Skip to content

Commit

Permalink
Merge pull request #1177 from smallstep/herman/read-certificate-once
Browse files Browse the repository at this point in the history 
Reduce number of times certificate file is read when installing
  • Loading branch information
@hslatman
hslatman committed May 14, 2024
2 parents e5ab833 + 42e275a commit bf70d3e
Showing 1 changed file with 15 additions and 17 deletions.
32 changes: 15 additions & 17 deletions command/certificate/install.go
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
package certificate

import (
"crypto/x509"
"fmt"
"strings"

"github.com/pkg/errors"
"github.com/urfave/cli"

"github.com/smallstep/certinfo"
"github.com/smallstep/truststore"
"github.com/urfave/cli"
"go.step.sm/cli-utils/command"
"go.step.sm/cli-utils/errs"
"go.step.sm/crypto/pemutil"
Expand Down Expand Up @@ -159,12 +161,12 @@ func installAction(ctx *cli.Context) error {
}

filename := ctx.Args().Get(0)
opts, err := getTruststoreOptions(ctx)
cert, opts, err := getTruststoreOptions(ctx)
if err != nil {
return err
}

if err := truststore.InstallFile(filename, opts...); err != nil {
if err := truststore.Install(cert, opts...); err != nil {
var truststoreErr *truststore.CmdError
if errors.As(err, &truststoreErr) {
return errors.Errorf("failed to execute \"%s\" failed with: %s",
Expand All @@ -175,10 +177,8 @@ func installAction(ctx *cli.Context) error {

fmt.Printf("Certificate %s has been installed.\n", filename)
// Print certificate info (ignore errors)
if cert, err := pemutil.ReadCertificate(filename); err == nil {
if s, err := certinfo.CertificateShortText(cert); err == nil {
fmt.Print(s)
}
if s, err := certinfo.CertificateShortText(cert); err == nil {
fmt.Print(s)
}

return nil
Expand All @@ -190,12 +190,12 @@ func uninstallAction(ctx *cli.Context) error {
}

filename := ctx.Args().Get(0)
opts, err := getTruststoreOptions(ctx)
cert, opts, err := getTruststoreOptions(ctx)
if err != nil {
return err
}

if err := truststore.UninstallFile(filename, opts...); err != nil {
if err := truststore.Uninstall(cert, opts...); err != nil {
var truststoreErr *truststore.CmdError
if errors.As(err, &truststoreErr) {
return errors.Errorf("failed to execute \"%s\" failed with: %s",
Expand All @@ -206,23 +206,21 @@ func uninstallAction(ctx *cli.Context) error {

fmt.Printf("Certificate %s has been removed.\n", filename)
// Print certificate info (ignore errors)
if cert, err := pemutil.ReadCertificate(filename); err == nil {
if s, err := certinfo.CertificateShortText(cert); err == nil {
fmt.Print(s)
}
if s, err := certinfo.CertificateShortText(cert); err == nil {
fmt.Print(s)
}

return nil
}

func getTruststoreOptions(ctx *cli.Context) ([]truststore.Option, error) {
func getTruststoreOptions(ctx *cli.Context) (*x509.Certificate, []truststore.Option, error) {
cert, err := pemutil.ReadCertificate(ctx.Args().Get(0))
if err != nil {
return nil, err
return nil, nil, err
}

if !cert.IsCA || cert.CheckSignatureFrom(cert) != nil {
return nil, errors.Errorf("certificate %s is not a root CA", ctx.Args().Get(0))
return nil, nil, errors.Errorf("certificate %s is not a root CA", ctx.Args().Get(0))
}

prefix := ctx.String("prefix")
Expand Down Expand Up @@ -251,5 +249,5 @@ func getTruststoreOptions(ctx *cli.Context) ([]truststore.Option, error) {
if ctx.Bool("no-system") {
opts = append(opts, truststore.WithNoSystem())
}
return opts, nil
return cert, opts, nil
}

0 comments on commit bf70d3e

Please sign in to comment.