MCPcopy
hub / github.com/smallstep/cli / parseSigner

Function parseSigner

command/certificate/create.go:841–909  ·  view source on GitHub ↗

parseSigner returns the parent certificate and key for leaf and intermediate certificates. When a template is used, it will return the key only if the flags --ca and --ca-key are passed.

(ctx *cli.Context, defaultSigner crypto.Signer)

Source from the content-addressed store, hash-verified

839// certificates. When a template is used, it will return the key only if the
840// flags --ca and --ca-key are passed.
841func parseSigner(ctx *cli.Context, defaultSigner crypto.Signer) (*x509.Certificate, crypto.Signer, error) {
842 var (
843 caCert = ctx.String("ca")
844 caKey = ctx.String("ca-key")
845 caKMS = ctx.String("ca-kms")
846 profile = ctx.String("profile")
847 template = ctx.String("template")
848 )
849
850 // Check required flags when profile is used.
851 if template == "" {
852 switch profile {
853 case profileLeaf, profileIntermediateCA:
854 if caCert == "" {
855 return nil, nil, errs.RequiredWithFlagValue(ctx, "profile", profile, "ca")
856 }
857 if caKey == "" {
858 return nil, nil, errs.RequiredWithFlagValue(ctx, "profile", profile, "ca-key")
859 }
860 case profileRootCA, profileSelfSigned:
861 if caCert != "" {
862 return nil, nil, errs.IncompatibleFlagValue(ctx, "ca", "profile", profile)
863 }
864 if caKey != "" {
865 return nil, nil, errs.IncompatibleFlagValue(ctx, "ca-key", "profile", profile)
866 }
867 default:
868 return nil, nil, errs.InvalidFlagValue(ctx, "profile", profile, "leaf, intermediate-ca, root-ca, self-signed")
869 }
870 }
871
872 // Root, self-signed, or template with no parent.
873 if caCert == "" && caKey == "" {
874 return nil, defaultSigner, nil
875 }
876
877 // Leaf, intermediate or template with
878 switch {
879 case caCert != "" && caKey == "":
880 return nil, nil, errs.RequiredWithFlag(ctx, "ca", "ca-key")
881 case caCert == "" && caKey != "":
882 return nil, nil, errs.RequiredWithFlag(ctx, "ca-key", "ca")
883 }
884
885 // Parse --ca as a certificate.
886 cert, err := pemutil.ReadCertificate(caCert)
887 if err != nil {
888 return nil, nil, err
889 }
890
891 // Parse --ca-key as a crypto.Signer.
892 passFile := ctx.String("ca-password-file")
893 opts := []pemutil.Options{}
894 if passFile != "" {
895 opts = append(opts, pemutil.WithPasswordFile(passFile))
896 }
897
898 signer, err := cryptoutil.CreateSigner(caKMS, caKey, opts...)

Callers 1

createActionFunction · 0.85

Calls 3

CreateSignerFunction · 0.92
IsX509SignerFunction · 0.92
StringMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…