MCPcopy
hub / github.com/smallstep/cli / rekeyCertificateAction

Function rekeyCertificateAction

command/ca/rekey.go:234–398  ·  view source on GitHub ↗
(ctx *cli.Context)

Source from the content-addressed store, hash-verified

232}
233
234func rekeyCertificateAction(ctx *cli.Context) error {
235 err := errs.NumberOfArguments(ctx, 2)
236 if err != nil {
237 return err
238 }
239
240 args := ctx.Args()
241 certFile := args.Get(0)
242 keyFile := args.Get(1)
243 passFile := ctx.String("password-file")
244 isDaemon := ctx.Bool("daemon")
245 execCmd := ctx.String("exec")
246 givenPrivate := ctx.String("private-key")
247 kmsURI := ctx.String("kms")
248
249 // For now, if the --kms flag is given, do not allow to generate a new key
250 // and write it on disk. We can't use the daemon mode because we
251 // cannot generate new keys.
252 if kmsURI != "" || cryptoutil.IsKMS(keyFile) {
253 switch {
254 case givenPrivate == "":
255 return errs.RequiredWithFlag(ctx, "kms", "private-key")
256 case ctx.IsSet("out-key"):
257 return errs.IncompatibleFlagWithFlag(ctx, "kms", "out-key")
258 case isDaemon:
259 return errs.IncompatibleFlagWithFlag(ctx, "kms", "daemon")
260 }
261 }
262
263 outCert := ctx.String("out-cert")
264 if outCert == "" {
265 outCert = certFile
266 }
267 outKey := ctx.String("out-key")
268 if outKey == "" {
269 outKey = keyFile
270 }
271
272 rootFile := ctx.String("root")
273 if rootFile == "" {
274 rootFile = pki.GetRootCAPath()
275 }
276
277 caURL, err := flags.ParseCaURL(ctx)
278 if err != nil {
279 return err
280 }
281
282 var expiresIn, rekeyPeriod time.Duration
283 if s := ctx.String("expires-in"); s != "" {
284 if expiresIn, err = time.ParseDuration(s); err != nil {
285 return errs.InvalidFlagValue(ctx, "expires-in", s, "")
286 }
287 }
288 if s := ctx.String("rekey-period"); s != "" {
289 if rekeyPeriod, err = time.ParseDuration(s); err != nil {
290 return errs.InvalidFlagValue(ctx, "rekey-period", s, "")
291 }

Callers

nothing calls this directly

Calls 12

IsKMSFunction · 0.92
ParseCaURLFunction · 0.92
GetKeyDetailsFromCLIFunction · 0.92
CreateSignerFunction · 0.92
tlsLoadX509KeyPairFunction · 0.85
newRenewerFunction · 0.85
getAfterRenewFuncFunction · 0.85
nextRenewDurationFunction · 0.85
SetMethod · 0.80
DaemonMethod · 0.80
StringMethod · 0.65
RekeyMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…