func signCSRFile(s signer.Signer, csrFile string, t *testing.T) []byte { csrBytes, err := ioutil.ReadFile(csrFile) if err != nil { t.Fatal(err) } signingRequest := signer.SignRequest{Request: string(csrBytes)} certBytes, err := s.Sign(signingRequest) if err != nil { t.Fatal(err) } return certBytes }
func gencertMain(args []string) (err error) { if Config.hostname == "" && !Config.isCA { Config.hostname, args, err = popFirstArgument(args) if err != nil { return } } csrFile, args, err := popFirstArgument(args) if err != nil { return } csrFileBytes, err := readStdin(csrFile) if err != nil { return } var req csr.CertificateRequest err = json.Unmarshal(csrFileBytes, &req) if err != nil { return } if Config.isCA { var key, cert []byte cert, key, err = initca.New(&req) if err != nil { return } printCert(key, nil, cert) } else { if Config.remote != "" { return gencertRemotely(req) } if Config.caFile == "" { log.Error("cannot sign certificate without a CA certificate (provide one with -ca)") return } if Config.caKeyFile == "" { log.Error("cannot sign certificate without a CA key (provide one with -ca-key)") return } var policy *config.Signing // If there is a config, use its signing policy. Otherwise, leave policy == nil // and NewSigner will use DefaultConfig(). if Config.cfg != nil { policy = Config.cfg.Signing } var key, csrPEM []byte g := &csr.Generator{validator} csrPEM, key, err = g.ProcessRequest(&req) if err != nil { key = nil return } var sign *signer.Signer sign, err = signer.NewSigner(Config.caFile, Config.caKeyFile, policy) if err != nil { return } var cert []byte cert, err = sign.Sign(Config.hostname, csrPEM, Config.profile) if err != nil { return } printCert(key, csrPEM, cert) } return nil }