Remove scep-decrypter-key flag

smallstep · Sep 25, 2023 · dc047bb · dc047bb
1 parent 33c53c1
commit dc047bb
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 34 deletions.
diff --git a/command/ca/provisioner/add.go b/command/ca/provisioner/add.go
@@ -6,7 +6,6 @@ import (
 	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/x509"
-	"encoding/base64"
 	"encoding/pem"
 	"fmt"
 	"net/url"
@@ -100,8 +99,7 @@ SCEP
 **step ca provisioner add** <name> **--type**=SCEP [**--force-cn**] [**--challenge**=<challenge>]
 [**--capabilities**=<capabilities>] [**--include-root**] [**--exclude-intermediate**]
 [**--min-public-key-length**=<length>] [**--encryption-algorithm-identifier**=<id>]
-[**--scep-decrypter-certificate-file**=<file>]  
-[**--scep-decrypter-key-file**=<file>] [**--scep-decrypter-key**=<base64>] 
+[**--scep-decrypter-certificate-file**=<file>] [**--scep-decrypter-key-file**=<file>] 
 [**--scep-decrypter-key-uri**=<uri>] [**--scep-decrypter-key-password-file**=<file>]
 [**--admin-cert**=<file>] [**--admin-key**=<file>] [**--admin-subject**=<subject>] 
 [**--admin-provisioner**=<name>] [**--admin-password-file**=<file>]
@@ -146,7 +144,6 @@ SCEP
 			scepEncryptionAlgorithmIdentifierFlag,
 			scepDecrypterCertFileFlag,
 			scepDecrypterKeyFileFlag,
-			scepDecrypterKeyFlag,
 			scepDecrypterKeyURIFlag,
 			scepDecrypterKeyPasswordFileFlag,
 
@@ -829,17 +826,6 @@ func createSCEPDetails(ctx *cli.Context) (*linkedca.ProvisionerDetails, error) {
 		decrypter.Key = data
 		s.Decrypter = decrypter
 	}
-	if decrypterKey := ctx.String("scep-decrypter-key"); decrypterKey != "" {
-		data, err := base64.StdEncoding.DecodeString(decrypterKey)
-		if err != nil {
-			return nil, fmt.Errorf("failed base64 decoding decrypter key: %w", err)
-		}
-		if err := validateSCEPDecrypterKey(data); err != nil {
-			return nil, fmt.Errorf("failed validating decrypter key: %w", err)
-		}
-		decrypter.Key = data
-		s.Decrypter = decrypter
-	}
 	if decrypterKeyPasswordFile := ctx.String("scep-decrypter-key-password-file"); decrypterKeyPasswordFile != "" {
 		decrypterKeyPassword, err := utils.ReadPasswordFromFile(decrypterKeyPasswordFile)
 		if err != nil {

diff --git a/command/ca/provisioner/provisioner.go b/command/ca/provisioner/provisioner.go
@@ -436,10 +436,6 @@ Use the flag multiple times to remove multiple formats.`,
 		Name:  "scep-decrypter-key-file",
 		Usage: `The path to a PEM private key <file> for the SCEP decrypter`,
 	}
-	scepDecrypterKeyFlag = cli.StringFlag{
-		Name:  "scep-decrypter-key",
-		Usage: `The <base64> encoded PEM private key for the SCEP decrypter`,
-	}
 	scepDecrypterKeyURIFlag = cli.StringFlag{
 		Name:  "scep-decrypter-key-uri",
 		Usage: `The key <uri> for the SCEP decrypter. Should be a valid value for the KMS type used.`,

diff --git a/command/ca/provisioner/update.go b/command/ca/provisioner/update.go
@@ -5,7 +5,6 @@ import (
 	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/x509"
-	"encoding/base64"
 	"encoding/pem"
 	"fmt"
 	"net/url"
@@ -89,8 +88,7 @@ SCEP
 **step ca provisioner update** <name> [**--force-cn**] [**--challenge**=<challenge>]
 [**--capabilities**=<capabilities>] [**--include-root**] [**--exclude-intermediate**]
 [**--minimum-public-key-length**=<length>] [**--encryption-algorithm-identifier**=<id>]
-[**--scep-decrypter-certificate-file**=<file>]
-[**--scep-decrypter-key-file**=<file>] [**--scep-decrypter-key**=<base64>] 
+[**--scep-decrypter-certificate-file**=<file>] [**--scep-decrypter-key-file**=<file>]
 [**--scep-decrypter-key-uri**=<uri>] [**--scep-decrypter-key-password-file**=<file>]
 [**--admin-cert**=<file>] [**--admin-key**=<file>] [**--admin-subject**=<subject>] 
 [**--admin-provisioner**=<name>] [**--admin-password-file**=<file>]
@@ -138,7 +136,6 @@ SCEP
 			scepEncryptionAlgorithmIdentifierFlag,
 			scepDecrypterCertFileFlag,
 			scepDecrypterKeyFileFlag,
-			scepDecrypterKeyFlag,
 			scepDecrypterKeyURIFlag,
 			scepDecrypterKeyPasswordFileFlag,
 
@@ -955,17 +952,6 @@ func updateSCEPDetails(ctx *cli.Context, p *linkedca.Provisioner) error {
 		decrypter.Key = data
 		details.Decrypter = decrypter
 	}
-	if decrypterKey := ctx.String("scep-decrypter-key"); decrypterKey != "" {
-		data, err := base64.StdEncoding.DecodeString(decrypterKey)
-		if err != nil {
-			return fmt.Errorf("failed base64 decoding decrypter key: %w", err)
-		}
-		if err := validateSCEPDecrypterKey(data); err != nil {
-			return fmt.Errorf("failed validating decrypter key: %w", err)
-		}
-		decrypter.Key = data
-		details.Decrypter = decrypter
-	}
 	if decrypterKeyPasswordFile := ctx.String("scep-decrypter-key-password-file"); decrypterKeyPasswordFile != "" {
 		decrypterKeyPassword, err := utils.ReadPasswordFromFile(decrypterKeyPasswordFile)
 		if err != nil {