(ctx *cli.Context)
| 122 | } |
| 123 | |
| 124 | func revokeAction(ctx *cli.Context) error { |
| 125 | args := ctx.Args() |
| 126 | token := ctx.String("token") |
| 127 | var serial string |
| 128 | |
| 129 | switch ctx.NArg() { |
| 130 | case 0: |
| 131 | certFile := ctx.String("sshpop-cert") |
| 132 | keyFile := ctx.String("sshpop-key") |
| 133 | if certFile == "" || keyFile == "" { |
| 134 | return errors.New("--sshpop-cert and --sshpop-key must be supplied if serial number is not supplied as first argument") |
| 135 | } |
| 136 | // Load the cert, because we need the serial number. |
| 137 | certBytes, err := os.ReadFile(certFile) |
| 138 | if err != nil { |
| 139 | return errors.Wrapf(err, "error reading ssh certificate from %s", certFile) |
| 140 | } |
| 141 | sshpub, _, _, _, err := ssh.ParseAuthorizedKey(certBytes) |
| 142 | if err != nil { |
| 143 | return errors.Wrapf(err, "error parsing ssh public key from %s", certFile) |
| 144 | } |
| 145 | cert, ok := sshpub.(*ssh.Certificate) |
| 146 | if !ok { |
| 147 | return errors.New("error casting ssh public key to ssh certificate") |
| 148 | } |
| 149 | serial = strconv.FormatUint(cert.Serial, 10) |
| 150 | case 1: |
| 151 | serial = args.Get(0) |
| 152 | default: |
| 153 | return errs.TooManyArguments(ctx) |
| 154 | } |
| 155 | |
| 156 | reason := ctx.String("reason") |
| 157 | // Convert the reasonCode flag to an OCSP revocation code. |
| 158 | reasonCode, err := cmdca.ReasonCodeToNum(ctx.String("reasonCode")) |
| 159 | if err != nil { |
| 160 | return err |
| 161 | } |
| 162 | |
| 163 | flow, err := cautils.NewCertificateFlow(ctx) |
| 164 | if err != nil { |
| 165 | return err |
| 166 | } |
| 167 | |
| 168 | if token == "" { |
| 169 | token, err = flow.GenerateSSHToken(ctx, serial, cautils.SSHRevokeType, nil, provisioner.TimeDuration{}, provisioner.TimeDuration{}) |
| 170 | if err != nil { |
| 171 | return err |
| 172 | } |
| 173 | } |
| 174 | |
| 175 | // Prepare retry function |
| 176 | retryFunc, err := loginOnUnauthorized(ctx) |
| 177 | if err != nil { |
| 178 | return err |
| 179 | } |
| 180 | |
| 181 | caClient, err := flow.GetClient(ctx, token, ca.WithRetryFunc(retryFunc)) |
nothing calls this directly
no test coverage detected
searching dependent graphs…