Merge pull request #950 from gdbelvin/pinsrc

step-pkcs11-init pin-file support
This commit is contained in:
Mariano Cano 2022-06-09 14:41:11 -07:00 committed by GitHub
commit 304cc5a70f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -47,6 +47,7 @@ type Config struct {
RootFile string
KeyFile string
Pin string
PinFile string
NoCerts bool
EnableSSH bool
Force bool
@ -74,6 +75,8 @@ func (c *Config) Validate() error {
return errors.New("flag `--root-gen` requires flag `--root-key-obj`")
case c.RootFile == "" && c.GenerateRoot && c.RootPath == "":
return errors.New("flag `--root-gen` requires `--root-cert-path`")
case c.Pin != "" && c.PinFile != "":
return errors.New("Only set one of pin and pin-file")
default:
if c.RootFile != "" {
c.GenerateRoot = false
@ -108,6 +111,7 @@ func main() {
var c Config
flag.StringVar(&c.KMS, "kms", kmsuri, "PKCS #11 URI with the module-path and token to connect to the module.")
flag.StringVar(&c.Pin, "pin", "", "PKCS #11 PIN")
flag.StringVar(&c.PinFile, "pin-file", "", "PKCS #11 PIN File")
// Option 1: Generate new root
flag.BoolVar(&c.GenerateRoot, "root-gen", true, "Enable the generation of a root key.")
flag.StringVar(&c.RootSubject, "root-name", "PKCS #11 Smallstep Root", "Subject and Issuer of the root certificate.")
@ -147,7 +151,18 @@ func main() {
// Initialize windows terminal
ui.Init()
if u.Get("pin-value") == "" && u.Get("pin-source") == "" && c.Pin == "" {
switch {
case u.Get("pin-value") != "":
case u.Get("pin-source") != "":
case c.Pin != "":
case c.PinFile != "":
content, err := os.ReadFile(c.PinFile)
if err != nil {
fatal(err)
}
c.Pin = string(content)
default:
pin, err := ui.PromptPassword("What is the PKCS#11 PIN?")
if err != nil {
fatal(err)