func()

in cmd/stet/main.go [332:428]

• 76 lines of code
• 16 McCabe index (conditional complexity)

func (d *decryptCmd) Execute(ctx context.Context, f *flag.FlagSet, _ ...any) subcommands.ExitStatus {
	yamlBytes, err := os.ReadFile(d.configFile)
	if err != nil {
		glog.Errorf("Failed to read config file: %v", err.Error())
		return subcommands.ExitFailure
	}

	jsonBytes, err := yaml.YAMLToJSON(yamlBytes)
	if err != nil {
		glog.Errorf("Failed to convert config YAML to JSON: %v", err.Error())
		return subcommands.ExitFailure
	}

	stetConfig := &configpb.StetConfig{}
	if err := protojson.Unmarshal(jsonBytes, stetConfig); err != nil {
		glog.Errorf("Failed to unmarshal StetConfig: %v", err.Error())
		return subcommands.ExitFailure
	}

	if stetConfig.GetDecryptConfig() == nil {
		glog.Errorf("No DecryptConfig stanza found in config file")
		return subcommands.ExitFailure
	}

	if f.NArg() < 2 {
		glog.Errorf("Not enough arguments (expected encrypted file and plaintext file)")
		return subcommands.ExitFailure
	}

	var inFile io.Reader

	if f.Arg(0) == "-" {
		// Read input from stdin.
		inFile = os.Stdin
	} else {
		inFile, err = os.Open(f.Arg(0))
		if err != nil {
			glog.Errorf("Failed to open ciphertext file: %v", err.Error())
			return subcommands.ExitFailure
		}
	}

	var outFile *os.File
	var logFile *os.File

	outputArg := f.Arg(1)
	if outputArg == "-" {
		// If output goes to stdout, use stderr for logging.
		outFile = os.Stdout
		logFile = os.Stderr
	} else {
		outFile, err = setupOutputFile(outputArg)
		if err != nil {
			glog.Errorf("Failed to setup output %v: %v", outputArg, err.Error())
			return subcommands.ExitFailure
		}
		defer os.Remove(outFile.Name())

		logFile = os.Stdout
	}

	// Initialize StetClient and decrypt plaintext.
	c := client.StetClient{
		InsecureSkipVerify: d.insecureSkipVerify,
		Version:            version,
	}

	md, err := c.Decrypt(ctx, inFile, outFile, stetConfig)
	if err != nil {
		glog.Errorf("Failed to decrypt ciphertext: %v", err.Error())
		return subcommands.ExitFailure
	}

	// If writing to a file (not stdout), there is an extra step.
	if outputArg != "-" {
		if err := finalizeOutputFile(outputArg, outFile); err != nil {
			glog.Errorf("Failed to write to output file: %v", err.Error())
			return subcommands.ExitFailure
		}
	}

	if !d.quiet {
		if outputArg == "-" {
			outputArg = os.Stdout.Name()
		}

		logFile.WriteString(fmt.Sprintln("Wrote plaintext to", outputArg))

		// Debug information to guard against authorship attacks.
		logFile.WriteString(fmt.Sprintln("Blob ID of decrypted data:", md.BlobID))
		if len(md.KeyUris) > 0 {
			logFile.WriteString(fmt.Sprintln("Used these key URIs:", md.KeyUris))
		}
	}

	return subcommands.ExitSuccess
}