MCPcopy
hub / github.com/smallstep/cli / Sign

Method Sign

utils/cautils/certificate_flow.go:250–293  ·  view source on GitHub ↗

Sign signs the CSR using the online or the offline certificate authority.

(ctx *cli.Context, tok string, csr api.CertificateRequest, crtFile string)

Source from the content-addressed store, hash-verified

248
249// Sign signs the CSR using the online or the offline certificate authority.
250func (f *CertificateFlow) Sign(ctx *cli.Context, tok string, csr api.CertificateRequest, crtFile string) error {
251 client, err := f.GetClient(ctx, tok)
252 if err != nil {
253 return err
254 }
255
256 // parse times or durations
257 notBefore, notAfter, err := flags.ParseTimeDuration(ctx)
258 if err != nil {
259 return err
260 }
261
262 // parse template data
263 templateData, err := flags.ParseTemplateData(ctx)
264 if err != nil {
265 return err
266 }
267
268 req := &api.SignRequest{
269 CsrPEM: csr,
270 OTT: tok,
271 NotBefore: notBefore,
272 NotAfter: notAfter,
273 TemplateData: templateData,
274 }
275
276 resp, err := client.Sign(req)
277 if err != nil {
278 return err
279 }
280
281 if len(resp.CertChainPEM) == 0 {
282 resp.CertChainPEM = []api.Certificate{resp.ServerPEM, resp.CaPEM}
283 }
284 var data []byte
285 for _, certPEM := range resp.CertChainPEM {
286 pemblk, err := pemutil.Serialize(certPEM.Certificate)
287 if err != nil {
288 return errors.Wrap(err, "error serializing from step-ca API response")
289 }
290 data = append(data, pem.EncodeToMemory(pemblk)...)
291 }
292 return fileutil.WriteFile(crtFile, data, 0o600)
293}
294
295// CreateSignRequest is a helper function that given an x509 OTT returns a
296// simple but secure sign request as well as the private key used.

Callers 2

signCertificateActionFunction · 0.95
certificateActionFunction · 0.95

Calls 4

GetClientMethod · 0.95
ParseTimeDurationFunction · 0.92
ParseTemplateDataFunction · 0.92
SignMethod · 0.65

Tested by

no test coverage detected