(ctx *cli.Context)
| 74 | } |
| 75 | |
| 76 | func renewAction(ctx *cli.Context) error { |
| 77 | if err := errs.NumberOfArguments(ctx, 2); err != nil { |
| 78 | return err |
| 79 | } |
| 80 | |
| 81 | args := ctx.Args() |
| 82 | certFile := args.Get(0) |
| 83 | keyFile := args.Get(1) |
| 84 | |
| 85 | // Flags |
| 86 | outFile := ctx.String("out") |
| 87 | if outFile == "" { |
| 88 | outFile = certFile |
| 89 | } |
| 90 | |
| 91 | flow, err := cautils.NewCertificateFlow(ctx) |
| 92 | if err != nil { |
| 93 | return err |
| 94 | } |
| 95 | |
| 96 | // Load the cert, because we need the serial number. |
| 97 | certBytes, err := os.ReadFile(certFile) |
| 98 | if err != nil { |
| 99 | return errors.Wrapf(err, "error reading ssh certificate from %s", certFile) |
| 100 | } |
| 101 | sshpub, _, _, _, err := ssh.ParseAuthorizedKey(certBytes) |
| 102 | if err != nil { |
| 103 | return errors.Wrapf(err, "error parsing ssh public key from %s", certFile) |
| 104 | } |
| 105 | cert, ok := sshpub.(*ssh.Certificate) |
| 106 | if !ok { |
| 107 | return errors.New("error casting ssh public key to ssh certificate") |
| 108 | } |
| 109 | serial := strconv.FormatUint(cert.Serial, 10) |
| 110 | |
| 111 | ctx.Set("sshpop-cert", certFile) |
| 112 | ctx.Set("sshpop-key", keyFile) |
| 113 | token, err := flow.GenerateSSHToken(ctx, serial, cautils.SSHRenewType, nil, provisioner.TimeDuration{}, provisioner.TimeDuration{}) |
| 114 | if err != nil { |
| 115 | return err |
| 116 | } |
| 117 | |
| 118 | caClient, err := flow.GetClient(ctx, token) |
| 119 | if err != nil { |
| 120 | return err |
| 121 | } |
| 122 | |
| 123 | resp, err := caClient.SSHRenew(&api.SSHRenewRequest{ |
| 124 | OTT: token, |
| 125 | }) |
| 126 | if err != nil { |
| 127 | return err |
| 128 | } |
| 129 | |
| 130 | // Write certificate |
| 131 | if err := fileutil.WriteFile(outFile, marshalPublicKey(resp.Certificate, cert.KeyId), 0o644); err != nil { |
| 132 | return err |
| 133 | } |
nothing calls this directly
no test coverage detected
searching dependent graphs…