Add option to not store certificates in the pkcs11 module.

This commit is contained in:
Mariano Cano 2021-01-28 20:13:28 -08:00
parent 50e9018a44
commit 162c535705

View file

@ -42,6 +42,7 @@ type Config struct {
RootFile string
KeyFile string
Pin string
NoCerts bool
EnableSSH bool
Force bool
}
@ -105,6 +106,7 @@ func main() {
flag.StringVar(&c.RootFile, "root", "", "Path to the root certificate to use.")
flag.StringVar(&c.KeyFile, "key", "", "Path to the root key to use.")
flag.BoolVar(&c.EnableSSH, "ssh", false, "Enable the creation of ssh keys.")
flag.BoolVar(&c.NoCerts, "no-certs", false, "Do not store certificates in the module.")
flag.BoolVar(&c.Force, "force", false, "Force the delete of previous keys.")
flag.Usage = usage
flag.Parse()
@ -145,7 +147,7 @@ func main() {
}
if !c.Force {
for _, u := range certUris {
if u != "" {
if u != "" && !c.NoCerts {
checkObject(k, u)
}
}
@ -161,7 +163,7 @@ func main() {
})
if ok {
for _, u := range certUris {
if u != "" {
if u != "" && !c.NoCerts {
if err := deleter.DeleteCertificate(u); err != nil {
fatal(err)
}
@ -285,7 +287,7 @@ func createPKI(k kms.KeyManager, c Config) error {
return errors.Wrap(err, "error parsing root certificate")
}
if cm, ok := k.(kms.CertificateManager); ok {
if cm, ok := k.(kms.CertificateManager); ok && !c.NoCerts {
if err = cm.StoreCertificate(&apiv1.StoreCertificateRequest{
Name: c.RootObject,
Certificate: root,
@ -362,7 +364,7 @@ func createPKI(k kms.KeyManager, c Config) error {
return errors.Wrap(err, "error parsing intermediate certificate")
}
if cm, ok := k.(kms.CertificateManager); ok {
if cm, ok := k.(kms.CertificateManager); ok && !c.NoCerts {
if err = cm.StoreCertificate(&apiv1.StoreCertificateRequest{
Name: c.CrtObject,
Certificate: intermediate,