(ctx *cli.Context)
| 59 | } |
| 60 | |
| 61 | func checkHostAction(ctx *cli.Context) error { |
| 62 | isVerbose := ctx.Bool("verbose") |
| 63 | |
| 64 | if err := errs.NumberOfArguments(ctx, 1); err != nil { |
| 65 | return err |
| 66 | } |
| 67 | |
| 68 | client, err := cautils.NewClient(ctx) |
| 69 | if err != nil { |
| 70 | return contactAdminErr(errors.Wrap(err, "error generating ca client")) |
| 71 | } |
| 72 | version, err := client.Version() |
| 73 | if err != nil { |
| 74 | return contactAdminErr(errors.Wrap(err, "error retrieving client version info")) |
| 75 | } |
| 76 | |
| 77 | var ( |
| 78 | tok string |
| 79 | hostname = ctx.Args().First() |
| 80 | ) |
| 81 | if version.RequireClientAuthentication { |
| 82 | id, err := ca.LoadDefaultIdentity() |
| 83 | if err != nil { |
| 84 | return sshConfigErr(errors.Wrap(err, "error loading the default x5c identity")) |
| 85 | } |
| 86 | |
| 87 | if id != nil { |
| 88 | // Get private key from given key file. |
| 89 | jwk, err := jose.ReadKey(id.Key) |
| 90 | if err != nil { |
| 91 | return debugErr(errors.Wrap(err, "error parsing x5c key from identity file")) |
| 92 | } |
| 93 | tokenGen := cautils.NewTokenGenerator(jwk.KeyID, "x5c-identity", |
| 94 | "/ssh/check-host", "", time.Time{}, time.Time{}, jwk) |
| 95 | tok, err = tokenGen.Token(hostname, token.WithX5CInsecureFile(id.Certificate, jwk.Key)) |
| 96 | if err != nil { |
| 97 | return sshConfigErr(errors.Wrap(err, "error generating identity x5c token for /ssh/check-host request")) |
| 98 | } |
| 99 | } |
| 100 | } |
| 101 | |
| 102 | resp, err := client.SSHCheckHost(hostname, tok) |
| 103 | if err != nil { |
| 104 | return caErrs.Wrap(http.StatusInternalServerError, err, |
| 105 | "error checking ssh host eligibility") |
| 106 | } |
| 107 | |
| 108 | if isVerbose { |
| 109 | fmt.Println(resp.Exists) |
| 110 | } |
| 111 | if !resp.Exists { |
| 112 | os.Exit(1) |
| 113 | } |
| 114 | return nil |
| 115 | } |
nothing calls this directly
no test coverage detected
searching dependent graphs…