vmm_provision: when private key is on disk, use it!
This commit is contained in:
parent
b3d27d5bb5
commit
b403d11969
|
@ -91,13 +91,18 @@ let sign ?dbname ?certname extensions issuer key csr delta =
|
||||||
|
|
||||||
let priv_key ?(bits = 2048) fn name =
|
let priv_key ?(bits = 2048) fn name =
|
||||||
let open Rresult.R.Infix in
|
let open Rresult.R.Infix in
|
||||||
match fn with
|
let file = match fn with
|
||||||
| None ->
|
| None -> Fpath.(v name + "key")
|
||||||
|
| Some f -> Fpath.v f
|
||||||
|
in
|
||||||
|
Bos.OS.File.exists file >>= function
|
||||||
|
| false ->
|
||||||
|
Logs.info (fun m -> m "creating new RSA key %a" Fpath.pp file) ;
|
||||||
let priv = `RSA (Nocrypto.Rsa.generate bits) in
|
let priv = `RSA (Nocrypto.Rsa.generate bits) in
|
||||||
Bos.OS.File.write ~mode:0o400 Fpath.(v name + "key") (Cstruct.to_string (X509.Encoding.Pem.Private_key.to_pem_cstruct1 priv)) >>= fun () ->
|
Bos.OS.File.write ~mode:0o400 file (Cstruct.to_string (X509.Encoding.Pem.Private_key.to_pem_cstruct1 priv)) >>= fun () ->
|
||||||
Ok priv
|
Ok priv
|
||||||
| Some fn ->
|
| true ->
|
||||||
Bos.OS.File.read (Fpath.v fn) >>= fun s ->
|
Bos.OS.File.read file >>= fun s ->
|
||||||
Ok (X509.Encoding.Pem.Private_key.of_pem_cstruct1 (Cstruct.of_string s))
|
Ok (X509.Encoding.Pem.Private_key.of_pem_cstruct1 (Cstruct.of_string s))
|
||||||
|
|
||||||
open Cmdliner
|
open Cmdliner
|
||||||
|
|
Loading…
Reference in a new issue