(ctx *cli.Context)
| 280 | } |
| 281 | |
| 282 | func tokenAction(ctx *cli.Context) error { |
| 283 | if err := errs.NumberOfArguments(ctx, 1); err != nil { |
| 284 | return err |
| 285 | } |
| 286 | |
| 287 | subject := ctx.Args().Get(0) |
| 288 | outputFile := ctx.String("output-file") |
| 289 | offline := ctx.Bool("offline") |
| 290 | // x.509 flags |
| 291 | sans := ctx.StringSlice("san") |
| 292 | isRevoke := ctx.Bool("revoke") |
| 293 | isRenew := ctx.Bool("renew") |
| 294 | isRekey := ctx.Bool("rekey") |
| 295 | // ssh flags |
| 296 | isSSH := ctx.Bool("ssh") |
| 297 | isHost := ctx.Bool("host") |
| 298 | principals := ctx.StringSlice("principal") |
| 299 | // confirmation claims |
| 300 | cnfFile := ctx.String("cnf-file") |
| 301 | cnf := ctx.String("cnf") |
| 302 | |
| 303 | switch { |
| 304 | case isSSH && len(sans) > 0: |
| 305 | return errs.IncompatibleFlagWithFlag(ctx, "ssh", "san") |
| 306 | case isHost && len(sans) > 0: |
| 307 | return errs.IncompatibleFlagWithFlag(ctx, "host", "san") |
| 308 | case len(principals) > 0 && len(sans) > 0: |
| 309 | return errs.IncompatibleFlagWithFlag(ctx, "principal", "san") |
| 310 | case !isSSH && isHost: |
| 311 | return errs.RequiredWithFlag(ctx, "host", "ssh") |
| 312 | case !isSSH && len(principals) > 0: |
| 313 | return errs.RequiredWithFlag(ctx, "principal", "ssh") |
| 314 | case cnfFile != "" && cnf != "": |
| 315 | return errs.IncompatibleFlagWithFlag(ctx, "cnf-file", "cnf") |
| 316 | } |
| 317 | |
| 318 | // Default token type is always a 'Sign' token. |
| 319 | var typ int |
| 320 | if isSSH { |
| 321 | switch { |
| 322 | case isRevoke: |
| 323 | typ = cautils.SSHRevokeType |
| 324 | case isRenew: |
| 325 | typ = cautils.SSHRenewType |
| 326 | case isRekey: |
| 327 | typ = cautils.SSHRekeyType |
| 328 | case isHost: |
| 329 | typ = cautils.SSHHostSignType |
| 330 | sans = principals |
| 331 | default: |
| 332 | typ = cautils.SSHUserSignType |
| 333 | sans = principals |
| 334 | } |
| 335 | } else { |
| 336 | switch { |
| 337 | case isRevoke: |
| 338 | typ = cautils.RevokeType |
| 339 | case isRenew: |
nothing calls this directly
no test coverage detected
searching dependent graphs…