MCPcopy
hub / github.com/smallstep/cli / parseOrCreateKey

Function parseOrCreateKey

command/certificate/create.go:773–836  ·  view source on GitHub ↗
(ctx *cli.Context)

Source from the content-addressed store, hash-verified

771}
772
773func parseOrCreateKey(ctx *cli.Context) (crypto.PublicKey, crypto.Signer, error) {
774 var (
775 kms = ctx.String("kms")
776 keyFile = ctx.String("key")
777 )
778
779 // Validate key parameters and generate key pair
780 if keyFile == "" {
781 insecureMode := ctx.Bool("insecure")
782 kty, crv, size, err := utils.GetKeyDetailsFromCLI(ctx, insecureMode, "kty", "curve", "size")
783 if err != nil {
784 return nil, nil, err
785 }
786 if insecureMode { // put keyutil in insecure mode, allowing RSA keys shorter than 2048 bits
787 undoInsecure := keyutil.Insecure()
788 defer undoInsecure()
789 }
790 pub, priv, err := keyutil.GenerateKeyPair(kty, crv, size)
791 if err != nil {
792 return nil, nil, err
793 }
794 signer, ok := priv.(crypto.Signer)
795 if !ok {
796 return nil, nil, errors.Errorf("private key of type %T is not a crypto.Signer", priv)
797 }
798 return pub, signer, nil
799 }
800
801 // Validate incompatible flags and read a key file
802 switch {
803 case ctx.IsSet("kty"):
804 return nil, nil, errs.IncompatibleFlag(ctx, "key", "kty")
805 case ctx.IsSet("crv"):
806 return nil, nil, errs.IncompatibleFlag(ctx, "key", "crv")
807 case ctx.IsSet("size"):
808 return nil, nil, errs.IncompatibleFlag(ctx, "key", "size")
809 }
810
811 opts := []pemutil.Options{}
812 passFile := ctx.String("password-file")
813 if passFile != "" {
814 opts = append(opts, pemutil.WithPasswordFile(passFile))
815 }
816
817 var pub crypto.PublicKey
818 var signer crypto.Signer
819
820 signer, err := cryptoutil.CreateSigner(kms, keyFile, opts...)
821 if err != nil {
822 // TODO: check sentinel error; if it's not a signer, it could be a public key instead
823 pub, err = cryptoutil.PublicKey(kms, keyFile, opts...)
824 if err != nil {
825 return nil, nil, err
826 }
827 } else {
828 pub = signer.Public()
829 // Make sure we can sign X509 certificates with it.
830 if !cryptoutil.IsX509Signer(signer) {

Callers 1

createActionFunction · 0.85

Calls 6

GetKeyDetailsFromCLIFunction · 0.92
CreateSignerFunction · 0.92
PublicKeyFunction · 0.92
IsX509SignerFunction · 0.92
StringMethod · 0.65
PublicMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…