fixes for trust manager

Author: RichardAnderson

cmd/root.go

@@ -54,6 +54,7 @@ func init() {
 
 	webCmd.AddCommand(web.BuildInstallCommand())
 	webCmd.AddCommand(web.BuildUninstallCommand())
+	webCmd.AddCommand(web.BuildTrustCommand())
 
 	rootCmd.AddCommand(webCmd)
 

cmd/web/trust.go

@@ -0,0 +1,50 @@
+package web
+
+import (
+	"path/filepath"
+
+	"github.com/fatih/color"
+	"github.com/lumosolutions/yerd/internal/config"
+	"github.com/lumosolutions/yerd/internal/constants"
+	"github.com/lumosolutions/yerd/internal/manager"
+	"github.com/lumosolutions/yerd/internal/utils"
+	"github.com/lumosolutions/yerd/internal/version"
+	"github.com/spf13/cobra"
+)
+
+func BuildTrustCommand() *cobra.Command {
+	return &cobra.Command{
+		Use:   "trust",
+		Short: "Attempts to refresh the YERD CA for Chrome",
+		Run: func(cmd *cobra.Command, args []string) {
+			version.PrintSplash()
+			red := color.New(color.FgRed)
+			green := color.New(color.FgGreen)
+
+			if !utils.CheckAndPromptForSudo() {
+				return
+			}
+
+			webConfig := config.GetWebConfig()
+
+			if !webConfig.Installed {
+				red.Println("YERD web components are not installed")
+				return
+			}
+
+			cm := manager.NewCertificateManager()
+
+			caPath := filepath.Join(constants.CertsDir, "ca")
+			caFile := "yerd.crt"
+
+			cm.ChromeUntrust()
+			if err := cm.ChromeTrust(caPath, caFile); err != nil {
+				red.Println("Unable to trust CA cert with chrome due to the following error:")
+				red.Println(err)
+				return
+			}
+
+			green.Println("Chrome Trust Updated")
+		},
+	}
+}

cmd/web/uninstall.go

@@ -2,6 +2,7 @@ package web
 
 import (
 	"github.com/fatih/color"
+	"github.com/lumosolutions/yerd/internal/config"
 	"github.com/lumosolutions/yerd/internal/installers/nginx"
 	"github.com/lumosolutions/yerd/internal/utils"
 	"github.com/lumosolutions/yerd/internal/version"
@@ -14,9 +15,7 @@ func BuildUninstallCommand() *cobra.Command {
 		Short: "Uninstalls the web components required for local development",
 		Run: func(cmd *cobra.Command, args []string) {
 			version.PrintSplash()
-			//green := color.New(color.FgGreen)
-			//yellow := color.New(color.FgYellow)
-			//blue := color.New(color.FgBlue)
+			green := color.New(color.FgGreen)
 			red := color.New(color.FgRed)
 
 			if !utils.CheckAndPromptForSudo() {
@@ -29,6 +28,14 @@ func BuildUninstallCommand() *cobra.Command {
 			}
 
 			installer.Uninstall()
+
+			newConfig := &config.WebConfig{
+				Installed: false,
+			}
+
+			config.SetStruct("web", newConfig)
+
+			green.Println("Successfully uninstalled web components")
 		},
 	}
 }

internal/config/web.go

@@ -11,3 +11,16 @@ type SiteConfig struct {
 	Domain          string `json:"domain"`
 	PhpVersion      string `json:"php_version"`
 }
+
+func GetWebConfig() *WebConfig {
+	var webConfig *WebConfig
+	err := GetStruct("web", &webConfig)
+	if err != nil || webConfig == nil {
+		webConfig = &WebConfig{
+			Installed: false,
+			Sites:     make(map[string]SiteConfig),
+		}
+	}
+
+	return webConfig
+}

internal/installers/nginx/installer.go

@@ -42,11 +42,7 @@ func NewNginxInstaller(update, forceConfig bool) (*NginxInstaller, error) {
 func (installer *NginxInstaller) Uninstall() error {
 	installer.Spinner.UpdatePhrase("Uninstalling Web Components...")
 
