forked from TrueCloudLab/certificates
Attempt to delete key and certificate with the same name.
Nitrokey will override the label of the key with the certificate one. If they are stored with the same id.
This commit is contained in:
parent
162c535705
commit
7f9d7eadc9
1 changed files with 18 additions and 0 deletions
|
@ -149,6 +149,7 @@ func main() {
|
||||||
for _, u := range certUris {
|
for _, u := range certUris {
|
||||||
if u != "" && !c.NoCerts {
|
if u != "" && !c.NoCerts {
|
||||||
checkObject(k, u)
|
checkObject(k, u)
|
||||||
|
checkCertificate(k, u)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for _, u := range keyUris {
|
for _, u := range keyUris {
|
||||||
|
@ -164,6 +165,11 @@ func main() {
|
||||||
if ok {
|
if ok {
|
||||||
for _, u := range certUris {
|
for _, u := range certUris {
|
||||||
if u != "" && !c.NoCerts {
|
if u != "" && !c.NoCerts {
|
||||||
|
// Some HSMs like Nitrokey will overwrite the key with the
|
||||||
|
// certificate label.
|
||||||
|
if err := deleter.DeleteKey(u); err != nil {
|
||||||
|
fatal(err)
|
||||||
|
}
|
||||||
if err := deleter.DeleteCertificate(u); err != nil {
|
if err := deleter.DeleteCertificate(u); err != nil {
|
||||||
fatal(err)
|
fatal(err)
|
||||||
}
|
}
|
||||||
|
@ -215,6 +221,18 @@ COPYRIGHT
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func checkCertificate(k kms.KeyManager, rawuri string) {
|
||||||
|
if cm, ok := k.(kms.CertificateManager); ok {
|
||||||
|
if _, err := cm.LoadCertificate(&apiv1.LoadCertificateRequest{
|
||||||
|
Name: rawuri,
|
||||||
|
}); err == nil {
|
||||||
|
fmt.Fprintf(os.Stderr, "⚠️ Your PKCS #11 module already has a certificate on %s.\n", rawuri)
|
||||||
|
fmt.Fprintln(os.Stderr, " If you want to delete it and start fresh, use `--force`.")
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func checkObject(k kms.KeyManager, rawuri string) {
|
func checkObject(k kms.KeyManager, rawuri string) {
|
||||||
if _, err := k.GetPublicKey(&apiv1.GetPublicKeyRequest{
|
if _, err := k.GetPublicKey(&apiv1.GetPublicKeyRequest{
|
||||||
Name: rawuri,
|
Name: rawuri,
|
||||||
|
|
Loading…
Reference in a new issue