src/applications/almanac/management/AlmanacManagementTrustKeyWorkflow.php

   1 <?php
   2
   3 final class AlmanacManagementTrustKeyWorkflow
   4   extends AlmanacManagementWorkflow {
   5
   6   protected function didConstruct() {
   7     $this
   8       ->setName('trust-key')
   9       ->setSynopsis(pht('Mark a public key as trusted.'))
  10       ->setArguments(
  11         array(
  12           array(
  13             'name' => 'id',
  14             'param' => 'id',
  15             'help' => pht('ID of the key to trust.'),
  16           ),
  17         ));
  18   }
  19
  20   public function execute(PhutilArgumentParser $args) {
  21     $console = PhutilConsole::getConsole();
  22
  23     $id = $args->getArg('id');
  24     if (!$id) {
  25       throw new PhutilArgumentUsageException(
  26         pht('Specify a public key to trust with --id.'));
  27     }
  28
  29     $key = id(new PhabricatorAuthSSHKeyQuery())
  30       ->setViewer($this->getViewer())
  31       ->withIDs(array($id))
  32       ->executeOne();
  33     if (!$key) {
  34       throw new PhutilArgumentUsageException(
  35         pht('No public key exists with ID "%s".', $id));
  36     }
  37
  38     if (!$key->getIsActive()) {
  39       throw new PhutilArgumentUsageException(
  40         pht('Public key "%s" is not an active key.', $id));
  41     }
  42
  43     if ($key->getIsTrusted()) {
  44       throw new PhutilArgumentUsageException(
  45         pht('Public key with ID %s is already trusted.', $id));
  46     }
  47
  48     if (!($key->getObject() instanceof AlmanacDevice)) {
  49       throw new PhutilArgumentUsageException(
  50         pht('You can only trust keys associated with Almanac devices.'));
  51     }
  52
  53     $handle = id(new PhabricatorHandleQuery())
  54       ->setViewer($this->getViewer())
  55       ->withPHIDs(array($key->getObject()->getPHID()))
  56       ->executeOne();
  57
  58     $console->writeOut(
  59       "**<bg:red> %s </bg>**\n\n%s\n\n%s\n\n%s",
  60       pht('IMPORTANT!'),
  61       phutil_console_wrap(
  62         pht(
  63           'Trusting a public key gives anyone holding the corresponding '.
  64           'private key complete, unrestricted access to all data. The '.
  65           'private key will be able to sign requests that bypass policy and '.
  66           'security checks.')),
  67       phutil_console_wrap(
  68         pht(
  69           'This is an advanced feature which should normally be used only '.
  70           'when building a cluster. This feature is very dangerous if '.
  71           'misused.')),
  72       pht('This key is associated with device "%s".', $handle->getName()));
  73
  74     $prompt = pht(
  75       'Really trust this key?');
  76     if (!phutil_console_confirm($prompt)) {
  77       throw new PhutilArgumentUsageException(
  78         pht('User aborted workflow.'));
  79     }
  80
  81     $key->setIsTrusted(1);
  82     $key->save();
  83
  84     PhabricatorAuthSSHKeyQuery::deleteSSHKeyCache();
  85
  86     $console->writeOut(
  87       "**<bg:green> %s </bg>** %s\n",
  88       pht('TRUSTED'),
  89       pht('Key %s has been marked as trusted.', $id));
  90   }
  91
  92 }