diff --git a/cli/cmd-private.js b/cli/cmd-private.js index 6bf46f083..91f76b6a4 100644 --- a/cli/cmd-private.js +++ b/cli/cmd-private.js @@ -160,6 +160,9 @@ module.exports = function() { .option('-s, --secret ', 'secret for authenticating with Edge') .option('-i, --kid ', 'new key identifier') .option('-r, --rotatekeyuri ', 'Rotate key url') + .option('-n, --nbf ', 'not before time in minutes') + .option('-p, --privatekey ', 'Path to private key to be used by Apigee Edge') + .option('-c, --cert ', 'Path to certificate to be used by Apigee Edge') .description('Rotate JWT Keys') .action((options) => { options.error = optionError(options); @@ -181,6 +184,16 @@ module.exports = function() { if (options.rotatekeyuri && !options.rotatekeyuri.includes('http')) { return options.error('rotatekeyuri requires a prototcol http or https') } + if (options.nbf && options.nbf !== 'undefined' && isNaN(options.nbf)){ + return options.error('nbf value should be numeric'); + }else if(options.nbf && options.nbf !== 'undefined' && options.nbf - Math.floor(options.nbf) !== 0){ + return options.error('nbf value should be numeric and whole number'); + } + if (options.privatekey || options.cert) { + if (!options.privatekey || !options.cert) { + return options.error('privatekey and cert must be passed together'); + } + } rotatekey.rotatekey(options); }); diff --git a/cli/cmd.js b/cli/cmd.js index 8b4e07d75..605e1cd13 100644 --- a/cli/cmd.js +++ b/cli/cmd.js @@ -540,6 +540,9 @@ const setup = function setup() { .option('-s, --secret ', 'secret for authenticating with Edge') .option('-i, --kid ', 'new key identifier') .option('-r, --rotatekeyuri ', 'rotate key url') + .option('-n, --nbf ', 'not before time in minutes') + .option('-p, --privatekey ', 'Path to private key to be used by Apigee Edge') + .option('-c, --cert ', 'Path to certificate to be used by Apigee Edge') .description('Rotate JWT Keys') .action((options) => { options.error = optionError(options); @@ -558,6 +561,16 @@ const setup = function setup() { if (options.rotatekeyuri && !options.rotatekeyuri.includes('http')) { return options.error('rotatekeyuri requires a prototcol http or https') } + if (options.nbf && options.nbf !== 'undefined' && isNaN(options.nbf)){ + return options.error('nbf value should be numeric'); + }else if(options.nbf && options.nbf !== 'undefined' && options.nbf - Math.floor(options.nbf) !== 0){ + return options.error('nbf value should be numeric and whole number'); + } + if (options.privatekey || options.cert) { + if (!options.privatekey || !options.cert) { + return options.error('privatekey and cert must be passed together'); + } + } rotatekey.rotatekey(options); }); diff --git a/cli/lib/rotate-key.js b/cli/lib/rotate-key.js index 3f2ff24ec..47e7670b5 100644 --- a/cli/lib/rotate-key.js +++ b/cli/lib/rotate-key.js @@ -2,6 +2,8 @@ const pem = require("pem"); const util = require("util"); +const fs = require('fs'); +const path = require('path'); const debug = require("debug")("jwkrotatekey"); //const commander = require('commander'); const request = require("request"); @@ -26,6 +28,18 @@ function generateCredentialsObject(options) { }; } +function extractPublicKey(options, newServiceKey, newCertificate) { + writeConsoleLog('log',{component: CONSOLE_LOG_TAG_COMP},"Extract new public key"); + pem.getPublicKey(newCertificate, function(err, newPublicKey) { + if (err) { + writeConsoleLog('error',{component: CONSOLE_LOG_TAG_COMP},err); + process.exit(1); + } else { + updateOrInsertEntry(options, newServiceKey, newCertificate, newPublicKey.publicKey); + } + }); +} + const RotateKey = function () { } @@ -35,25 +49,30 @@ return new RotateKey(); } RotateKey.prototype.rotatekey = function rotatekey(options) { - writeConsoleLog('log',{component: CONSOLE_LOG_TAG_COMP},"Generating New key/cert pair..."); - createCert(function(err, newkeys) { - if (err){ - writeConsoleLog('error',{component: CONSOLE_LOG_TAG_COMP},err); + if (options.privatekey && options.cert) { + writeConsoleLog('log',{component: CONSOLE_LOG_TAG_COMP},"Reading key/cert pair..."); + //reading key and cert from given file paths. + try{ + const newServiceKey = fs.readFileSync(path.resolve(options.privatekey), 'utf8'); + const newCertificate = fs.readFileSync(path.resolve(options.cert), 'utf8'); + extractPublicKey(options, newServiceKey, newCertificate); + }catch(err){ + writeConsoleLog('log',{component: CONSOLE_LOG_TAG_COMP},err); process.exit(1); - } else{ - const newServiceKey = newkeys.serviceKey; - const newCertificate = newkeys.certificate; - writeConsoleLog('log',{component: CONSOLE_LOG_TAG_COMP},"Extract new public key"); - pem.getPublicKey(newCertificate, function(err, newPublicKey) { - if (err) { - writeConsoleLog('error',{component: CONSOLE_LOG_TAG_COMP},err); - process.exit(1); - } else { - updateOrInsertEntry(options, newServiceKey, newCertificate, newPublicKey.publicKey); - } - }); } - }); + } else { + writeConsoleLog('log',{component: CONSOLE_LOG_TAG_COMP},"Generating New key/cert pair..."); + createCert(function(err, newkeys) { + if (err){ + writeConsoleLog('error',{component: CONSOLE_LOG_TAG_COMP},err); + process.exit(1); + } else{ + const newServiceKey = newkeys.serviceKey; + const newCertificate = newkeys.certificate; + extractPublicKey(options, newServiceKey, newCertificate); + } + }); + } } function updateOrInsertEntry(options, newServiceKey, newCertificate, newPublicKey){ @@ -69,6 +88,11 @@ function updateOrInsertEntry(options, newServiceKey, newCertificate, newPublicKe public_key: newCertificate, public_key1: newPublicKey }; + if(options.nbf){ + //converting min to milliseconds. + const nbf = options.nbf * 60 * 1000; + body.future_keys_nbf = nbf; + } request({ uri: rotateKeyUri, auth: generateCredentialsObject(options),