MCPcopy Index your code
hub / github.com/smallstep/cli / signAction

Function signAction

command/certificate/sign.go:237–397  ·  view source on GitHub ↗
(ctx *cli.Context)

Source from the content-addressed store, hash-verified

235}
236
237func signAction(ctx *cli.Context) error {
238 if err := errs.NumberOfArguments(ctx, 3); err != nil {
239 return err
240 }
241
242 csrFile := ctx.Args().Get(0)
243 crtFile := ctx.Args().Get(1)
244 keyFile := ctx.Args().Get(2)
245 kms := ctx.String("kms")
246
247 // Parse certificate request
248 csr, err := pemutil.ReadCertificateRequest(csrFile)
249 if err != nil {
250 return err
251 }
252 if err = csr.CheckSignature(); err != nil {
253 return errors.Wrapf(err, "certificate request has invalid signature")
254 }
255
256 // Parse issuer and issuer key (at least one should be present)
257 issuers, err := cryptoutil.LoadCertificate(kms, crtFile)
258 if err != nil {
259 return err
260 }
261 opts := []pemutil.Options{}
262 passFile := ctx.String("password-file")
263 if passFile == "" {
264 opts = append(opts, pemutil.WithPasswordPrompt(
265 fmt.Sprintf("Please enter the password to decrypt %s", keyFile),
266 func(s string) ([]byte, error) {
267 return ui.PromptPassword(s)
268 }))
269 } else {
270 opts = append(opts, pemutil.WithPasswordFile(passFile))
271 }
272
273 signer, err := cryptoutil.CreateSigner(kms, keyFile, opts...)
274 if err != nil {
275 return err
276 }
277 if !cryptoutil.IsX509Signer(signer) {
278 return errors.Errorf("the key %q cannot be used to sign X509 certificates", keyFile)
279 }
280 if err := validateIssuerKey(issuers[0], signer); err != nil {
281 return err
282 }
283
284 // Profile flag
285 profile := ctx.String("profile")
286 if profile != profileLeaf && profile != profileIntermediateCA && profile != profileCSR {
287 return errs.InvalidFlagValue(ctx, "profile", profile, "leaf, intermediate-ca, csr")
288 }
289
290 // Template flag
291 templateFile := ctx.String("template")
292 if ctx.IsSet("profile") && templateFile != "" {
293 return errs.IncompatibleFlagWithFlag(ctx, "profile", "template")
294 }

Callers

nothing calls this directly

Calls 11

LoadCertificateFunction · 0.92
CreateSignerFunction · 0.92
IsX509SignerFunction · 0.92
ReadFileFunction · 0.92
GetTemplateDataFunction · 0.92
ParseTimeOrDurationFunction · 0.92
validateIssuerKeyFunction · 0.85
validateIssuerFunction · 0.85
createTemplateDataFunction · 0.85
GetCertificateMethod · 0.80
StringMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…