ockam_command 0.104.0

End-to-end encryption and mutual authentication for distributed applications.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

use std::path::PathBuf;

use crate::{
    fmt_err, fmt_log, fmt_ok, util::node_rpc, vault::default_vault_name, CommandGlobalOpts,
};
use miette::miette;

use crate::credential::identities;
use clap::Args;
use colorful::Colorful;
use ockam::identity::Identifier;
use ockam::Context;
use tokio::{sync::Mutex, try_join};

use crate::util::parsers::identity_identifier_parser;

use super::validate_encoded_cred;

#[derive(Clone, Debug, Args)]
pub struct VerifyCommand {
    #[arg(long = "issuer", value_name = "IDENTIFIER", value_parser = identity_identifier_parser)]
    pub issuer: Identifier,

    #[arg(group = "credential_value", value_name = "CREDENTIAL_STRING", long)]
    pub credential: Option<String>,

    #[arg(group = "credential_value", value_name = "CREDENTIAL_FILE", long)]
    pub credential_path: Option<PathBuf>,

    /// Name of the Vault that was used to issue the credential
    #[arg(value_name = "VAULT_NAME")]
    pub vault: Option<String>,
}

impl VerifyCommand {
    pub fn run(self, opts: CommandGlobalOpts) {
        node_rpc(run_impl, (opts, self));
    }

    pub fn issuer(&self) -> &Identifier {
        &self.issuer
    }
}

async fn run_impl(
    _ctx: Context,
    (opts, cmd): (CommandGlobalOpts, VerifyCommand),
) -> miette::Result<()> {
    opts.terminal
        .write_line(&fmt_log!("Verifying credential...\n"))?;

    let is_finished: Mutex<bool> = Mutex::new(false);

    let send_req = async {
        let cred_as_str = match (&cmd.credential, &cmd.credential_path) {
            (_, Some(credential_path)) => tokio::fs::read_to_string(credential_path)
                .await?
                .trim()
                .to_string(),
            (Some(credential), _) => credential.clone(),
            _ => {
                *is_finished.lock().await = true;
                return crate::Result::Err(
                    miette!("Credential or Credential Path argument must be provided").into(),
                );
            }
        };

        let vault_name = cmd
            .vault
            .clone()
            .unwrap_or_else(|| default_vault_name(&opts.state));

        let issuer = cmd.issuer();

        let identities = match identities(&vault_name, &opts).await {
            Ok(i) => i,
            Err(_) => {
                *is_finished.lock().await = true;
                return Err(miette!("Invalid state").into());
            }
        };

        let cred = hex::decode(&cred_as_str)?;
        let is_valid = match validate_encoded_cred(&cred, identities, issuer).await {
            Ok(_) => (true, String::new()),
            Err(e) => (false, e.to_string()),
        };

        *is_finished.lock().await = true;
        Ok(is_valid)
    };

    let output_messages = vec![format!("Verifying credential...")];

    let progress_output = opts
        .terminal
        .progress_output(&output_messages, &is_finished);

    let ((is_valid, reason), _) = try_join!(send_req, progress_output)?;
    let plain_text = match is_valid {
        true => fmt_ok!("Credential is valid"),
        false => fmt_err!("Credential is not valid\n") + &fmt_log!("{reason}"),
    };

    opts.terminal
        .stdout()
        .machine(is_valid.to_string())
        .json(serde_json::json!({ "is_valid": is_valid }))
        .plain(plain_text)
        .write_line()?;

    Ok(())
}