mirror of
https://github.com/go-acme/lego
synced 2026-03-14 22:45:48 +01:00
90 lines
2.2 KiB
Go
90 lines
2.2 KiB
Go
package cmd
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/go-acme/lego/v5/certcrypto"
|
|
"github.com/go-acme/lego/v5/cmd/internal/storage"
|
|
"github.com/go-acme/lego/v5/lego"
|
|
"github.com/go-acme/lego/v5/log"
|
|
"github.com/urfave/cli/v3"
|
|
)
|
|
|
|
func createRevoke() *cli.Command {
|
|
return &cli.Command{
|
|
Name: "revoke",
|
|
Usage: "Revoke a certificate",
|
|
Action: revoke,
|
|
Flags: createRevokeFlags(),
|
|
}
|
|
}
|
|
|
|
func revoke(ctx context.Context, cmd *cli.Command) error {
|
|
keyType, err := certcrypto.GetKeyType(cmd.String(flgKeyType))
|
|
if err != nil {
|
|
return fmt.Errorf("get the key type: %w", err)
|
|
}
|
|
|
|
accountsStorage, err := storage.NewAccountsStorage(newAccountsStorageConfig(cmd))
|
|
if err != nil {
|
|
return fmt.Errorf("accounts storage initialization: %w", err)
|
|
}
|
|
|
|
account, err := accountsStorage.Get(ctx, keyType, cmd.String(flgEmail), cmd.String(flgAccountID))
|
|
if err != nil {
|
|
return fmt.Errorf("set up account: %w", err)
|
|
}
|
|
|
|
if account.Registration == nil {
|
|
return fmt.Errorf("the account %s is not registered", account.GetID())
|
|
}
|
|
|
|
client, err := newClient(cmd, account, keyType)
|
|
if err != nil {
|
|
return fmt.Errorf("new client: %w", err)
|
|
}
|
|
|
|
certsStorage := storage.NewCertificatesStorage(cmd.String(flgPath))
|
|
|
|
reason := cmd.Uint(flgReason)
|
|
keep := cmd.Bool(flgKeep)
|
|
|
|
for _, certID := range cmd.StringSlice(flgCertName) {
|
|
err := revokeCertificate(ctx, client, certsStorage, certID, reason, keep)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func revokeCertificate(ctx context.Context, client *lego.Client, certsStorage *storage.CertificatesStorage, certID string, reason uint, keep bool) error {
|
|
log.Info("Trying to revoke the certificate.", log.CertNameAttr(certID))
|
|
|
|
certBytes, err := certsStorage.ReadFile(certID, storage.ExtCert)
|
|
if err != nil {
|
|
return fmt.Errorf("certificate reading for domain %s: %w", certID, err)
|
|
}
|
|
|
|
err = client.Certificate.RevokeWithReason(ctx, certBytes, &reason)
|
|
if err != nil {
|
|
return fmt.Errorf("certificate revocation for domain %s: %w", certID, err)
|
|
}
|
|
|
|
log.Info("The certificate has been revoked.", log.CertNameAttr(certID))
|
|
|
|
if keep {
|
|
return nil
|
|
}
|
|
|
|
err = certsStorage.Archive(certID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
log.Info("The certificate has been archived.", log.CertNameAttr(certID))
|
|
|
|
return nil
|
|
}
|