diff --git a/cmd/root.go b/cmd/root.go index 212ad88..b1274e1 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -2,6 +2,7 @@ package cmd import ( "fmt" + "io/ioutil" "os" "path/filepath" "time" @@ -59,12 +60,6 @@ func init() { rootCmd.PersistentFlags().Uint("mfaRetrys", 3, "How often to retry TOTP Auth, only used in nointeractive modes") rootCmd.PersistentFlags().Duration("mfaDelay", time.Second*10, "Delay between MFA Attempts, only used in noninteractive modes") - rootCmd.PersistentFlags().Bool("tlsSkipVerify", false, "Allow servers with self-signed certificates") - rootCmd.PersistentFlags().String("tlsClientPrivateKeyFile", "", "Client private key path for mtls") - rootCmd.PersistentFlags().String("tlsClientCertFile", "", "Client certificate path for mtls") - rootCmd.PersistentFlags().String("tlsClientPrivateKey", "", "Client private key for mtls") - rootCmd.PersistentFlags().String("tlsClientCert", "", "Client certificate for mtls") - viper.BindPFlag("debug", rootCmd.PersistentFlags().Lookup("debug")) viper.BindPFlag("timeout", rootCmd.PersistentFlags().Lookup("timeout")) viper.BindPFlag("serverAddress", rootCmd.PersistentFlags().Lookup("serverAddress")) @@ -77,22 +72,6 @@ func init() { viper.BindPFlag("mfaTotpOffset", rootCmd.PersistentFlags().Lookup("mfaTotpOffset")) viper.BindPFlag("mfaRetrys", rootCmd.PersistentFlags().Lookup("mfaRetrys")) viper.BindPFlag("mfaDelay", rootCmd.PersistentFlags().Lookup("mfaDelay")) - - viper.BindPFlag("tlsSkipVerify", rootCmd.PersistentFlags().Lookup("tlsSkipVerify")) - viper.BindPFlag("tlsClientCert", rootCmd.PersistentFlags().Lookup("tlsClientCert")) - viper.BindPFlag("tlsClientPrivateKey", rootCmd.PersistentFlags().Lookup("tlsClientPrivateKey")) -} - -func fileToContent(file, contentFlag string) { - if viper.GetBool("debug") { - fmt.Fprintln(os.Stderr, "Loading file:", file) - } - content, err := os.ReadFile(file) - if err != nil { - fmt.Fprintln(os.Stderr, "Error Loading File: ", err) - os.Exit(1) - } - viper.Set(contentFlag, string(content)) } // initConfig reads in config file and ENV variables if set. @@ -128,26 +107,18 @@ func initConfig() { // Read in Private Key from File if userprivatekeyfile is set userprivatekeyfile, err := rootCmd.PersistentFlags().GetString("userPrivateKeyFile") if err == nil && userprivatekeyfile != "" { - fileToContent(userprivatekeyfile, "userPrivateKey") + if viper.GetBool("debug") { + fmt.Fprintln(os.Stderr, "Loading Private Key from File:", userprivatekeyfile) + } + content, err := ioutil.ReadFile(userprivatekeyfile) + if err != nil { + fmt.Fprintln(os.Stderr, "Error Loading Private Key from File: ", err) + os.Exit(1) + } + viper.Set("userprivatekey", string(content)) } else if err != nil && viper.GetBool("debug") { fmt.Fprintln(os.Stderr, "Getting Private Key File Flag:", err) } - - // Read in Client Certificate Private Key from File if tlsClientPrivateKeyFile is set - tlsclientprivatekeyfile, err := rootCmd.PersistentFlags().GetString("tlsClientPrivateKeyFile") - if err == nil && tlsclientprivatekeyfile != "" { - fileToContent(tlsclientprivatekeyfile, "tlsClientPrivateKey") - } else if err != nil && viper.GetBool("debug") { - fmt.Fprintln(os.Stderr, "Getting Client Certificate Private key File Flag:", err) - } - - // Read in Client Certificate from File if tlsClientCertFile is set - tlsclientcertfile, err := rootCmd.PersistentFlags().GetString("tlsClientCertFile") - if err == nil && tlsclientcertfile != "" { - fileToContent(tlsclientcertfile, "tlsClientCert") - } else if err != nil && viper.GetBool("debug") { - fmt.Fprintln(os.Stderr, "Getting Client Certificate File Flag:", err) - } } func SetVersionInfo(version, commit, date string, dirty bool) { diff --git a/cmd/verify.go b/cmd/verify.go index e11d41a..0a12c7e 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -41,11 +41,7 @@ var verifyCMD = &cobra.Command{ fmt.Println() } - httpClient, err := util.GetHttpClient() - if err != nil { - return err - } - client, err := api.NewClient(httpClient, "", serverAddress, userPrivateKey, userPassword) + client, err := api.NewClient(nil, "", serverAddress, userPrivateKey, userPassword) if err != nil { return fmt.Errorf("Creating Client: %w", err) } diff --git a/util/client.go b/util/client.go index 060f985..194e500 100644 --- a/util/client.go +++ b/util/client.go @@ -65,11 +65,7 @@ func GetClient(ctx context.Context) (*api.Client, error) { fmt.Println() } - httpClient, err := GetHttpClient() - if err != nil { - return nil, err - } - client, err := api.NewClient(httpClient, "", serverAddress, userPrivateKey, userPassword) + client, err := api.NewClient(nil, "", serverAddress, userPrivateKey, userPassword) if err != nil { return nil, fmt.Errorf("Creating Client: %w", err) } diff --git a/util/http.go b/util/http.go deleted file mode 100644 index f9943f9..0000000 --- a/util/http.go +++ /dev/null @@ -1,44 +0,0 @@ -package util - -import ( - "crypto/tls" - "fmt" - "net/http" - - "github.com/spf13/viper" -) - -func GetClientCertificate() (tls.Certificate, error) { - cert := viper.GetString("tlsClientCert") - certExists := cert != "" - key := viper.GetString("tlsClientPrivateKey") - keyExists := key != "" - if !certExists && !keyExists { - return tls.Certificate{}, nil - } - if certExists && !keyExists { - return tls.Certificate{}, fmt.Errorf("Client TLS private key is empty, but client TLS cert was set.") - } - if !certExists && keyExists { - return tls.Certificate{}, fmt.Errorf("Client TLS cert is empty, but client TLS private key was set.") - } - return tls.X509KeyPair([]byte(cert), []byte(key)) -} - -func GetHttpClient() (*http.Client, error) { - tlsSkipVerify := viper.GetBool("tlsSkipVerify") - cert, err := GetClientCertificate() - if err != nil { - return nil, err - } - httpClient := http.Client{ - Transport: &http.Transport{ - TLSClientConfig: &tls.Config{ - Certificates: []tls.Certificate{cert}, - InsecureSkipVerify: tlsSkipVerify, - }, - }, - } - - return &httpClient, nil -}