fixup! Feature: validate device CA serials for presence before revoking

Reuse the parseCertList to validate CAs Signed-off-by: Volodymyr Khoroz <volodymyr.khoroz@foundries.io>
foundriesio · Nov 10, 2023 · 762be5a · 762be5a
1 parent 065dbb7
commit 762be5a
Showing 1 changed file with 1 addition and 14 deletions.
diff --git a/subcommands/keys/ca_revoke_device_ca.go b/subcommands/keys/ca_revoke_device_ca.go
@@ -9,7 +9,6 @@ import (
 	"fmt"
 	"math/big"
 	"os"
-	"strings"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -145,19 +144,7 @@ func doRevokeDeviceCa(cmd *cobra.Command, args []string) {
 	caList, err := api.FactoryGetCA(factory)
 	subcommands.DieNotNil(err)
 	validSerials := make(map[string]bool, 0)
-	for len(caList.CaCrt) > 0 {
-		block, remaining := pem.Decode([]byte(caList.CaCrt))
-		if block == nil {
-			// could be excessive whitespace
-			caList.CaCrt = strings.TrimSpace(string(remaining))
-			continue
-		}
-		caList.CaCrt = string(remaining)
-		c, err := x509Lib.ParseCertificate(block.Bytes)
-		if err != nil {
-			fmt.Println("WARNING: Failed to parse certificate from server:" + err.Error())
-			continue
-		}
+	for _, c := range parseCertList(caList.CaCrt) {
 		validSerials[c.SerialNumber.Text(10)] = true
 	}
 	for serial := range toRevoke {