GenerateSSHToken generates a token used to authorize the sign of an SSH certificate.
(ctx *cli.Context, subject string, typ int, principals []string, validAfter, validBefore provisioner.TimeDuration)
| 207 | // GenerateSSHToken generates a token used to authorize the sign of an SSH |
| 208 | // certificate. |
| 209 | func (f *CertificateFlow) GenerateSSHToken(ctx *cli.Context, subject string, typ int, principals []string, validAfter, validBefore provisioner.TimeDuration) (string, error) { |
| 210 | if f.offline { |
| 211 | return f.offlineCA.GenerateToken(ctx, typ, subject, principals, time.Time{}, time.Time{}, validAfter, validBefore) |
| 212 | } |
| 213 | |
| 214 | // Use online CA to get the provisioners and generate the token |
| 215 | caURL, err := flags.ParseCaURLIfExists(ctx) |
| 216 | if err != nil { |
| 217 | return "", err |
| 218 | } else if caURL == "" { |
| 219 | return "", errs.RequiredUnlessFlag(ctx, "ca-url", "token") |
| 220 | } |
| 221 | |
| 222 | root := ctx.String("root") |
| 223 | if root == "" { |
| 224 | root = pki.GetRootCAPath() |
| 225 | if _, err := os.Stat(root); err != nil { |
| 226 | return "", errs.RequiredUnlessFlag(ctx, "root", "token") |
| 227 | } |
| 228 | } |
| 229 | |
| 230 | return NewTokenFlow(ctx, typ, subject, principals, caURL, root, time.Time{}, time.Time{}, validAfter, validBefore) |
| 231 | } |
| 232 | |
| 233 | // GenerateIdentityToken generates a token using only an OIDC provisioner. |
| 234 | func (f *CertificateFlow) GenerateIdentityToken(ctx *cli.Context) (string, error) { |
no test coverage detected