(ctx *cli.Context)
| 78 | } |
| 79 | |
| 80 | func rekeyAction(ctx *cli.Context) error { |
| 81 | if err := errs.NumberOfArguments(ctx, 2); err != nil { |
| 82 | return err |
| 83 | } |
| 84 | |
| 85 | args := ctx.Args() |
| 86 | certFile := args.Get(0) |
| 87 | keyFile := args.Get(1) |
| 88 | |
| 89 | // SSH uses fixed suffixes for public keys and certificates |
| 90 | var newPubFile, newCertFile, newKeyFile string |
| 91 | if out := ctx.String("out"); out != "" { |
| 92 | newPubFile = out + ".pub" |
| 93 | newCertFile = out + "-cert.pub" |
| 94 | newKeyFile = out |
| 95 | } else { |
| 96 | newPubFile = keyFile + ".pub" |
| 97 | newCertFile = certFile |
| 98 | newKeyFile = keyFile |
| 99 | } |
| 100 | |
| 101 | // Extra flags |
| 102 | passwordFile := ctx.String("password-file") |
| 103 | noPassword := ctx.Bool("no-password") |
| 104 | insecure := ctx.Bool("insecure") |
| 105 | |
| 106 | flow, err := cautils.NewCertificateFlow(ctx) |
| 107 | if err != nil { |
| 108 | return err |
| 109 | } |
| 110 | |
| 111 | // Load the cert, because we need the serial number. |
| 112 | certBytes, err := os.ReadFile(certFile) |
| 113 | if err != nil { |
| 114 | return errors.Wrapf(err, "error reading ssh certificate from %s", certFile) |
| 115 | } |
| 116 | sshpub, _, _, _, err := ssh.ParseAuthorizedKey(certBytes) |
| 117 | if err != nil { |
| 118 | return errors.Wrapf(err, "error parsing ssh public key from %s", certFile) |
| 119 | } |
| 120 | cert, ok := sshpub.(*ssh.Certificate) |
| 121 | if !ok { |
| 122 | return errors.New("error casting ssh public key to ssh certificate") |
| 123 | } |
| 124 | serial := strconv.FormatUint(cert.Serial, 10) |
| 125 | |
| 126 | ctx.Set("sshpop-cert", certFile) |
| 127 | ctx.Set("sshpop-key", keyFile) |
| 128 | token, err := flow.GenerateSSHToken(ctx, serial, cautils.SSHRekeyType, nil, provisioner.TimeDuration{}, provisioner.TimeDuration{}) |
| 129 | if err != nil { |
| 130 | return err |
| 131 | } |
| 132 | |
| 133 | caClient, err := flow.GetClient(ctx, token) |
| 134 | if err != nil { |
| 135 | return err |
| 136 | } |
| 137 |
nothing calls this directly
no test coverage detected
searching dependent graphs…