Skip to content

Commit

Permalink
Avoid re-opening kms when importing a certificate
Browse files Browse the repository at this point in the history
  • Loading branch information
maraino committed Sep 27, 2022
1 parent 10d66d8 commit a2b52e5
Showing 1 changed file with 36 additions and 22 deletions.
58 changes: 36 additions & 22 deletions cmd/certificate.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
Expand All @@ -15,6 +15,7 @@ package cmd

import (
"context"
"encoding/pem"
"fmt"
"io/fs"

Expand Down Expand Up @@ -52,43 +53,56 @@ var certificateCmd = &cobra.Command{
kuri = args[0]
}

if certFile != "" {
cert, err := pemutil.ReadCertificate(certFile)
// Read a certificate using the CertFS.
if certFile == "" {
fsys, err := kms.CertFS(context.TODO(), kuri)
if err != nil {
return err
}

km, err := kms.New(context.Background(), apiv1.Options{
URI: kuri,
})
b, err := fs.ReadFile(fsys, args[0])
if err != nil {
return fmt.Errorf("failed to load key manager: %w", err)
}
defer km.Close()

cm, ok := km.(apiv1.CertificateManager)
if !ok {
return fmt.Errorf("%s does not implement a CertificateManager", kuri)
}
if err := cm.StoreCertificate(&apiv1.StoreCertificateRequest{
Name: args[0],
Certificate: cert,
}); err != nil {
return err
}

fmt.Print(string(b))
return nil
}

fsys, err := kms.CertFS(context.TODO(), kuri)
// Import and read certificate using the key manager to avoid opening the kms twice.
cert, err := pemutil.ReadCertificate(certFile)
if err != nil {
return err
}

b, err := fs.ReadFile(fsys, args[0])
km, err := kms.New(context.Background(), apiv1.Options{
URI: kuri,
})
if err != nil {
return err
return fmt.Errorf("failed to load key manager: %w", err)
}
defer km.Close()

fmt.Print(string(b))
cm, ok := km.(apiv1.CertificateManager)
if !ok {
return fmt.Errorf("%s does not implement a CertificateManager", kuri)
}
if err := cm.StoreCertificate(&apiv1.StoreCertificateRequest{
Name: args[0],
Certificate: cert,
}); err != nil {
return err
}
cert, err = cm.LoadCertificate(&apiv1.LoadCertificateRequest{
Name: args[0],
})
if err != nil {
return err
}
fmt.Print(string(pem.EncodeToMemory(&pem.Block{
Type: "CERTIFICATE",
Bytes: cert.Raw,
})))
return nil
},
}
Expand Down

0 comments on commit a2b52e5

Please sign in to comment.