatekeyuri.includes('http')) {
                 return options.error('rotatekeyuri requires a prototcol http or https')
             }
+            if (options.nbf && options.nbf !== 'undefined' && isNaN(options.nbf)){
+                return options.error('nbf value should be numeric');
+            }else if(options.nbf && options.nbf !== 'undefined' && options.nbf - Math.floor(options.nbf) !== 0){
+                return options.error('nbf value should be numeric and whole number');
+            }
+            if (options.privatekey || options.cert) {
+                if (!options.privatekey || !options.cert) {
+                    return options.error('privatekey and cert must be passed together');
+                }
+            }
             rotatekey.rotatekey(options);
         });
 

diff --git a/cli/cmd.js b/cli/cmd.js
@@ -540,6 +540,9 @@ const setup = function setup() {
         .option('-s, --secret <secret>', 'secret for authenticating with Edge')
         .option('-i, --kid <kid>', 'new key identifier')
         .option('-r, --rotatekeyuri <rotatekeyuri>', 'rotate key url')
+        .option('-n, --nbf <nbf>', 'not before time in minutes')
+        .option('-p, --privatekey <privatekey>', 'Path to private key to be used by Apigee Edge')
+        .option('-c, --cert <cert>', 'Path to certificate to be used by Apigee Edge')
         .description('Rotate JWT Keys')
         .action((options) => {
             options.error = optionError(options);
@@ -558,6 +561,16 @@ const setup = function setup() {
             if (options.rotatekeyuri && !options.rotatekeyuri.includes('http')) {
                 return options.error('rotatekeyuri requires a prototcol http or https')
             }
+            if (options.nbf && options.nbf !== 'undefined' && isNaN(options.nbf)){
+                return options.error('nbf value should be numeric');
+            }else if(options.nbf && options.nbf !== 'undefined' && options.nbf - Math.floor(options.nbf) !== 0){
+                return options.error('nbf value should be numeric and whole number');
+            }
+            if (options.privatekey || options.cert) {
+                if (!options.privatekey || !options.cert) {
+                    return options.error('privatekey and cert must be passed together');
+                }
+            }
             rotatekey.rotatekey(options);
         });
 

diff --git a/cli/lib/rotate-key.js b/cli/lib/rotate-key.js
@@ -2,6 +2,8 @@
 
 const pem = require("pem");
 const util = require("util");
+const fs = require('fs');
+const path = require('path');
 const debug = require("debug")("jwkrotatekey");
 //const commander = require('commander');
 const request = require("request");
@@ -26,6 +28,18 @@ function generateCredentialsObject(options) {
     };
 }
 
+function extractPublicKey(options, newServiceKey, newCertificate) {
+    writeConsoleLog('log',{component: CONSOLE_LOG_TAG_COMP},"Extract new public key");
+    pem.getPublicKey(newCertificate, function(err, newPublicKey) {
+        if (err) {
+            writeConsoleLog('error',{component: CONSOLE_LOG_TAG_COMP},err);
+            process.exit(1);
+        } else {
+            updateOrInsertEntry(options, newServiceKey, newCertificate, newPublicKey.publicKey);
+        }
+    });
+}
+
 const RotateKey = function () {
 
 }
@@ -35,25 +49,30 @@ return new RotateKey();
 }
 
 RotateKey.prototype.rotatekey = function rotatekey(options) {
-    writeConsoleLog('log',{component: CONSOLE_LOG_TAG_COMP},"Generating New key/cert pair...");
-    createCert(function(err, newkeys) {
-        if (err){
-            writeConsoleLog('error',{component: CONSOLE_LOG_TAG_COMP},err);
+    if (options.privatekey && options.cert) {
+        writeConsoleLog('log',{component: CONSOLE_LOG_TAG_COMP},"Reading key/cert pair...");
+        //reading key and cert from given file paths.
+        try{
+            const newServiceKey = fs.readFileSync(path.resolve(options.privatekey), 'utf8');
+            const newCertificate = fs.readFileSync(path.resolve(options.cert), 'utf8');
+            extractPublicKey(options, newServiceKey, newCertificate);
+        }catch(err){
+            writeConsoleLog('log',{component: CONSOLE_LOG_TAG_COMP},err);
             process.exit(1);
-        } else{
-            const newServiceKey = newkeys.serviceKey;
-            const newCertificate = newkeys.certificate;
-            writeConsoleLog('log',{component: CONSOLE_LOG_TAG_COMP},"Extract new public key");
-            pem.getPublicKey(newCertificate, function(err, newPublicKey) {
-                if (err) {
-                    writeConsoleLog('error',{component: CONSOLE_LOG_TAG_COMP},err);
-                    process.exit(1);
-                } else {
-                    updateOrInsertEntry(options, newServiceKey, newCertificate, newPublicKey.publicKey);
-                }
-            });	
         }
-    });								
+    } else {
+        writeConsoleLog('log',{component: CONSOLE_LOG_TAG_COMP},"Generating New key/cert pair...");
+        createCert(function(err, newkeys) {
+            if (err){
+                writeConsoleLog('error',{component: CONSOLE_LOG_TAG_COMP},err);
+                process.exit(1);
+            } else{
+                const newServiceKey = newkeys.serviceKey;
+                const newCertificate = newkeys.certificate;
+                extractPublicKey(options, newServiceKey, newCertificate);
+            }
+        });
+    }
 }
 
 function updateOrInsertEntry(options, newServiceKey, newCertificate, newPublicKey){
@@ -69,6 +88,11 @@ function updateOrInsertEntry(options, newServiceKey, newCertificate, newPublicKe
         public_key: newCertificate,
         public_key1: newPublicKey
     };
+    if(options.nbf){
+        //converting min to milliseconds.
+        const nbf = options.nbf * 60 * 1000;
+        body.future_keys_nbf = nbf;
+    }
     request({
         uri: rotateKeyUri,
         auth: generateCredentialsObject(options),