Skip to content

Commit

Permalink
Remove the scep-decrypter-certificate flag
Browse files Browse the repository at this point in the history
  • Loading branch information
@hslatman
hslatman committed Sep 25, 2023
1 parent fbd179b commit 642b9b9
Show file tree
Hide file tree
Showing 3 changed files with 2 additions and 45 deletions.
21 changes: 1 addition & 20 deletions command/ca/provisioner/add.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ SCEP
**step ca provisioner add** <name> **--type**=SCEP [**--force-cn**] [**--challenge**=<challenge>]
[**--capabilities**=<capabilities>] [**--include-root**] [**--exclude-intermediate**]
[**--min-public-key-length**=<length>] [**--encryption-algorithm-identifier**=<id>]
[**--scep-decrypter-certificate-file**=<file>] [**--scep-decrypter-certificate**=<base64>]
[**--scep-decrypter-certificate-file**=<file>]
[**--scep-decrypter-key-file**=<file>] [**--scep-decrypter-key**=<base64>]
[**--scep-decrypter-key-uri**=<uri>] [**--scep-decrypter-key-password-file**=<file>]
[**--admin-cert**=<file>] [**--admin-key**=<file>] [**--admin-subject**=<subject>]
Expand Down Expand Up @@ -818,25 +818,6 @@ func createSCEPDetails(ctx *cli.Context) (*linkedca.ProvisionerDetails, error) {
decrypter.Certificate = data
s.Decrypter = decrypter
}
if decrypterCertificate := ctx.String("scep-decrypter-certificate"); decrypterCertificate != "" {
// validate the provided value to be a valid base64 encoded PEM formatted certificate
data, err := base64.StdEncoding.DecodeString(decrypterCertificate)
if err != nil {
return nil, fmt.Errorf("failed base64 decoding decrypter certificate: %w", err)
}
block, rest := pem.Decode(data)
if len(rest) > 0 {
return nil, errors.New("failed parsing decrypter certificate: trailing data")
}
if block == nil {
return nil, errors.New("failed parsing decrypter certificate: no PEM block found")
}
if _, err := x509.ParseCertificate(block.Bytes); err != nil {
return nil, fmt.Errorf("failed parsing decrypter certificate: %w", err)
}
decrypter.Certificate = data
s.Decrypter = decrypter
}
if decrypterKeyURI := ctx.String("scep-decrypter-key-uri"); decrypterKeyURI != "" {
decrypter.KeyUri = decrypterKeyURI
s.Decrypter = decrypter
Expand Down
4 changes: 0 additions & 4 deletions command/ca/provisioner/provisioner.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -432,10 +432,6 @@ Use the flag multiple times to remove multiple formats.`,
Name: "scep-decrypter-certificate-file",
Usage: `The path to a PEM certificate <file> for the SCEP decrypter`,
}
scepDecrypterCertFlag = cli.StringFlag{
Name: "scep-decrypter-certificate",
Usage: `The <base64> encoded PEM certificate for the SCEP decrypter`,
}
scepDecrypterKeyFileFlag = cli.StringFlag{
Name: "scep-decrypter-key-file",
Usage: `The path to a PEM private key <file> for the SCEP decrypter`,
Expand Down
22 changes: 1 addition & 21 deletions command/ca/provisioner/update.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ SCEP
**step ca provisioner update** <name> [**--force-cn**] [**--challenge**=<challenge>]
[**--capabilities**=<capabilities>] [**--include-root**] [**--exclude-intermediate**]
[**--minimum-public-key-length**=<length>] [**--encryption-algorithm-identifier**=<id>]
[**--scep-decrypter-certificate-file**=<file>] [**--scep-decrypter-certificate**=<base64>]
[**--scep-decrypter-certificate-file**=<file>]
[**--scep-decrypter-key-file**=<file>] [**--scep-decrypter-key**=<base64>]
[**--scep-decrypter-key-uri**=<uri>] [**--scep-decrypter-key-password-file**=<file>]
[**--admin-cert**=<file>] [**--admin-key**=<file>] [**--admin-subject**=<subject>]
Expand Down Expand Up @@ -944,26 +944,6 @@ func updateSCEPDetails(ctx *cli.Context, p *linkedca.Provisioner) error {
decrypter.Certificate = data
details.Decrypter = decrypter
}
if ctx.IsSet("scep-decrypter-certificate") {
// validate the provided value to be a valid base64 encoded PEM formatted certificate
decrypterCertificate := ctx.String("scep-decrypter-certificate")
data, err := base64.StdEncoding.DecodeString(decrypterCertificate)
if err != nil {
return fmt.Errorf("failed base64 decoding decrypter certificate: %w", err)
}
block, rest := pem.Decode(data)
if len(rest) > 0 {
return errors.New("failed parsing decrypter certificate: trailing data")
}
if block == nil {
return errors.New("failed parsing decrypter certificate: no PEM block found")
}
if _, err := x509.ParseCertificate(block.Bytes); err != nil {
return fmt.Errorf("failed parsing decrypter certificate: %w", err)
}
decrypter.Certificate = data
details.Decrypter = decrypter
}
if ctx.IsSet("scep-decrypter-key-uri") {
decrypter.KeyUri = ctx.String("scep-decrypter-key-uri")
details.Decrypter = decrypter
Expand Down

0 comments on commit 642b9b9

Please sign in to comment.