Attempt to delete key and certificate with the same name.

Nitrokey will override the label of the key with the certificate one.
If they are stored with the same id.
This commit is contained in:
Mariano Cano 2021-01-29 13:31:07 -08:00
parent 162c535705
commit 7f9d7eadc9

View file

@ -149,6 +149,7 @@ func main() {
for _, u := range certUris { for _, u := range certUris {
if u != "" && !c.NoCerts { if u != "" && !c.NoCerts {
checkObject(k, u) checkObject(k, u)
checkCertificate(k, u)
} }
} }
for _, u := range keyUris { for _, u := range keyUris {
@ -164,6 +165,11 @@ func main() {
if ok { if ok {
for _, u := range certUris { for _, u := range certUris {
if u != "" && !c.NoCerts { if u != "" && !c.NoCerts {
// Some HSMs like Nitrokey will overwrite the key with the
// certificate label.
if err := deleter.DeleteKey(u); err != nil {
fatal(err)
}
if err := deleter.DeleteCertificate(u); err != nil { if err := deleter.DeleteCertificate(u); err != nil {
fatal(err) fatal(err)
} }
@ -215,6 +221,18 @@ COPYRIGHT
os.Exit(1) os.Exit(1)
} }
func checkCertificate(k kms.KeyManager, rawuri string) {
if cm, ok := k.(kms.CertificateManager); ok {
if _, err := cm.LoadCertificate(&apiv1.LoadCertificateRequest{
Name: rawuri,
}); err == nil {
fmt.Fprintf(os.Stderr, "⚠️ Your PKCS #11 module already has a certificate on %s.\n", rawuri)
fmt.Fprintln(os.Stderr, " If you want to delete it and start fresh, use `--force`.")
os.Exit(1)
}
}
}
func checkObject(k kms.KeyManager, rawuri string) { func checkObject(k kms.KeyManager, rawuri string) {
if _, err := k.GetPublicKey(&apiv1.GetPublicKeyRequest{ if _, err := k.GetPublicKey(&apiv1.GetPublicKeyRequest{
Name: rawuri, Name: rawuri,