Skip to content

Commit 42e275a

Browse files
hslatmanhslatman
committed
Reduce number of times certificate file is read when installing
1 parent 028915b commit 42e275a

File tree

1 file changed

+15
-17
lines changed

1 file changed

+15
-17
lines changed

command/certificate/install.go

Lines changed: 15 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,15 @@
11
package certificate
22

33
import (
4+
"crypto/x509"
45
"fmt"
56
"strings"
67

78
"github.com/pkg/errors"
9+
"github.com/urfave/cli"
10+
811
"github.com/smallstep/certinfo"
912
"github.com/smallstep/truststore"
10-
"github.com/urfave/cli"
1113
"go.step.sm/cli-utils/command"
1214
"go.step.sm/cli-utils/errs"
1315
"go.step.sm/crypto/pemutil"
@@ -159,12 +161,12 @@ func installAction(ctx *cli.Context) error {
159161
}
160162

161163
filename := ctx.Args().Get(0)
162-
opts, err := getTruststoreOptions(ctx)
164+
cert, opts, err := getTruststoreOptions(ctx)
163165
if err != nil {
164166
return err
165167
}
166168

167-
if err := truststore.InstallFile(filename, opts...); err != nil {
169+
if err := truststore.Install(cert, opts...); err != nil {
168170
var truststoreErr *truststore.CmdError
169171
if errors.As(err, &truststoreErr) {
170172
return errors.Errorf("failed to execute \"%s\" failed with: %s",
@@ -175,10 +177,8 @@ func installAction(ctx *cli.Context) error {
175177

176178
fmt.Printf("Certificate %s has been installed.\n", filename)
177179
// Print certificate info (ignore errors)
178-
if cert, err := pemutil.ReadCertificate(filename); err == nil {
179-
if s, err := certinfo.CertificateShortText(cert); err == nil {
180-
fmt.Print(s)
181-
}
180+
if s, err := certinfo.CertificateShortText(cert); err == nil {
181+
fmt.Print(s)
182182
}
183183

184184
return nil
@@ -190,12 +190,12 @@ func uninstallAction(ctx *cli.Context) error {
190190
}
191191

192192
filename := ctx.Args().Get(0)
193-
opts, err := getTruststoreOptions(ctx)
193+
cert, opts, err := getTruststoreOptions(ctx)
194194
if err != nil {
195195
return err
196196
}
197197

198-
if err := truststore.UninstallFile(filename, opts...); err != nil {
198+
if err := truststore.Uninstall(cert, opts...); err != nil {
199199
var truststoreErr *truststore.CmdError
200200
if errors.As(err, &truststoreErr) {
201201
return errors.Errorf("failed to execute \"%s\" failed with: %s",
@@ -206,23 +206,21 @@ func uninstallAction(ctx *cli.Context) error {
206206

207207
fmt.Printf("Certificate %s has been removed.\n", filename)
208208
// Print certificate info (ignore errors)
209-
if cert, err := pemutil.ReadCertificate(filename); err == nil {
210-
if s, err := certinfo.CertificateShortText(cert); err == nil {
211-
fmt.Print(s)
212-
}
209+
if s, err := certinfo.CertificateShortText(cert); err == nil {
210+
fmt.Print(s)
213211
}
214212

215213
return nil
216214
}
217215

218-
func getTruststoreOptions(ctx *cli.Context) ([]truststore.Option, error) {
216+
func getTruststoreOptions(ctx *cli.Context) (*x509.Certificate, []truststore.Option, error) {
219217
cert, err := pemutil.ReadCertificate(ctx.Args().Get(0))
220218
if err != nil {
221-
return nil, err
219+
return nil, nil, err
222220
}
223221

224222
if !cert.IsCA || cert.CheckSignatureFrom(cert) != nil {
225-
return nil, errors.Errorf("certificate %s is not a root CA", ctx.Args().Get(0))
223+
return nil, nil, errors.Errorf("certificate %s is not a root CA", ctx.Args().Get(0))
226224
}
227225

228226
prefix := ctx.String("prefix")
@@ -251,5 +249,5 @@ func getTruststoreOptions(ctx *cli.Context) ([]truststore.Option, error) {
251249
if ctx.Bool("no-system") {
252250
opts = append(opts, truststore.WithNoSystem())
253251
}
254-
return opts, nil
252+
return cert, opts, nil
255253
}

0 commit comments

Comments
 (0)