-
Notifications
You must be signed in to change notification settings - Fork 3
/
provision.go
89 lines (71 loc) · 1.88 KB
/
provision.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package cert
import (
"context"
"crypto/tls"
"crypto/x509"
"encoding/pem"
"fmt"
"os"
"strconv"
"github.com/anchordotdev/cli"
"github.com/anchordotdev/cli/cert/models"
"github.com/anchordotdev/cli/ui"
)
type Provision struct {
Cert *tls.Certificate
}
func (p *Provision) RunTUI(ctx context.Context, drv *ui.Driver, domains ...string) error {
cfg := cli.ConfigFromContext(ctx)
drv.Activate(ctx, &models.Provision{
Domains: domains,
})
// TODO: as a stand-alone command, it makes no sense to expect a cert as an
// initialize value for this command, but this is only used by the 'lcl
// diagnostic' stuff for the time being, which already provisions a cert.
cert := p.Cert
prefix := cert.Leaf.Subject.CommonName
if num := len(domains); num > 1 {
prefix += "+" + strconv.Itoa(num-1)
}
certFile := fmt.Sprintf("./%s-cert.pem", prefix)
chainFile := fmt.Sprintf("./%s-chain.pem", prefix)
keyFile := fmt.Sprintf("./%s-key.pem", prefix)
certBlock := &pem.Block{
Type: "CERTIFICATE",
Bytes: cert.Certificate[0],
}
if !cfg.Trust.MockMode {
if err := os.WriteFile(certFile, pem.EncodeToMemory(certBlock), 0644); err != nil {
return err
}
}
var chainData []byte
for _, certDER := range cert.Certificate {
chainBlock := &pem.Block{
Type: "CERTIFICATE",
Bytes: certDER,
}
chainData = append(chainData, pem.EncodeToMemory(chainBlock)...)
}
if !cfg.Trust.MockMode {
if err := os.WriteFile(chainFile, chainData, 0644); err != nil {
return err
}
}
keyDER, err := x509.MarshalPKCS8PrivateKey(cert.PrivateKey)
if err != nil {
return err
}
keyBlock := &pem.Block{
Type: "PRIVATE KEY",
Headers: make(map[string]string),
Bytes: keyDER,
}
if !cfg.Trust.MockMode {
if err := os.WriteFile(keyFile, pem.EncodeToMemory(keyBlock), 0644); err != nil {
return err
}
}
drv.Send(models.ProvisionedFiles{certFile, chainFile, keyFile})
return nil
}