(ctx *cli.Context, serial, token string)
| 322 | } |
| 323 | |
| 324 | func (f *revokeFlow) getClient(ctx *cli.Context, serial, token string) (cautils.CaClient, error) { |
| 325 | if f.offline { |
| 326 | return f.offlineCA, nil |
| 327 | } |
| 328 | |
| 329 | // Create online client |
| 330 | caURL, err := flags.ParseCaURLIfExists(ctx) |
| 331 | if err != nil { |
| 332 | return nil, err |
| 333 | } |
| 334 | rootFile := ctx.String("root") |
| 335 | var options []ca.ClientOption |
| 336 | |
| 337 | if token != "" { |
| 338 | tok, err := jose.ParseSigned(token) |
| 339 | if err != nil { |
| 340 | return nil, errors.Wrap(err, "error parsing flag '--token'") |
| 341 | } |
| 342 | var claims revokeTokenClaims |
| 343 | if err := tok.UnsafeClaimsWithoutVerification(&claims); err != nil { |
| 344 | return nil, errors.Wrap(err, "error parsing flag '--token'") |
| 345 | } |
| 346 | if !strings.EqualFold(claims.Subject, serial) { |
| 347 | return nil, errors.Errorf("token subject '%s' and serial number '%s' do not match", claims.Subject, serial) |
| 348 | } |
| 349 | |
| 350 | // Prepare client for bootstrap or provisioning tokens |
| 351 | if claims.SHA != "" && len(claims.Audience) > 0 && strings.HasPrefix(strings.ToLower(claims.Audience[0]), "http") { |
| 352 | if caURL == "" { |
| 353 | caURL = claims.Audience[0] |
| 354 | } |
| 355 | options = append(options, ca.WithRootSHA256(claims.SHA)) |
| 356 | ui.PrintSelected("CA", caURL) |
| 357 | return ca.NewClient(caURL, options...) |
| 358 | } |
| 359 | } else if caURL == "" { |
| 360 | // If there is no token then caURL is required. |
| 361 | return nil, errs.RequiredFlag(ctx, "ca-url") |
| 362 | } |
| 363 | |
| 364 | if rootFile == "" { |
| 365 | rootFile = pki.GetRootCAPath() |
| 366 | if _, err := os.Stat(rootFile); err != nil { |
| 367 | return nil, errs.RequiredFlag(ctx, "root") |
| 368 | } |
| 369 | } |
| 370 | options = append(options, ca.WithRootFile(rootFile)) |
| 371 | |
| 372 | ui.PrintSelected("CA", caURL) |
| 373 | return ca.NewClient(caURL, options...) |
| 374 | } |
| 375 | |
| 376 | func (f *revokeFlow) GenerateToken(ctx *cli.Context, subject *string) (string, error) { |
| 377 | // For offline just generate the token |
no test coverage detected