-	var webConfig *config.WebConfig
-	err := config.GetStruct("web", &webConfig)
-	if err != nil || webConfig == nil {
-		webConfig = &config.WebConfig{}
-	}
+	webConfig := config.GetWebConfig()
 
 	if webConfig.Sites != nil {
 		for _, site := range webConfig.Sites {
@@ -58,32 +54,27 @@ func (installer *NginxInstaller) Uninstall() error {
 	utils.SystemdStopService("yerd-nginx")
 	utils.SystemdDisable("yerd-nginx")
 
-	params := []string{"-D", "-n", "YERD CA", "-d", "sql:$HOME/.pki/nssdb"}
-	utils.ExecuteCommand("certutil", params...)
-
 	utils.RemoveFolder(constants.YerdWebDir)
 	utils.RemoveFile(filepath.Join(constants.SystemdDir, "yerd-nginx.service"))
 
 	utils.SystemdReload()
 
+	dm, _ := manager.NewDependencyManager()
+	dm.RemoveTrust()
+
 	return nil
 }
 
 func (installer *NginxInstaller) Install() error {
 	installer.Spinner.Start()
-
-	var webConfig *config.WebConfig
-	err := config.GetStruct("web", &webConfig)
-	if err != nil || webConfig == nil {
-		webConfig = &config.WebConfig{Installed: false}
-	}
+	webConfig := config.GetWebConfig()
 
 	if webConfig.Installed {
 		installer.Spinner.StopWithError("Web Components are already installed")
 		return fmt.Errorf("already installed")
 	}
 
-	err = utils.RunAll(
+	err := utils.RunAll(
 		func() error { return installer.installDependencies() },
 		func() error { return installer.prepareInstall() },
 		func() error { return installer.downloadSource() },
@@ -287,25 +278,15 @@ func (installer *NginxInstaller) addSystemdService() error {
 func (installer *NginxInstaller) writeConfig() error {
 	installer.Spinner.UpdatePhrase("Writing YERD Configuration")
 
-	var existing *config.WebConfig
-	err := config.GetStruct("web", &existing)
-	if err != nil || existing == nil {
-		newConfig := config.WebConfig{
-			Installed: true,
-		}
+	webConfig := config.GetWebConfig()
 
-		config.SetStruct("web", newConfig)
-		installer.Spinner.AddSuccessStatus("YERD Configuration Created")
-		return nil
-	}
-
-	if existing.Installed {
+	if webConfig.Installed {
 		installer.Spinner.AddInfoStatus("- YERD configuration does not need updating")
 		return nil
 	}
 
-	existing.Installed = true
-	config.SetStruct("web", existing)
+	webConfig.Installed = true
+	config.SetStruct("web", webConfig)
 
 	hostManager := utils.NewHostsManager()
 	hostManager.Install()

internal/manager/certificate.go

@@ -37,8 +37,20 @@ func (certManager *CertificateManager) GenerateCaCertificate(name string) error
 	depMan, _ := NewDependencyManager()
 	depMan.TrustCertificate(filepath.Join(caPath, certName), name)
 
-	params = []string{"-A", "-n", "YERD CA", "-t", "TCu,Cu,Tu", "-i", filepath.Join(caPath, certName), "-d", "sql:$HOME/.pki/nssdb"}
-	utils.ExecuteCommand("certutil", params...)
+	certManager.ChromeTrust(caPath, certName)
+
+	return nil
+}
+
+func (certManager *CertificateManager) ChromeTrust(caPath, certName string) error {
+	userCtx, _ := utils.GetRealUser()
+
+	params := []string{"-A", "-n", "YERD CA", "-t", "TCu,Cu,Tu", "-i", filepath.Join(caPath, certName), "-d", fmt.Sprintf("sql:%s/.pki/nssdb", userCtx.HomeDir)}
+
+	if _, success := utils.ExecuteCommandAsUser("certutil", params...); !success {
+		utils.LogInfo("cacert", "cert command failed")
+		return fmt.Errorf("failed to trust certificate")
+	}
 
