blob: 150fee7dd7db38d63544e6e1af13e27752b29f3d [file] [log] [blame]
// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package main
import (
"encoding/base64"
"fmt"
"v.io/v23/context"
"v.io/v23/options"
"v.io/v23/security"
"v.io/v23/services/device"
"v.io/x/lib/cmdline"
"v.io/x/ref/lib/v23cmd"
)
var cmdClaim = &cmdline.Command{
Runner: v23cmd.RunnerFunc(runClaim),
Name: "claim",
Short: "Claim the device.",
Long: "Claim the device.",
ArgsName: "<device> <grant extension> <pairing token> <device publickey>",
ArgsLong: `
<device> is the vanadium object name of the device manager's device service.
<grant extension> is used to extend the default blessing of the
current principal when blessing the app instance.
<pairing token> is a token that the device manager expects to be replayed
during a claim operation on the device.
<device publickey> is the marshalled public key of the device manager we
are claiming.`,
}
func runClaim(ctx *context.T, env *cmdline.Env, args []string) error {
if expected, max, got := 2, 4, len(args); expected > got || got > max {
return env.UsageErrorf("claim: incorrect number of arguments, expected atleast %d (max: %d), got %d", expected, max, got)
}
deviceName, grant := args[0], args[1]
var pairingToken string
if len(args) > 2 {
pairingToken = args[2]
}
var serverAuth security.Authorizer
if len(args) > 3 {
marshalledPublicKey, err := base64.URLEncoding.DecodeString(args[3])
if err != nil {
return fmt.Errorf("Failed to base64 decode publickey: %v", err)
}
if deviceKey, err := security.UnmarshalPublicKey(marshalledPublicKey); err != nil {
return fmt.Errorf("Failed to unmarshal device public key:%v", err)
} else {
serverAuth = security.PublicKeyAuthorizer(deviceKey)
}
} else {
// Skip server endpoint authorization since an unclaimed device might
// have roots that will not be recognized by the claimer.
serverAuth = security.AllowEveryone()
}
if err := device.ClaimableClient(deviceName).Claim(ctx, pairingToken, &granter{extension: grant}, options.ServerAuthorizer{serverAuth}, options.NameResolutionAuthorizer{security.AllowEveryone()}); err != nil {
return err
}
fmt.Fprintln(env.Stdout, "Successfully claimed.")
return nil
}