(ctx *cli.Context)
| 162 | ) |
| 163 | |
| 164 | func loginOnUnauthorized(ctx *cli.Context) (ca.RetryFunc, error) { |
| 165 | templateData, err := flags.ParseTemplateData(ctx) |
| 166 | if err != nil { |
| 167 | return nil, err |
| 168 | } |
| 169 | |
| 170 | flow, err := cautils.NewCertificateFlow(ctx) |
| 171 | if err != nil { |
| 172 | return nil, err |
| 173 | } |
| 174 | |
| 175 | client, err := cautils.NewClient(ctx) |
| 176 | if err != nil { |
| 177 | return nil, err |
| 178 | } |
| 179 | |
| 180 | return func(code int) bool { |
| 181 | if code != http.StatusUnauthorized { |
| 182 | return false |
| 183 | } |
| 184 | |
| 185 | fail := func(err error) bool { |
| 186 | ui.Printf("{{ \"%v\" | red }}\n", err) |
| 187 | return false |
| 188 | } |
| 189 | |
| 190 | // Check if client authentication is required. |
| 191 | version, err := client.Version() |
| 192 | if err != nil { |
| 193 | return fail(err) |
| 194 | } |
| 195 | if !version.RequireClientAuthentication { |
| 196 | return false |
| 197 | } |
| 198 | |
| 199 | // Generate OIDC token |
| 200 | tok, err := flow.GenerateIdentityToken(ctx) |
| 201 | if err != nil { |
| 202 | return fail(err) |
| 203 | } |
| 204 | jwt, err := token.ParseInsecure(tok) |
| 205 | if err != nil { |
| 206 | return fail(err) |
| 207 | } |
| 208 | if jwt.Payload.Email == "" { |
| 209 | return fail(errors.New("error creating identity token: email address cannot be empty")) |
| 210 | } |
| 211 | |
| 212 | // Generate SSH Keys |
| 213 | pub, priv, err := keyutil.GenerateDefaultKeyPair() |
| 214 | if err != nil { |
| 215 | return fail(err) |
| 216 | } |
| 217 | sshPub, err := ssh.NewPublicKey(pub) |
| 218 | if err != nil { |
| 219 | return fail(err) |
| 220 | } |
| 221 |
no test coverage detected
searching dependent graphs…