MCPcopy
hub / github.com/smallstep/cli / getClient

Method getClient

command/ca/revoke.go:324–374  ·  view source on GitHub ↗
(ctx *cli.Context, serial, token string)

Source from the content-addressed store, hash-verified

322}
323
324func (f *revokeFlow) getClient(ctx *cli.Context, serial, token string) (cautils.CaClient, error) {
325 if f.offline {
326 return f.offlineCA, nil
327 }
328
329 // Create online client
330 caURL, err := flags.ParseCaURLIfExists(ctx)
331 if err != nil {
332 return nil, err
333 }
334 rootFile := ctx.String("root")
335 var options []ca.ClientOption
336
337 if token != "" {
338 tok, err := jose.ParseSigned(token)
339 if err != nil {
340 return nil, errors.Wrap(err, "error parsing flag '--token'")
341 }
342 var claims revokeTokenClaims
343 if err := tok.UnsafeClaimsWithoutVerification(&claims); err != nil {
344 return nil, errors.Wrap(err, "error parsing flag '--token'")
345 }
346 if !strings.EqualFold(claims.Subject, serial) {
347 return nil, errors.Errorf("token subject '%s' and serial number '%s' do not match", claims.Subject, serial)
348 }
349
350 // Prepare client for bootstrap or provisioning tokens
351 if claims.SHA != "" && len(claims.Audience) > 0 && strings.HasPrefix(strings.ToLower(claims.Audience[0]), "http") {
352 if caURL == "" {
353 caURL = claims.Audience[0]
354 }
355 options = append(options, ca.WithRootSHA256(claims.SHA))
356 ui.PrintSelected("CA", caURL)
357 return ca.NewClient(caURL, options...)
358 }
359 } else if caURL == "" {
360 // If there is no token then caURL is required.
361 return nil, errs.RequiredFlag(ctx, "ca-url")
362 }
363
364 if rootFile == "" {
365 rootFile = pki.GetRootCAPath()
366 if _, err := os.Stat(rootFile); err != nil {
367 return nil, errs.RequiredFlag(ctx, "root")
368 }
369 }
370 options = append(options, ca.WithRootFile(rootFile))
371
372 ui.PrintSelected("CA", caURL)
373 return ca.NewClient(caURL, options...)
374}
375
376func (f *revokeFlow) GenerateToken(ctx *cli.Context, subject *string) (string, error) {
377 // For offline just generate the token

Callers 1

RevokeMethod · 0.95

Calls 2

ParseCaURLIfExistsFunction · 0.92
StringMethod · 0.65

Tested by

no test coverage detected