Cancel Certificate Requests (#1178)

cmd/gdsutil/certs.go

@@ -220,6 +220,65 @@ func reissueCerts(c *cli.Context) (err error) {
 	return nil
 }
 
+func cancelCertificatRequest(c *cli.Context) (err error) {
+	var (
+		vasp    *pb.VASP
+		certreq *models.CertificateRequest
+	)
+
+	reqID := c.String("request")
+	if reqID == "" {
+		return cli.Exit("specify a certificate request ID to cancel", 1)
+	}
+
+	ctx := context.Background()
+	if certreq, err = db.RetrieveCertReq(ctx, reqID); err != nil {
+		return cli.Exit(fmt.Errorf("could not find certificate rqeuest: %w", err), 1)
+	}
+
+	// Check with the user if we should continue with canceling the request
+	fmt.Printf("found certificate request for %s status %s\n", certreq.CommonName, certreq.Status)
+	if !c.Bool("yes") {
+		if !askForConfirmation("cancel this request?") {
+			return cli.Exit(fmt.Errorf("operation halted by user"), 1)
+		}
+	}
+
+	// Delete the certificate request
+	if err = db.DeleteCertReq(ctx, reqID); err != nil {
+		return cli.Exit(fmt.Errorf("could not delete certificate request: %w", err), 1)
+	}
+
+	// Remove the certificate request record from the vasp
+	if vasp, err = db.RetrieveVASP(ctx, certreq.Vasp); err != nil {
+		return cli.Exit(fmt.Errorf("could not retrieve vasp: %w", err), 1)
+	}
+
+	if err = models.DeleteCertReqID(vasp, reqID); err != nil {
+		return cli.Exit(fmt.Errorf("could not update vasp: %w", err), 1)
+	}
+
+	// Change the status of the VASP
+	if !c.Bool("no-status-change") {
+		if vasp.VerificationStatus == pb.VerificationIssuing || vasp.VerificationStatus == pb.VerificationReviewed {
+			fmt.Printf("updating status of %s to %s\n", vasp.CommonName, pb.VerificationPending)
+			if !c.Bool("yes") {
+				if !askForConfirmation("continue?") {
+					return cli.Exit(fmt.Errorf("operation halted by user"), 1)
+				}
+			}
+
+			vasp.VerificationStatus = pb.VerificationPending
+		}
+	}
+
+	if err = db.UpdateVASP(ctx, vasp); err != nil {
+		return cli.Exit(fmt.Errorf("could not update vasp: %w", err), 1)
+	}
+
+	return nil
+}
+
 func resendPassword(c *cli.Context) (err error) {
 	var (
 		vasp           *pb.VASP

cmd/gdsutil/main.go

@@ -299,6 +299,34 @@ func main() {
 				},
 			},
 		},
+		{
+			Name:     "certs:cancel",
+			Usage:    "cancel a certificate request if it hasn't been completed yet",
+			Category: "certs",
+			Action:   cancelCertificatRequest,
+			Before:   connectDB,
+			After:    closeDB,
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "request",
+					Aliases:  []string{"request-id", "r"},
+					Usage:    "the certificate request id to cancel",
+					Required: true,
+				},
+				&cli.BoolFlag{
+					Name:    "yes",
+					Aliases: []string{"y"},
+					Usage:   "skip the confirmation prompt and immediately cancel the certificate request",
+					Value:   false,
+				},
+				&cli.BoolFlag{
+					Name:    "no-status-change",
+					Aliases: []string{"S"},
+					Usage:   "do not change the status of the vasp after canceling the request",
+					Value:   false,
+				},
+			},
+		},
 		{
 			Name:     "certs:password",
 			Usage:    "view or resend the password for the latest certificate request if available",

cmd/gdsutil/vasp.go

@@ -175,17 +175,16 @@ func vaspStatus(c *cli.Context) (err error) {
 
 	certreqs, err := models.GetCertReqIDs(vasp)
 	if err != nil {
-		return cli.Exit(err, 1)
+		return cli.Exit(fmt.Errorf("could not retrieve certificate requests from vasps: %w", err), 1)
 	}
 
 	for i, certreq := range certreqs {
 		ca, err := db.RetrieveCertReq(ctx, certreq)
 		if err != nil {
-			return cli.Exit(err, 1)
+			return cli.Exit(fmt.Errorf("could not retrieve certificate request %s from database: %w", certreq, err), 1)
 		}
 
-		fmt.Printf("Certificate Request %d:\n  Common Name: %s\n  Status: %s\n  SANs: %s\n\n", i+1, ca.CommonName, ca.Status, strings.Join(ca.DnsNames, ", "))
-
+		fmt.Printf("Certificate Request %d:\n  ID: %s\n  Common Name: %s\n  Status: %s\n  SANs: %s\n\n", i+1, ca.Id, ca.CommonName, ca.Status, strings.Join(ca.DnsNames, ", "))
 	}
 	return nil
 }