 	return nil
 }
@@ -121,3 +133,10 @@ func (certManager *CertificateManager) generateSiteCertificate(certPath, domain,
 
 	return true
 }
+
+func (certManager *CertificateManager) ChromeUntrust() {
+	userCtx, _ := utils.GetRealUser()
+
+	params := []string{"-D", "-n", "YERD CA", "-d", fmt.Sprintf("sql:%s/.pki/nssdb", userCtx.HomeDir)}
+	utils.ExecuteCommandAsUser("certutil", params...)
+}

internal/manager/manager.go

@@ -47,8 +47,7 @@ func NewDependencyManager() (*DependencyManager, error) {
 	}, nil
 }
 
-func (dm *DependencyManager) TrustCertificate(certificate, name string) error {
-	// Map distros to their certificate paths
+func (d *DependencyManager) getCertPath(distro string) (string, error) {
 	certPaths := map[string]string{
 		"ubuntu":              "/usr/local/share/ca-certificates",
 		"debian":              "/usr/local/share/ca-certificates",
@@ -66,16 +65,33 @@ func (dm *DependencyManager) TrustCertificate(certificate, name string) error {
 		"sles":                "/etc/pki/trust/anchors",
 	}
 
-	certPath, ok := certPaths[dm.distro]
+	certPath, ok := certPaths[distro]
 	if !ok {
-		return fmt.Errorf("distro '%s' not supported yet", dm.distro)
+		return "", fmt.Errorf("distro '%s' not supported yet", distro)
+	}
+
+	return certPath, nil
+}
+
+func (dm *DependencyManager) TrustCertificate(certificate, name string) error {
+	certPath, err := dm.getCertPath(dm.distro)
+	if err != nil {
+		return err
 	}
 
 	destFile := fmt.Sprintf("%s/%s-ca.crt", certPath, name)
 	if _, success := utils.ExecuteCommand("cp", certificate, destFile); !success {
 		return fmt.Errorf("failed to copy certificate for %s", dm.distro)
 	}
 
+	if err := dm.execTrustUpdate(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (dm *DependencyManager) execTrustUpdate() error {
 	switch dm.distro {
 	case "arch", "manjaro":
 		if _, success := utils.ExecuteCommand("trust", "extract-compat"); !success {
@@ -96,6 +112,17 @@ func (dm *DependencyManager) TrustCertificate(certificate, name string) error {
 	return nil
 }
 
+func (dm *DependencyManager) RemoveTrust() error {
+	certPath, err := dm.getCertPath(dm.distro)
+	if err != nil {
+		return err
+	}
+
+	destFile := fmt.Sprintf("%s/%s-ca.crt", certPath, "yerd")
+	utils.RemoveFile(destFile)
+	return dm.execTrustUpdate()
+}
+
 // detectDistribution identifies the Linux distribution using multiple detection methods.
 // Returns distribution name or error if detection fails.
 func detectDistribution() (string, error) {

internal/manager/site.go

@@ -26,10 +26,7 @@ func NewSiteManager() (*SiteManager, error) {
 	s := utils.NewSpinner("Managing Sites...")
 	s.SetDelay(150)
 
-	var webConfig *config.WebConfig
-	if err := config.GetStruct("web", &webConfig); err != nil {
-		webConfig = &config.WebConfig{}
-	}
+	webConfig := config.GetWebConfig()
 
 	if !webConfig.Installed {
 		return nil, fmt.Errorf("web not installed")

internal/version/version.go

@@ -6,7 +6,7 @@ import (
 	"github.com/fatih/color"
 )
 
-const Version = "1.1.5"
+const Version = "1.1.6"
 const Branch = "main"
 const Repo = "LumoSolutions/yerd"