(outFile string)
| 480 | } |
| 481 | |
| 482 | func (r *renewer) Renew(outFile string) (resp *api.SignResponse, err error) { |
| 483 | if !r.mtls || time.Now().After(r.cert.Leaf.NotAfter) { |
| 484 | resp, err = r.RenewWithToken(r.cert) |
| 485 | } else { |
| 486 | resp, err = r.client.Renew(r.transport) |
| 487 | } |
| 488 | if err != nil { |
| 489 | return nil, errors.Wrap(err, "error renewing certificate") |
| 490 | } |
| 491 | |
| 492 | if len(resp.CertChainPEM) == 0 { |
| 493 | resp.CertChainPEM = []api.Certificate{resp.ServerPEM, resp.CaPEM} |
| 494 | } |
| 495 | var data []byte |
| 496 | for _, certPEM := range resp.CertChainPEM { |
| 497 | pemblk, err := pemutil.Serialize(certPEM.Certificate) |
| 498 | if err != nil { |
| 499 | return nil, errors.Wrap(err, "error serializing certificate PEM") |
| 500 | } |
| 501 | data = append(data, pem.EncodeToMemory(pemblk)...) |
| 502 | } |
| 503 | if err := fileutil.WriteFile(outFile, data, 0o600); err != nil { |
| 504 | return nil, errs.FileError(err, outFile) |
| 505 | } |
| 506 | |
| 507 | return resp, nil |
| 508 | } |
| 509 | |
| 510 | func (r *renewer) Rekey(priv interface{}, outCert, outKey string, writePrivateKey bool) (*api.SignResponse, error) { |
| 511 | csrBytes, err := x509.CreateCertificateRequest(cryptoRand.Reader, &x509.CertificateRequest{}, priv) |
no test coverage detected