smallstep · maraino · Apr 3, 2025 · Apr 15, 2025 · Apr 15, 2025 · Apr 23, 2025
diff --git a/cmd/step/main.go b/cmd/step/main.go
@@ -43,6 +43,7 @@ import (
 	_ "github.com/smallstep/cli/command/oauth"
 	_ "github.com/smallstep/cli/command/path"
 	_ "github.com/smallstep/cli/command/ssh"
+	_ "github.com/smallstep/cli/command/tls"
 )
 
 // Version is set by an LDFLAG at build time representing the git tag or commit

diff --git a/command/certificate/fingerprint.go b/command/certificate/fingerprint.go
@@ -132,7 +132,7 @@ func fingerprintAction(ctx *cli.Context) error {
 		return err
 	}
 
-	switch addr, isURL, err := trimURL(crtFile); {
+	switch addr, isURL, err := utils.TrimURL(crtFile); {
 	case err != nil:
 		return err
 	case isURL:

diff --git a/command/certificate/inspect.go b/command/certificate/inspect.go
@@ -208,7 +208,7 @@ func inspectAction(ctx *cli.Context) error {
 		return errs.IncompatibleFlagWithFlag(ctx, "short", "format "+format)
 	}
 
-	switch addr, isURL, err := trimURL(crtFile); {
+	switch addr, isURL, err := utils.TrimURL(crtFile); {
 	case err != nil:
 		return err
 	case isURL:

diff --git a/command/certificate/lint.go b/command/certificate/lint.go
@@ -13,6 +13,7 @@ import (
 	"github.com/smallstep/zlint"
 
 	"github.com/smallstep/cli/flags"
+	"github.com/smallstep/cli/utils"
 )
 
 func lintCommand() cli.Command {
@@ -103,7 +104,7 @@ func lintAction(ctx *cli.Context) error {
 		insecure   = ctx.Bool("insecure")
 		block      *pem.Block
 	)
-	switch addr, isURL, err := trimURL(crtFile); {
+	switch addr, isURL, err := utils.TrimURL(crtFile); {
 	case err != nil:
 		return err
 	case isURL:

diff --git a/command/certificate/needsRenewal.go b/command/certificate/needsRenewal.go
@@ -15,6 +15,7 @@ import (
 	"go.step.sm/crypto/pemutil"
 
 	"github.com/smallstep/cli/flags"
+	"github.com/smallstep/cli/utils"
 )
 
 const defaultPercentUsedThreshold = 66
@@ -157,7 +158,7 @@ func needsRenewalAction(ctx *cli.Context) error {
 	)
 
 	var certs []*x509.Certificate
-	switch addr, isURL, err := trimURL(certFile); {
+	switch addr, isURL, err := utils.TrimURL(certFile); {
 	case err != nil:
 		return errs.NewExitError(err, 255)
 	case isURL:

diff --git a/command/certificate/remote.go b/command/certificate/remote.go
@@ -4,9 +4,6 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"net"
-	"net/url"
-	"strconv"
-	"strings"
 
 	"github.com/pkg/errors"
 	"go.step.sm/crypto/x509util"
@@ -63,33 +60,3 @@ func getPeerCertificates(addr, serverName, roots string, insecure bool) ([]*x509
 	conn.Close()
 	return conn.ConnectionState().PeerCertificates, nil
 }
-
-// trimURL returns the host[:port] if the input is a URL, otherwise returns an
-// empty string (and 'isURL:false').
-//
-// If the URL is valid and no port is specified, the default port determined
-// by the URL prefix is used.
-//
-// Examples:
-// trimURL("https://smallstep.com/onboarding") -> "smallstep.com:443", true, nil
-// trimURL("https://ca.smallSTEP.com:8080") -> "ca.smallSTEP.com:8080", true, nil
-// trimURL("./certs/root_ca.crt") -> "", false, nil
-// trimURL("hTtPs://sMaLlStEp.cOm") -> "sMaLlStEp.cOm:443", true, nil
-// trimURL("hTtPs://sMaLlStEp.cOm hello") -> "", false, err{"invalid url"}
-func trimURL(ref string) (string, bool, error) {
-	tmp := strings.ToLower(ref)
-	for prefix := range urlPrefixes {
-		if strings.HasPrefix(tmp, prefix) {
-			u, err := url.Parse(ref)
-			if err != nil {
-				return "", false, errors.Wrapf(err, "error parsing URL '%s'", ref)
-			}
-			if _, _, err := net.SplitHostPort(u.Host); err != nil {
-				port := strconv.FormatUint(uint64(urlPrefixes[prefix]), 10)
-				u.Host = net.JoinHostPort(u.Host, port)
-			}
-			return u.Host, true, nil
-		}
-	}
-	return "", false, nil
-}
diff --git a/command/certificate/remote_test.go b/command/certificate/remote_test.go
@@ -8,37 +8,6 @@ import (
 	"github.com/smallstep/assert"
 )
 
-func TestTrimURL(t *testing.T) {
-	type newTest struct {
-		input, host string
-		isURL       bool
-		err         error
-	}
-	tests := map[string]newTest{
-		"true-http":      {"https://smallstep.com", "smallstep.com:443", true, nil},
-		"true-tcp":       {"tcp://smallstep.com:8080", "smallstep.com:8080", true, nil},
-		"true-tls":       {"tls://smallstep.com/onboarding", "smallstep.com:443", true, nil},
-		"false":          {"./certs/root_ca.crt", "", false, nil},
-		"false-err":      {"https://google.com hello", "", false, errors.New("error parsing URL 'https://google.com hello'")},
-		"true-http-case": {"hTtPs://sMaLlStEp.cOm", "sMaLlStEp.cOm:443", true, nil},
-	}
-
-	for name, tc := range tests {
-		t.Run(name, func(t *testing.T) {
-			host, isURL, err := trimURL(tc.input)
-			assert.Equals(t, tc.host, host)
-			assert.Equals(t, tc.isURL, isURL)
-			if err != nil {
-				if assert.NotNil(t, tc.err) {
-					assert.HasPrefix(t, err.Error(), tc.err.Error())
-				}
-			} else {
-				assert.Nil(t, tc.err)
-			}
-		})
-	}
-}
-
 func TestGetPeerCertificateServerName(t *testing.T) {
 	host := "smallstep.com"
 	serverName := host

diff --git a/command/certificate/verify.go b/command/certificate/verify.go
@@ -19,6 +19,7 @@ import (
 
 	"github.com/smallstep/cli/flags"
 	"github.com/smallstep/cli/internal/crlutil"
+	"github.com/smallstep/cli/utils"
 )
 
 func verifyCommand() cli.Command {
@@ -170,7 +171,7 @@ func verifyAction(ctx *cli.Context) error {
 		httpClient       *http.Client
 	)
 
-	switch addr, isURL, err := trimURL(crtFile); {
+	switch addr, isURL, err := utils.TrimURL(crtFile); {
 	case err != nil:
 		return err
 	case isURL: