Feature: show disabled device CA certificates in keys ca show

Signed-off-by: Volodymyr Khoroz <volodymyr.khoroz@foundries.io>
foundriesio · Nov 8, 2023 · c4b7d6e · c4b7d6e
1 parent 0817f4d
commit c4b7d6e
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/client/foundries_pki.go b/client/foundries_pki.go
@@ -16,7 +16,8 @@ type CaCerts struct {
 	EstCrt  string `json:"est-tls-crt,omitempty"`
 	TlsCrt  string `json:"tls-crt,omitempty"`
 
-	CaRevokeCrl string `json:"ca-revoke-crl,omitempty"`
+	CaRevokeCrl string   `json:"ca-revoke-crl,omitempty"`
+	CaDisabled  []string `json:"disabled-ca-serials,omitempty"` // readonly
 
 	ChangeMeta ChangeMeta `json:"change-meta"`
 }

diff --git a/subcommands/keys/ca_show.go b/subcommands/keys/ca_show.go
@@ -58,6 +58,7 @@ func doShowCA(cmd *cobra.Command, args []string) {
 			printOneCert(resp.TlsCrt)
 		case justShowCas:
 			printOneCert(resp.CaCrt)
+			printDisabledCas(resp.CaDisabled)
 		default:
 			panic("Unknown flag: " + flag)
 		}
@@ -82,6 +83,7 @@ func doShowCA(cmd *cobra.Command, args []string) {
 	printOneCert(resp.TlsCrt)
 	fmt.Println("\n## Device Authentication Certificate(s)")
 	printOneCert(resp.CaCrt)
+	printDisabledCas(resp.CaDisabled)
 }
 
 func printOneCert(crt string) {
@@ -92,6 +94,15 @@ func printOneCert(crt string) {
 	}
 }
 
+func printDisabledCas(serials []string) {
+	if len(serials) > 0 {
+		fmt.Println("\n## Disabled Device Authentication Certificate Serial(s)")
+		for _, num := range serials {
+			fmt.Println(" - ", num)
+		}
+	}
+}
+
 func keyUsage(val asn1.BitString) string {
 	vals := ""
 	if val.At(0) != 0 {