MCPcopy Index your code
hub / github.com/smallstep/cli / Rekey

Method Rekey

command/ca/renew.go:510–545  ·  view source on GitHub ↗
(priv interface{}, outCert, outKey string, writePrivateKey bool)

Source from the content-addressed store, hash-verified

508}
509
510func (r *renewer) Rekey(priv interface{}, outCert, outKey string, writePrivateKey bool) (*api.SignResponse, error) {
511 csrBytes, err := x509.CreateCertificateRequest(cryptoRand.Reader, &x509.CertificateRequest{}, priv)
512 if err != nil {
513 return nil, err
514 }
515 csr, err := x509.ParseCertificateRequest(csrBytes)
516 if err != nil {
517 return nil, err
518 }
519 resp, err := r.client.Rekey(&api.RekeyRequest{CsrPEM: api.NewCertificateRequest(csr)}, r.transport)
520 if err != nil {
521 return nil, errors.Wrap(err, "error rekeying certificate")
522 }
523 if len(resp.CertChainPEM) == 0 {
524 resp.CertChainPEM = []api.Certificate{resp.ServerPEM, resp.CaPEM}
525 }
526 var data []byte
527 for _, certPEM := range resp.CertChainPEM {
528 pemblk, err := pemutil.Serialize(certPEM.Certificate)
529 if err != nil {
530 return nil, errors.Wrap(err, "error serializing certificate PEM")
531 }
532 data = append(data, pem.EncodeToMemory(pemblk)...)
533 }
534 if err := fileutil.WriteFile(outCert, data, 0o600); err != nil {
535 return nil, errs.FileError(err, outCert)
536 }
537 if writePrivateKey {
538 _, err = pemutil.Serialize(priv, pemutil.ToFile(outKey, 0o600))
539 if err != nil {
540 return nil, err
541 }
542 }
543
544 return resp, nil
545}
546
547// RenewAndPrepareNext renews the cert and prepares the cert for it's next renewal.
548// NOTE: this function logs each time the certificate is successfully renewed.

Callers

nothing calls this directly

Calls 1

RekeyMethod · 0.65

Tested by

no test coverage detected