forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
signer_cert_args.go
72 lines (60 loc) · 2.09 KB
/
signer_cert_args.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package admin
import (
"fmt"
"os"
"sync"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"github.com/openshift/origin/pkg/cmd/server/crypto"
cmdutil "github.com/openshift/origin/pkg/cmd/util"
)
type SignerCertOptions struct {
CertFile string
KeyFile string
SerialFile string
lock sync.Mutex
ca *crypto.CA
}
func BindSignerCertOptions(options *SignerCertOptions, flags *pflag.FlagSet, prefix string) {
flags.StringVar(&options.CertFile, prefix+"signer-cert", options.CertFile, "The certificate file.")
flags.StringVar(&options.KeyFile, prefix+"signer-key", options.KeyFile, "The key file.")
flags.StringVar(&options.SerialFile, prefix+"signer-serial", options.SerialFile, "The serial file that keeps track of how many certs have been signed.")
// autocompletion hints
cobra.MarkFlagFilename(flags, prefix+"signer-cert")
cobra.MarkFlagFilename(flags, prefix+"signer-key")
cobra.MarkFlagFilename(flags, prefix+"signer-serial")
}
func NewDefaultSignerCertOptions() *SignerCertOptions {
options := &SignerCertOptions{}
options.CertFile = "openshift.local.config/master/ca.crt"
options.KeyFile = "openshift.local.config/master/ca.key"
options.SerialFile = "openshift.local.config/master/ca.serial.txt"
return options
}
func (o *SignerCertOptions) Validate() error {
if _, err := os.Stat(o.CertFile); len(o.CertFile) == 0 || err != nil {
return fmt.Errorf("--signer-cert, %q must be a valid certificate file", cmdutil.GetDisplayFilename(o.CertFile))
}
if _, err := os.Stat(o.KeyFile); len(o.KeyFile) == 0 || err != nil {
return fmt.Errorf("--signer-key, %q must be a valid key file", cmdutil.GetDisplayFilename(o.KeyFile))
}
if len(o.SerialFile) > 0 {
if _, err := os.Stat(o.SerialFile); err != nil {
return fmt.Errorf("--signer-serial, %q must be a valid file", cmdutil.GetDisplayFilename(o.SerialFile))
}
}
return nil
}
func (o *SignerCertOptions) CA() (*crypto.CA, error) {
o.lock.Lock()
defer o.lock.Unlock()
if o.ca != nil {
return o.ca, nil
}
ca, err := crypto.GetCA(o.CertFile, o.KeyFile, o.SerialFile)
if err != nil {
return nil, err
}
o.ca = ca
return ca, nil
}