package main import ( "encoding/base64" "fmt" "net" "os" "strings" "text/tabwriter" "github.com/gibheer/pkiadm" "github.com/pkg/errors" flag "github.com/spf13/pflag" ) func createCSR(args []string, client *pkiadm.Client) error { fs := flag.NewFlagSet("create-csr", flag.ExitOnError) fs.Usage = func() { fmt.Printf("Usage of %s:\n", "pkiadm create-csr") fmt.Println(` Create a new certificate sign request. This request can be signed by a CA to create a new certificate. FQDNs, mail addresses and ips can be set multiple times or once as a comma separated list. `) fs.PrintDefaults() } csr := pkiadm.CSR{} fs.StringVar(&csr.ID, "id", "", "set the unique id for the new private key") parseSubject(fs, args, &csr) if err := client.CreateCSR(csr); err != nil { return errors.Wrap(err, "could not create private key") } return nil } func setCSR(args []string, client *pkiadm.Client) error { fs := flag.NewFlagSet("set-csr", flag.ExitOnError) csr := pkiadm.CSR{} fs.StringVar(&csr.ID, "id", "", "set the id of the CSR to adjust") parseSubject(fs, args, &csr) fieldList := []string{} for _, field := range []string{"private-key", "subject", "ip", "fqdn", "mail"} { flag := fs.Lookup(field) if flag.Changed { fieldList = append(fieldList, field) } } if err := client.SetCSR(csr, fieldList); err != nil { return err } return nil } func parseSubject(fs *flag.FlagSet, args []string, csr *pkiadm.CSR) { fs.StringSliceVar(&csr.DNSNames, "fqdn", []string{}, "assign the FQDNs") fs.StringSliceVar(&csr.EmailAddresses, "mail", []string{}, "assign the mail addresses") fs.IPSliceVar(&csr.IPAddresses, "ip", []net.IP{}, "assign the ips") pk := fs.String("private-key", "", "set the id of the private key to sign the request") subject := fs.String("subject", "", "set the id of the subject to use for this request") fs.Parse(args) csr.PrivateKey = pkiadm.ResourceName{*pk, pkiadm.RTPrivateKey} csr.Subject = pkiadm.ResourceName{*subject, pkiadm.RTSubject} } func deleteCSR(args []string, client *pkiadm.Client) error { fs := flag.NewFlagSet("delete-csr", flag.ExitOnError) var id = fs.String("id", "", "set the id of the csr to delete") fs.Parse(args) if err := client.DeleteCSR(*id); err != nil { return err } return nil } func listCSR(args []string, client *pkiadm.Client) error { fs := flag.NewFlagSet("list-csr", flag.ExitOnError) fs.Parse(args) csrs, err := client.ListCSR() if err != nil { return err } if len(csrs) == 0 { return nil } out := tabwriter.NewWriter(os.Stdout, 2, 2, 1, ' ', tabwriter.AlignRight) fmt.Fprintf(out, "%s\t%s\t%s\t%s\t%s\t%s\t\n", "id", "private-key", "subject", "names", "ips", "mails") for _, csr := range csrs { fmt.Fprintf( out, "%s\t%s\t%s\t%d\t%d\t%d\t\n", csr.ID, csr.PrivateKey.ID, csr.Subject.ID, len(csr.DNSNames), len(csr.IPAddresses), len(csr.EmailAddresses), ) } out.Flush() return nil } func showCSR(args []string, client *pkiadm.Client) error { fs := flag.NewFlagSet("show-private", flag.ExitOnError) var id = fs.String("id", "", "set the id of the private key to show") fs.Parse(args) csr, err := client.ShowCSR(*id) if err != nil { return err } ips := []string{} for _, ip := range csr.IPAddresses { ips = append(ips, ip.String()) } out := tabwriter.NewWriter(os.Stdout, 2, 2, 1, ' ', tabwriter.AlignRight) fmt.Fprintf(out, "ID:\t%s\t\n", csr.ID) fmt.Fprintf(out, "private:\t%s\t\n", csr.PrivateKey.ID) fmt.Fprintf(out, "subject:\t%s\t\n", csr.Subject.ID) fmt.Fprintf(out, "fqdn:\t%s\t\n", ReplaceEmpty(strings.Join(csr.DNSNames, ", "))) fmt.Fprintf(out, "ip:\t%s\t\n", ReplaceEmpty(strings.Join(ips, ", "))) fmt.Fprintf(out, "mail:\t%s\t\n", ReplaceEmpty(strings.Join(csr.EmailAddresses, ", "))) fmt.Fprintf(out, "checksum:\t%s\t\n", base64.StdEncoding.EncodeToString(csr.Checksum)) out.Flush() return nil }