forked from TrueCloudLab/certificates
Add option to not store certificates in the pkcs11 module.
This commit is contained in:
Mariano Cano
parent
50e9018a44
commit
162c535705
1 changed files with 6 additions and 4 deletions
|
|
@ -42,6 +42,7 @@ type Config struct {
|
||||||
RootFile string
|
RootFile string
|
||||||
KeyFile string
|
KeyFile string
|
||||||
Pin string
|
Pin string
|
||||||
|
NoCerts bool
|
||||||
EnableSSH bool
|
EnableSSH bool
|
||||||
Force bool
|
Force bool
|
||||||
}
|
}
|
||||||
|
|
@ -105,6 +106,7 @@ func main() {
|
||||||
flag.StringVar(&c.RootFile, "root", "", "Path to the root certificate to use.")
|
flag.StringVar(&c.RootFile, "root", "", "Path to the root certificate to use.")
|
||||||
flag.StringVar(&c.KeyFile, "key", "", "Path to the root key to use.")
|
flag.StringVar(&c.KeyFile, "key", "", "Path to the root key to use.")
|
||||||
flag.BoolVar(&c.EnableSSH, "ssh", false, "Enable the creation of ssh keys.")
|
flag.BoolVar(&c.EnableSSH, "ssh", false, "Enable the creation of ssh keys.")
|
||||||
|
flag.BoolVar(&c.NoCerts, "no-certs", false, "Do not store certificates in the module.")
|
||||||
flag.BoolVar(&c.Force, "force", false, "Force the delete of previous keys.")
|
flag.BoolVar(&c.Force, "force", false, "Force the delete of previous keys.")
|
||||||
flag.Usage = usage
|
flag.Usage = usage
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
|
|
@ -145,7 +147,7 @@ func main() {
|
||||||
}
|
}
|
||||||
if !c.Force {
|
if !c.Force {
|
||||||
for _, u := range certUris {
|
for _, u := range certUris {
|
||||||
if u != "" {
|
if u != "" && !c.NoCerts {
|
||||||
checkObject(k, u)
|
checkObject(k, u)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -161,7 +163,7 @@ func main() {
|
||||||
})
|
})
|
||||||
if ok {
|
if ok {
|
||||||
for _, u := range certUris {
|
for _, u := range certUris {
|
||||||
if u != "" {
|
if u != "" && !c.NoCerts {
|
||||||
if err := deleter.DeleteCertificate(u); err != nil {
|
if err := deleter.DeleteCertificate(u); err != nil {
|
||||||
fatal(err)
|
fatal(err)
|
||||||
}
|
}
|
||||||
|
|
@ -285,7 +287,7 @@ func createPKI(k kms.KeyManager, c Config) error {
|
||||||
return errors.Wrap(err, "error parsing root certificate")
|
return errors.Wrap(err, "error parsing root certificate")
|
||||||
}
|
}
|
||||||
|
|
||||||
if cm, ok := k.(kms.CertificateManager); ok {
|
if cm, ok := k.(kms.CertificateManager); ok && !c.NoCerts {
|
||||||
if err = cm.StoreCertificate(&apiv1.StoreCertificateRequest{
|
if err = cm.StoreCertificate(&apiv1.StoreCertificateRequest{
|
||||||
Name: c.RootObject,
|
Name: c.RootObject,
|
||||||
Certificate: root,
|
Certificate: root,
|
||||||
|
|
@ -362,7 +364,7 @@ func createPKI(k kms.KeyManager, c Config) error {
|
||||||
return errors.Wrap(err, "error parsing intermediate certificate")
|
return errors.Wrap(err, "error parsing intermediate certificate")
|
||||||
}
|
}
|
||||||
|
|
||||||
if cm, ok := k.(kms.CertificateManager); ok {
|
if cm, ok := k.(kms.CertificateManager); ok && !c.NoCerts {
|
||||||
if err = cm.StoreCertificate(&apiv1.StoreCertificateRequest{
|
if err = cm.StoreCertificate(&apiv1.StoreCertificateRequest{
|
||||||
Name: c.CrtObject,
|
Name: c.CrtObject,
|
||||||
Certificate: intermediate,
|
Certificate: intermediate,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue