NewAdminClient returns a client for the mgmt API of the online CA.
(ctx *cli.Context, opts ...ca.ClientOption)
| 97 | |
| 98 | // NewAdminClient returns a client for the mgmt API of the online CA. |
| 99 | func NewAdminClient(ctx *cli.Context, opts ...ca.ClientOption) (*ca.AdminClient, error) { |
| 100 | caURL, err := flags.ParseCaURLIfExists(ctx) |
| 101 | if err != nil { |
| 102 | return nil, err |
| 103 | } |
| 104 | if caURL == "" { |
| 105 | return nil, errs.RequiredFlag(ctx, "ca-url") |
| 106 | } |
| 107 | root := ctx.String("root") |
| 108 | if root == "" { |
| 109 | root = pki.GetRootCAPath() |
| 110 | if _, err := os.Stat(root); err != nil { |
| 111 | return nil, errs.RequiredFlag(ctx, "root") |
| 112 | } |
| 113 | } |
| 114 | |
| 115 | var ( |
| 116 | adminCertFile = ctx.String("admin-cert") |
| 117 | adminKeyFile = ctx.String("admin-key") |
| 118 | adminCert []*x509.Certificate |
| 119 | adminKey interface{} |
| 120 | ) |
| 121 | if adminCertFile != "" || adminKeyFile != "" { |
| 122 | if adminCertFile == "" { |
| 123 | return nil, errs.RequiredWithFlag(ctx, "admin-key", "admin-cert") |
| 124 | } |
| 125 | if adminKeyFile == "" { |
| 126 | return nil, errs.RequiredWithFlag(ctx, "admin-cert", "admin-key") |
| 127 | } |
| 128 | adminCert, err = pemutil.ReadCertificateBundle(adminCertFile) |
| 129 | if err != nil { |
| 130 | return nil, errors.Wrap(err, "error reading admin certificate") |
| 131 | } |
| 132 | adminKey, err = pemutil.Read(adminKeyFile) |
| 133 | if err != nil { |
| 134 | return nil, errors.Wrap(err, "error reading admin key") |
| 135 | } |
| 136 | } else { |
| 137 | ui.Printf("No admin credentials found. You must login to execute admin commands.\n") |
| 138 | // Generate a new admin cert/key in memory. |
| 139 | client, err := ca.NewClient(caURL, ca.WithRootFile(root)) |
| 140 | if err != nil { |
| 141 | return nil, err |
| 142 | } |
| 143 | subject := ctx.String("admin-subject") |
| 144 | if subject == "" { |
| 145 | subject, err = ui.Prompt("Please enter admin name/subject (e.g., name@example.com)", ui.WithValidateNotEmpty()) |
| 146 | if err != nil { |
| 147 | return nil, err |
| 148 | } |
| 149 | } |
| 150 | tok, err := NewTokenFlow(ctx, SignType, subject, []string{subject}, caURL, root, time.Time{}, time.Time{}, provisioner.TimeDuration{}, provisioner.TimeDuration{}) |
| 151 | |
| 152 | if err != nil { |
| 153 | return nil, err |
| 154 | } |
| 155 | |
| 156 | dnsNames, ips, emails, uris := splitSANs([]string{subject}) |
no test coverage detected
searching dependent graphs…