mirror of
https://github.com/Luzifer/vault-openvpn.git
synced 2024-11-10 01:00:08 +00:00
43 lines
877 B
Go
43 lines
877 B
Go
|
package cmd
|
||
|
|
||
|
import (
|
||
|
"errors"
|
||
|
|
||
|
"github.com/hashicorp/vault/helper/certutil"
|
||
|
"github.com/spf13/cobra"
|
||
|
)
|
||
|
|
||
|
// revokeCmd represents the revoke command
|
||
|
var revokeCmd = &cobra.Command{
|
||
|
Use: "revoke <fqdn>",
|
||
|
Short: "Revoke all certificates matching to FQDN",
|
||
|
RunE: func(cmd *cobra.Command, args []string) error {
|
||
|
if len(args) != 1 || !validateFQDN(args[0]) {
|
||
|
return errors.New("You need to provide a valid FQDN")
|
||
|
}
|
||
|
|
||
|
return revokeCertificateByFQDN(args[0])
|
||
|
},
|
||
|
}
|
||
|
|
||
|
func init() {
|
||
|
RootCmd.AddCommand(revokeCmd)
|
||
|
}
|
||
|
|
||
|
func revokeCertificateByFQDN(fqdn string) error {
|
||
|
certs, err := fetchValidCertificatesFromVault()
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
for _, cert := range certs {
|
||
|
if cert.Subject.CommonName == fqdn {
|
||
|
if err := revokeCertificateBySerial(certutil.GetHexFormatted(cert.SerialNumber.Bytes(), ":")); err != nil {
|
||
|
return err
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return nil
|
||
|
}
|