121 lines
4.1 KiB
Go
121 lines
4.1 KiB
Go
package main
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"os"
|
|
"text/tabwriter"
|
|
"time"
|
|
|
|
"github.com/gibheer/pkiadm"
|
|
"github.com/pkg/errors"
|
|
flag "github.com/spf13/pflag"
|
|
)
|
|
|
|
func createCertificate(args []string, client *pkiadm.Client) error {
|
|
fs := flag.NewFlagSet("create-cert", flag.ExitOnError)
|
|
fs.Usage = func() {
|
|
fmt.Printf("Usage of %s:\n", "pkiadm create-cert")
|
|
fmt.Println(`
|
|
This command creates a new certificate and signes it with the provided CA. If you want to buid your own CA, add the self-sign option and leave the ca option blank.
|
|
`)
|
|
fs.PrintDefaults()
|
|
}
|
|
cert := pkiadm.Certificate{}
|
|
fs.StringVar(&cert.ID, "id", "", "set the unique id for the new certificate")
|
|
parseCertificateArgs(fs, args, &cert)
|
|
|
|
if err := client.CreateCertificate(cert); err != nil {
|
|
return errors.Wrap(err, "could not create certificate")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
func setCertificate(args []string, client *pkiadm.Client) error {
|
|
fs := flag.NewFlagSet("set-cert", flag.ExitOnError)
|
|
cert := pkiadm.Certificate{}
|
|
fs.StringVar(&cert.ID, "id", "", "set the id of the certificate to change")
|
|
parseCertificateArgs(fs, args, &cert)
|
|
|
|
fieldList := []string{}
|
|
for _, field := range []string{"private", "csr", "ca", "serial", "duration", "self-sign"} {
|
|
flag := fs.Lookup(field)
|
|
if flag.Changed {
|
|
fieldList = append(fieldList, field)
|
|
}
|
|
}
|
|
|
|
if err := client.SetCertificate(cert, fieldList); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
func parseCertificateArgs(fs *flag.FlagSet, args []string, cert *pkiadm.Certificate) {
|
|
pk := fs.String("private", "", "the private key id to sign the certificate sign request")
|
|
csr := fs.String("csr", "", "the CSR to sign to get the resulting certificate")
|
|
ca := fs.String("ca", "", "the certificate to use to sign the certificate sign request")
|
|
serial := fs.String("serial", "", "the serial generator used to fetch a serial")
|
|
fs.DurationVar(&cert.Duration, "duration", 360*24*time.Hour, "the time the certificate is valid (in h, m, s)") // these are 360 days
|
|
fs.BoolVar(&cert.IsCA, "self-sign", false, "set this to true to create a self signed certificate (for CA usage)")
|
|
fs.Parse(args)
|
|
|
|
cert.PrivateKey = pkiadm.ResourceName{*pk, pkiadm.RTPrivateKey}
|
|
cert.CSR = pkiadm.ResourceName{*csr, pkiadm.RTCSR}
|
|
cert.CA = pkiadm.ResourceName{*ca, pkiadm.RTCA}
|
|
cert.Serial = pkiadm.ResourceName{*serial, pkiadm.RTSerial}
|
|
}
|
|
|
|
func deleteCertificate(args []string, client *pkiadm.Client) error {
|
|
fs := flag.NewFlagSet("delete-cert", flag.ExitOnError)
|
|
var id = fs.String("id", "", "set the id of the private key to delete")
|
|
fs.Parse(args)
|
|
|
|
if err := client.DeleteCertificate(*id); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
func listCertificate(args []string, client *pkiadm.Client) error {
|
|
fs := flag.NewFlagSet("list-cert", flag.ExitOnError)
|
|
fs.Parse(args)
|
|
|
|
certs, err := client.ListCertificate()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if len(certs) == 0 {
|
|
return nil
|
|
}
|
|
out := tabwriter.NewWriter(os.Stdout, 2, 2, 1, ' ', tabwriter.AlignRight)
|
|
fmt.Fprintf(out, "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t\n", "id", "private", "csr", "ca", "serial", "created", "duration", "self-signed")
|
|
for _, cert := range certs {
|
|
fmt.Fprintf(out, "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%t\t\n", cert.ID, cert.PrivateKey.ID, cert.CSR.ID, cert.CA.ID, cert.Serial.ID, cert.Created, cert.Duration, cert.IsCA)
|
|
}
|
|
out.Flush()
|
|
|
|
return nil
|
|
}
|
|
func showCertificate(args []string, client *pkiadm.Client) error {
|
|
fs := flag.NewFlagSet("show-cert", flag.ExitOnError)
|
|
var id = fs.String("id", "", "set the id of the private key to show")
|
|
fs.Parse(args)
|
|
|
|
cert, err := client.ShowCertificate(*id)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
out := tabwriter.NewWriter(os.Stdout, 2, 2, 1, ' ', tabwriter.AlignRight)
|
|
fmt.Fprintf(out, "id:\t%s\n", cert.ID)
|
|
fmt.Fprintf(out, "private:\t%s\n", cert.PrivateKey.ID)
|
|
fmt.Fprintf(out, "csr:\t%s\n", cert.CSR.ID)
|
|
fmt.Fprintf(out, "ca:\t%s\n", cert.CA.ID)
|
|
fmt.Fprintf(out, "serial:\t%s\n", cert.Serial.ID)
|
|
fmt.Fprintf(out, "created:\t%s\n", cert.Created)
|
|
fmt.Fprintf(out, "duration:\t%s\n", cert.Duration)
|
|
fmt.Fprintf(out, "self-signed:\t%t\n", cert.IsCA)
|
|
fmt.Fprintf(out, "checksum:\t%s\n", base64.StdEncoding.EncodeToString(cert.Checksum))
|
|
out.Flush()
|
|
return nil
|
|
}
|