MCPcopy
hub / github.com/smallstep/cli / revokeAction

Function revokeAction

command/ssh/revoke.go:124–199  ·  view source on GitHub ↗
(ctx *cli.Context)

Source from the content-addressed store, hash-verified

122}
123
124func revokeAction(ctx *cli.Context) error {
125 args := ctx.Args()
126 token := ctx.String("token")
127 var serial string
128
129 switch ctx.NArg() {
130 case 0:
131 certFile := ctx.String("sshpop-cert")
132 keyFile := ctx.String("sshpop-key")
133 if certFile == "" || keyFile == "" {
134 return errors.New("--sshpop-cert and --sshpop-key must be supplied if serial number is not supplied as first argument")
135 }
136 // Load the cert, because we need the serial number.
137 certBytes, err := os.ReadFile(certFile)
138 if err != nil {
139 return errors.Wrapf(err, "error reading ssh certificate from %s", certFile)
140 }
141 sshpub, _, _, _, err := ssh.ParseAuthorizedKey(certBytes)
142 if err != nil {
143 return errors.Wrapf(err, "error parsing ssh public key from %s", certFile)
144 }
145 cert, ok := sshpub.(*ssh.Certificate)
146 if !ok {
147 return errors.New("error casting ssh public key to ssh certificate")
148 }
149 serial = strconv.FormatUint(cert.Serial, 10)
150 case 1:
151 serial = args.Get(0)
152 default:
153 return errs.TooManyArguments(ctx)
154 }
155
156 reason := ctx.String("reason")
157 // Convert the reasonCode flag to an OCSP revocation code.
158 reasonCode, err := cmdca.ReasonCodeToNum(ctx.String("reasonCode"))
159 if err != nil {
160 return err
161 }
162
163 flow, err := cautils.NewCertificateFlow(ctx)
164 if err != nil {
165 return err
166 }
167
168 if token == "" {
169 token, err = flow.GenerateSSHToken(ctx, serial, cautils.SSHRevokeType, nil, provisioner.TimeDuration{}, provisioner.TimeDuration{})
170 if err != nil {
171 return err
172 }
173 }
174
175 // Prepare retry function
176 retryFunc, err := loginOnUnauthorized(ctx)
177 if err != nil {
178 return err
179 }
180
181 caClient, err := flow.GetClient(ctx, token, ca.WithRetryFunc(retryFunc))

Callers

nothing calls this directly

Calls 6

GenerateSSHTokenMethod · 0.95
GetClientMethod · 0.95
NewCertificateFlowFunction · 0.92
loginOnUnauthorizedFunction · 0.85
StringMethod · 0.65
SSHRevokeMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…