(ctx *cli.Context)
| 235 | } |
| 236 | |
| 237 | func signAction(ctx *cli.Context) error { |
| 238 | if err := errs.NumberOfArguments(ctx, 3); err != nil { |
| 239 | return err |
| 240 | } |
| 241 | |
| 242 | csrFile := ctx.Args().Get(0) |
| 243 | crtFile := ctx.Args().Get(1) |
| 244 | keyFile := ctx.Args().Get(2) |
| 245 | kms := ctx.String("kms") |
| 246 | |
| 247 | // Parse certificate request |
| 248 | csr, err := pemutil.ReadCertificateRequest(csrFile) |
| 249 | if err != nil { |
| 250 | return err |
| 251 | } |
| 252 | if err = csr.CheckSignature(); err != nil { |
| 253 | return errors.Wrapf(err, "certificate request has invalid signature") |
| 254 | } |
| 255 | |
| 256 | // Parse issuer and issuer key (at least one should be present) |
| 257 | issuers, err := cryptoutil.LoadCertificate(kms, crtFile) |
| 258 | if err != nil { |
| 259 | return err |
| 260 | } |
| 261 | opts := []pemutil.Options{} |
| 262 | passFile := ctx.String("password-file") |
| 263 | if passFile == "" { |
| 264 | opts = append(opts, pemutil.WithPasswordPrompt( |
| 265 | fmt.Sprintf("Please enter the password to decrypt %s", keyFile), |
| 266 | func(s string) ([]byte, error) { |
| 267 | return ui.PromptPassword(s) |
| 268 | })) |
| 269 | } else { |
| 270 | opts = append(opts, pemutil.WithPasswordFile(passFile)) |
| 271 | } |
| 272 | |
| 273 | signer, err := cryptoutil.CreateSigner(kms, keyFile, opts...) |
| 274 | if err != nil { |
| 275 | return err |
| 276 | } |
| 277 | if !cryptoutil.IsX509Signer(signer) { |
| 278 | return errors.Errorf("the key %q cannot be used to sign X509 certificates", keyFile) |
| 279 | } |
| 280 | if err := validateIssuerKey(issuers[0], signer); err != nil { |
| 281 | return err |
| 282 | } |
| 283 | |
| 284 | // Profile flag |
| 285 | profile := ctx.String("profile") |
| 286 | if profile != profileLeaf && profile != profileIntermediateCA && profile != profileCSR { |
| 287 | return errs.InvalidFlagValue(ctx, "profile", profile, "leaf, intermediate-ca, csr") |
| 288 | } |
| 289 | |
| 290 | // Template flag |
| 291 | templateFile := ctx.String("template") |
| 292 | if ctx.IsSet("profile") && templateFile != "" { |
| 293 | return errs.IncompatibleFlagWithFlag(ctx, "profile", "template") |
| 294 | } |
nothing calls this directly
no test coverage detected
searching dependent graphs…