MCPcopy
hub / github.com/smallstep/cli / certificateAction

Function certificateAction

command/ca/certificate.go:220–307  ·  view source on GitHub ↗
(ctx *cli.Context)

Source from the content-addressed store, hash-verified

218}
219
220func certificateAction(ctx *cli.Context) error {
221 if err := errs.MinMaxNumberOfArguments(ctx, 2, 3); err != nil {
222 return err
223 }
224
225 // Allow two arguments with the attestation uri.
226 if ctx.NArg() == 2 && ctx.String("attestation-uri") == "" {
227 return errs.TooFewArguments(ctx)
228 }
229
230 args := ctx.Args()
231 subject := args.Get(0)
232 crtFile, keyFile := args.Get(1), args.Get(2)
233
234 tok := ctx.String("token")
235 offline := ctx.Bool("offline")
236 sans := ctx.StringSlice("san")
237
238 switch {
239 case offline && tok != "":
240 // offline and token are incompatible because the token is generated before
241 // the start of the offline CA.
242 return errs.IncompatibleFlagWithFlag(ctx, "offline", "token")
243 case ctx.String("attestation-uri") != "" && ctx.String("kms") != "":
244 // attestation-uri and kms are incompatible because the ACME-DA flow
245 // expects all necessary parameters in the attestation-uri, and having
246 // both can be confusing.
247 return errs.IncompatibleFlagWithFlag(ctx, "attestation-uri", "kms")
248 }
249
250 // certificate flow unifies online and offline flows on a single api
251 flow, err := cautils.NewCertificateFlow(ctx)
252 if err != nil {
253 return err
254 }
255
256 if tok == "" {
257 // Use the ACME protocol with a different certificate authority.
258 if ctx.IsSet("acme") {
259 return cautils.ACMECreateCertFlow(ctx, "")
260 }
261 if tok, err = flow.GenerateToken(ctx, subject, sans); err != nil {
262 var acmeTokenErr *cautils.ACMETokenError
263 if errors.As(err, &acmeTokenErr) {
264 return cautils.ACMECreateCertFlow(ctx, acmeTokenErr.Name)
265 }
266 return err
267 }
268 }
269
270 req, pk, err := flow.CreateSignRequest(ctx, tok, subject, sans)
271 if err != nil {
272 return err
273 }
274
275 jwt, err := token.ParseInsecure(tok)
276 if err != nil {
277 return err

Callers

nothing calls this directly

Calls 8

GenerateTokenMethod · 0.95
CreateSignRequestMethod · 0.95
SignMethod · 0.95
NewCertificateFlowFunction · 0.92
ACMECreateCertFlowFunction · 0.92
ParseInsecureFunction · 0.92
TypeMethod · 0.80
StringMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…