(ctx *cli.Context)
| 232 | } |
| 233 | |
| 234 | func rekeyCertificateAction(ctx *cli.Context) error { |
| 235 | err := errs.NumberOfArguments(ctx, 2) |
| 236 | if err != nil { |
| 237 | return err |
| 238 | } |
| 239 | |
| 240 | args := ctx.Args() |
| 241 | certFile := args.Get(0) |
| 242 | keyFile := args.Get(1) |
| 243 | passFile := ctx.String("password-file") |
| 244 | isDaemon := ctx.Bool("daemon") |
| 245 | execCmd := ctx.String("exec") |
| 246 | givenPrivate := ctx.String("private-key") |
| 247 | kmsURI := ctx.String("kms") |
| 248 | |
| 249 | // For now, if the --kms flag is given, do not allow to generate a new key |
| 250 | // and write it on disk. We can't use the daemon mode because we |
| 251 | // cannot generate new keys. |
| 252 | if kmsURI != "" || cryptoutil.IsKMS(keyFile) { |
| 253 | switch { |
| 254 | case givenPrivate == "": |
| 255 | return errs.RequiredWithFlag(ctx, "kms", "private-key") |
| 256 | case ctx.IsSet("out-key"): |
| 257 | return errs.IncompatibleFlagWithFlag(ctx, "kms", "out-key") |
| 258 | case isDaemon: |
| 259 | return errs.IncompatibleFlagWithFlag(ctx, "kms", "daemon") |
| 260 | } |
| 261 | } |
| 262 | |
| 263 | outCert := ctx.String("out-cert") |
| 264 | if outCert == "" { |
| 265 | outCert = certFile |
| 266 | } |
| 267 | outKey := ctx.String("out-key") |
| 268 | if outKey == "" { |
| 269 | outKey = keyFile |
| 270 | } |
| 271 | |
| 272 | rootFile := ctx.String("root") |
| 273 | if rootFile == "" { |
| 274 | rootFile = pki.GetRootCAPath() |
| 275 | } |
| 276 | |
| 277 | caURL, err := flags.ParseCaURL(ctx) |
| 278 | if err != nil { |
| 279 | return err |
| 280 | } |
| 281 | |
| 282 | var expiresIn, rekeyPeriod time.Duration |
| 283 | if s := ctx.String("expires-in"); s != "" { |
| 284 | if expiresIn, err = time.ParseDuration(s); err != nil { |
| 285 | return errs.InvalidFlagValue(ctx, "expires-in", s, "") |
| 286 | } |
| 287 | } |
| 288 | if s := ctx.String("rekey-period"); s != "" { |
| 289 | if rekeyPeriod, err = time.ParseDuration(s); err != nil { |
| 290 | return errs.InvalidFlagValue(ctx, "rekey-period", s, "") |
| 291 | } |
nothing calls this directly
no test coverage detected
searching dependent graphs…