pkiadm/cmd/pkiadm/certificate.go

package main

import (
	"encoding/base64"
	"fmt"
	"os"
	"text/tabwriter"
	"time"

	"github.com/gibheer/pkiadm"
	"github.com/pkg/errors"
	flag "github.com/spf13/pflag"
)

func createCertificate(args []string, client *pkiadm.Client) error {
	fs := flag.NewFlagSet("create-cert", flag.ExitOnError)
	fs.Usage = func() {
		fmt.Printf("Usage of %s:\n", "pkiadm create-cert")
		fmt.Println(`
This command creates a new certificate and signes it with the provided CA. If you want to buid your own CA, add the self-sign option and leave the ca option blank.
`)
		fs.PrintDefaults()
	}
	cert := pkiadm.Certificate{}
	fs.StringVar(&cert.ID, "id", "", "set the unique id for the new certificate")
	parseCertificateArgs(fs, args, &cert)

	if err := client.CreateCertificate(cert); err != nil {
		return errors.Wrap(err, "could not create certificate")
	}

	return nil
}
func setCertificate(args []string, client *pkiadm.Client) error {
	fs := flag.NewFlagSet("set-cert", flag.ExitOnError)
	cert := pkiadm.Certificate{}
	fs.StringVar(&cert.ID, "id", "", "set the id of the certificate to change")
	parseCertificateArgs(fs, args, &cert)

	fieldList := []string{}
	for _, field := range []string{"private", "csr", "ca", "serial", "duration", "self-sign"} {
		flag := fs.Lookup(field)
		if flag.Changed {
			fieldList = append(fieldList, field)
		}
	}

	if err := client.SetCertificate(cert, fieldList); err != nil {
		return err
	}
	return nil
}
func parseCertificateArgs(fs *flag.FlagSet, args []string, cert *pkiadm.Certificate) {
	pk := fs.String("private", "", "the private key id to sign the certificate sign request")
	csr := fs.String("csr", "", "the CSR to sign to get the resulting certificate")
	ca := fs.String("ca", "", "the certificate to use to sign the certificate sign request")
	serial := fs.String("serial", "", "the serial generator used to fetch a serial")
	fs.DurationVar(&cert.Duration, "duration", 360*24*time.Hour, "the time the certificate is valid (in h, m, s)") // these are 360 days
	fs.BoolVar(&cert.IsCA, "self-sign", false, "set this to true to create a self signed certificate (for CA usage)")
	fs.Parse(args)

	cert.PrivateKey = pkiadm.ResourceName{*pk, pkiadm.RTPrivateKey}
	cert.CSR = pkiadm.ResourceName{*csr, pkiadm.RTCSR}
	cert.CA = pkiadm.ResourceName{*ca, pkiadm.RTCA}
	cert.Serial = pkiadm.ResourceName{*serial, pkiadm.RTSerial}
}

func deleteCertificate(args []string, client *pkiadm.Client) error {
	fs := flag.NewFlagSet("delete-cert", flag.ExitOnError)
	var id = fs.String("id", "", "set the id of the private key to delete")
	fs.Parse(args)

	if err := client.DeleteCertificate(*id); err != nil {
		return err
	}
	return nil
}
func listCertificate(args []string, client *pkiadm.Client) error {
	fs := flag.NewFlagSet("list-cert", flag.ExitOnError)
	fs.Parse(args)

	certs, err := client.ListCertificate()
	if err != nil {
		return err
	}

	if len(certs) == 0 {
		return nil
	}
	out := tabwriter.NewWriter(os.Stdout, 2, 2, 1, ' ', tabwriter.AlignRight)
	fmt.Fprintf(out, "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t\n", "id", "private", "csr", "ca", "serial", "created", "duration", "self-signed")
	for _, cert := range certs {
		fmt.Fprintf(out, "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%t\t\n", cert.ID, cert.PrivateKey.ID, cert.CSR.ID, cert.CA.ID, cert.Serial.ID, cert.Created, cert.Duration, cert.IsCA)
	}
	out.Flush()

	return nil
}
func showCertificate(args []string, client *pkiadm.Client) error {
	fs := flag.NewFlagSet("show-cert", flag.ExitOnError)
	var id = fs.String("id", "", "set the id of the private key to show")
	fs.Parse(args)

	cert, err := client.ShowCertificate(*id)
	if err != nil {
		return err
	}
	out := tabwriter.NewWriter(os.Stdout, 2, 2, 1, ' ', tabwriter.AlignRight)
	fmt.Fprintf(out, "id:\t%s\n", cert.ID)
	fmt.Fprintf(out, "private:\t%s\n", cert.PrivateKey.ID)
	fmt.Fprintf(out, "csr:\t%s\n", cert.CSR.ID)
	fmt.Fprintf(out, "ca:\t%s\n", cert.CA.ID)
	fmt.Fprintf(out, "serial:\t%s\n", cert.Serial.ID)
	fmt.Fprintf(out, "created:\t%s\n", cert.Created)
	fmt.Fprintf(out, "duration:\t%s\n", cert.Duration)
	fmt.Fprintf(out, "self-signed:\t%t\n", cert.IsCA)
	fmt.Fprintf(out, "checksum:\t%s\n", base64.StdEncoding.EncodeToString(cert.Checksum))
	out.Flush()
	return nil
}