Sign signs the CSR using the online or the offline certificate authority.
(ctx *cli.Context, tok string, csr api.CertificateRequest, crtFile string)
| 248 | |
| 249 | // Sign signs the CSR using the online or the offline certificate authority. |
| 250 | func (f *CertificateFlow) Sign(ctx *cli.Context, tok string, csr api.CertificateRequest, crtFile string) error { |
| 251 | client, err := f.GetClient(ctx, tok) |
| 252 | if err != nil { |
| 253 | return err |
| 254 | } |
| 255 | |
| 256 | // parse times or durations |
| 257 | notBefore, notAfter, err := flags.ParseTimeDuration(ctx) |
| 258 | if err != nil { |
| 259 | return err |
| 260 | } |
| 261 | |
| 262 | // parse template data |
| 263 | templateData, err := flags.ParseTemplateData(ctx) |
| 264 | if err != nil { |
| 265 | return err |
| 266 | } |
| 267 | |
| 268 | req := &api.SignRequest{ |
| 269 | CsrPEM: csr, |
| 270 | OTT: tok, |
| 271 | NotBefore: notBefore, |
| 272 | NotAfter: notAfter, |
| 273 | TemplateData: templateData, |
| 274 | } |
| 275 | |
| 276 | resp, err := client.Sign(req) |
| 277 | if err != nil { |
| 278 | return err |
| 279 | } |
| 280 | |
| 281 | if len(resp.CertChainPEM) == 0 { |
| 282 | resp.CertChainPEM = []api.Certificate{resp.ServerPEM, resp.CaPEM} |
| 283 | } |
| 284 | var data []byte |
| 285 | for _, certPEM := range resp.CertChainPEM { |
| 286 | pemblk, err := pemutil.Serialize(certPEM.Certificate) |
| 287 | if err != nil { |
| 288 | return errors.Wrap(err, "error serializing from step-ca API response") |
| 289 | } |
| 290 | data = append(data, pem.EncodeToMemory(pemblk)...) |
| 291 | } |
| 292 | return fileutil.WriteFile(crtFile, data, 0o600) |
| 293 | } |
| 294 | |
| 295 | // CreateSignRequest is a helper function that given an x509 OTT returns a |
| 296 | // simple but secure sign request as well as the private key used. |
no test coverage detected