| 69 | } |
| 70 | |
| 71 | func createAction(ctx *cli.Context) (err error) { |
| 72 | if err := errs.NumberOfArguments(ctx, 3); err != nil { |
| 73 | return err |
| 74 | } |
| 75 | |
| 76 | args := ctx.Args() |
| 77 | |
| 78 | teamID := args.Get(0) |
| 79 | crtFile := args.Get(1) |
| 80 | keyFile := args.Get(2) |
| 81 | |
| 82 | parsedURL, err := url.Parse(ctx.String("api-url")) |
| 83 | if err != nil { |
| 84 | return err |
| 85 | } |
| 86 | parsedURL.Path = path.Join(parsedURL.Path, "api/auth") |
| 87 | apiURL := parsedURL.String() |
| 88 | |
| 89 | clientCert, err := tls.LoadX509KeyPair(crtFile, keyFile) |
| 90 | if err != nil { |
| 91 | return err |
| 92 | } |
| 93 | b := &bytes.Buffer{} |
| 94 | r := &createTokenReq{ |
| 95 | Bundle: clientCert.Certificate, |
| 96 | Audience: ctx.String("audience"), |
| 97 | } |
| 98 | if err := uuid.Validate(teamID); err != nil { |
| 99 | r.TeamSlug = teamID |
| 100 | } else { |
| 101 | r.TeamID = teamID |
| 102 | } |
| 103 | err = json.NewEncoder(b).Encode(r) |
| 104 | if err != nil { |
| 105 | return err |
| 106 | } |
| 107 | |
| 108 | post, err := http.NewRequest("POST", apiURL, b) |
| 109 | if err != nil { |
| 110 | return err |
| 111 | } |
| 112 | post.Header.Set("Content-Type", "application/json") |
| 113 | transport := http.DefaultTransport.(*http.Transport).Clone() |
| 114 | transport.TLSClientConfig = &tls.Config{ |
| 115 | GetClientCertificate: func(*tls.CertificateRequestInfo) (*tls.Certificate, error) { |
| 116 | return &clientCert, nil |
| 117 | }, |
| 118 | MinVersion: tls.VersionTLS12, |
| 119 | } |
| 120 | client := http.Client{ |
| 121 | Transport: transport, |
| 122 | } |
| 123 | resp, err := client.Do(post) // #nosec G704 -- request depends on configuration |
| 124 | if err != nil { |
| 125 | return err |
| 126 | } |
| 127 | defer resp.Body.Close() |
| 128 | |