luzifer/vault-openvpn
1
0
Fork 0
mirror of https://github.com/Luzifer/vault-openvpn.git synced 2024-11-08 16:20:05 +00:00
Code Issues Releases Wiki Activity
vault-openvpn/cmd/revoke.go
Knut Ahlers 3c822ae59a
Allow listing expired certificates for debugging purposes 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2018-06-14 21:09:15 +02:00

43 lines
967 B
Go
Raw Blame History

package cmd
import (
"errors"
"github.com/hashicorp/vault/helper/certutil"
"github.com/spf13/cobra"
)
// revokeCmd represents the revoke command
var revokeCmd = &cobra.Command{
Use: "revoke <fqdn>",
Short: "Revoke all certificates matching to FQDN",
PreRunE: func(cmd *cobra.Command, args []string) error { return initVaultClient() },
RunE: func(cmd *cobra.Command, args []string) error {
if len(args) != 1 || !validateFQDN(args[0]) {
return errors.New("You need to provide a valid FQDN")
}
return revokeCertificateByFQDN(args[0])
},
}
func init() {
RootCmd.AddCommand(revokeCmd)
}
func revokeCertificateByFQDN(fqdn string) error {
certs, err := fetchCertificatesFromVault(false)
if err != nil {
return err
}
for _, cert := range certs {
if cert.Subject.CommonName == fqdn {
if err := revokeCertificateBySerial(certutil.GetHexFormatted(cert.SerialNumber.Bytes(), ":")); err != nil {
return err
}
}
}
return nil
}
Reference in a new issue View git blame Copy permalink