(ctx *cli.Context)
| 218 | } |
| 219 | |
| 220 | func certificateAction(ctx *cli.Context) error { |
| 221 | if err := errs.MinMaxNumberOfArguments(ctx, 2, 3); err != nil { |
| 222 | return err |
| 223 | } |
| 224 | |
| 225 | // Allow two arguments with the attestation uri. |
| 226 | if ctx.NArg() == 2 && ctx.String("attestation-uri") == "" { |
| 227 | return errs.TooFewArguments(ctx) |
| 228 | } |
| 229 | |
| 230 | args := ctx.Args() |
| 231 | subject := args.Get(0) |
| 232 | crtFile, keyFile := args.Get(1), args.Get(2) |
| 233 | |
| 234 | tok := ctx.String("token") |
| 235 | offline := ctx.Bool("offline") |
| 236 | sans := ctx.StringSlice("san") |
| 237 | |
| 238 | switch { |
| 239 | case offline && tok != "": |
| 240 | // offline and token are incompatible because the token is generated before |
| 241 | // the start of the offline CA. |
| 242 | return errs.IncompatibleFlagWithFlag(ctx, "offline", "token") |
| 243 | case ctx.String("attestation-uri") != "" && ctx.String("kms") != "": |
| 244 | // attestation-uri and kms are incompatible because the ACME-DA flow |
| 245 | // expects all necessary parameters in the attestation-uri, and having |
| 246 | // both can be confusing. |
| 247 | return errs.IncompatibleFlagWithFlag(ctx, "attestation-uri", "kms") |
| 248 | } |
| 249 | |
| 250 | // certificate flow unifies online and offline flows on a single api |
| 251 | flow, err := cautils.NewCertificateFlow(ctx) |
| 252 | if err != nil { |
| 253 | return err |
| 254 | } |
| 255 | |
| 256 | if tok == "" { |
| 257 | // Use the ACME protocol with a different certificate authority. |
| 258 | if ctx.IsSet("acme") { |
| 259 | return cautils.ACMECreateCertFlow(ctx, "") |
| 260 | } |
| 261 | if tok, err = flow.GenerateToken(ctx, subject, sans); err != nil { |
| 262 | var acmeTokenErr *cautils.ACMETokenError |
| 263 | if errors.As(err, &acmeTokenErr) { |
| 264 | return cautils.ACMECreateCertFlow(ctx, acmeTokenErr.Name) |
| 265 | } |
| 266 | return err |
| 267 | } |
| 268 | } |
| 269 | |
| 270 | req, pk, err := flow.CreateSignRequest(ctx, tok, subject, sans) |
| 271 | if err != nil { |
| 272 | return err |
| 273 | } |
| 274 | |
| 275 | jwt, err := token.ParseInsecure(tok) |
| 276 | if err != nil { |
| 277 | return err |
nothing calls this directly
no test coverage detected
searching dependent graphs…