func signCSRFile(s signer.Signer, csrFile string, t *testing.T) []byte {
csrBytes, err := ioutil.ReadFile(csrFile)
if err != nil {
t.Fatal(err)
}
signingRequest := signer.SignRequest{Request: string(csrBytes)}
certBytes, err := s.Sign(signingRequest)
if err != nil {
t.Fatal(err)
}
return certBytes
}
func gencertMain(args []string) (err error) {
if Config.hostname == "" && !Config.isCA {
Config.hostname, args, err = popFirstArgument(args)
if err != nil {
return
}
}
csrFile, args, err := popFirstArgument(args)
if err != nil {
return
}
csrFileBytes, err := readStdin(csrFile)
if err != nil {
return
}
var req csr.CertificateRequest
err = json.Unmarshal(csrFileBytes, &req)
if err != nil {
return
}
if Config.isCA {
var key, cert []byte
cert, key, err = initca.New(&req)
if err != nil {
return
}
printCert(key, nil, cert)
} else {
if Config.remote != "" {
return gencertRemotely(req)
}
if Config.caFile == "" {
log.Error("cannot sign certificate without a CA certificate (provide one with -ca)")
return
}
if Config.caKeyFile == "" {
log.Error("cannot sign certificate without a CA key (provide one with -ca-key)")
return
}
var policy *config.Signing
// If there is a config, use its signing policy. Otherwise, leave policy == nil
// and NewSigner will use DefaultConfig().
if Config.cfg != nil {
policy = Config.cfg.Signing
}
var key, csrPEM []byte
g := &csr.Generator{validator}
csrPEM, key, err = g.ProcessRequest(&req)
if err != nil {
key = nil
return
}
var sign *signer.Signer
sign, err = signer.NewSigner(Config.caFile, Config.caKeyFile, policy)
if err != nil {
return
}
var cert []byte
cert, err = sign.Sign(Config.hostname, csrPEM, Config.profile)
if err != nil {
return
}
printCert(key, csrPEM, cert)
}
return nil
}
