package main
import (
"crypto"
"encoding/base64"
"fmt"
"io"
"io/ioutil"
"math/big"
"os"
"path/filepath"
"github.com/gibheer/pki"
)
var (
EmptyByteArray = make([]byte, 0)
)
func main() {
if len(os.Args) == 1 {
crash_with_help(1, "No module selected!")
}
switch os.Args[1] {
case "create-private": create_private_key()
case "create-public": create_public_key()
case "sign-input": sign_input()
case "verify-signature": verify_input()
case "create-cert-sign": create_sign_request()
case "create-cert": create_cert()
case "help": print_modules()
case "--help": print_modules()
// case "info": info_on_file()
default: crash_with_help(1, "Command not supported!")
}
}
// create a private key
func create_private_key() {
fs := NewFlags("create-private")
fs.AddOutput()
fs.AddPrivateKeyGenerationFlags()
err := fs.Parse(program_args())
if err != nil { os.Exit(2) }
var pk pki.Pemmer
switch fs.Flags.PrivateKeyGenerationFlags.Type {
case "ecdsa": pk, err = pki.NewPrivateKeyEcdsa(fs.Flags.PrivateKeyGenerationFlags.Curve)
case "rsa": pk, err = pki.NewPrivateKeyRsa(fs.Flags.PrivateKeyGenerationFlags.Size)
}
if err != nil { os.Exit(2) }
marsh_pem, err := pk.MarshalPem()
if err != nil { os.Exit(2) }
_, err = marsh_pem.WriteTo(fs.Flags.Output)
if err != nil { os.Exit(2) }
}
// create a public key derived from a private key
func create_public_key() {
fs := NewFlags("create-public")
fs.AddPrivateKey()
fs.AddOutput()
err := fs.Parse(program_args())
if err != nil { os.Exit(2) }
var pub_key pki.Pemmer
pub_key = fs.Flags.PrivateKey.Public()
marsh_pem, err := pub_key.MarshalPem()
if err != nil { os.Exit(2) }
_, err = marsh_pem.WriteTo(fs.Flags.Output)
if err != nil { os.Exit(2) }
}
// sign a message using he private key
func sign_input() {
fs := NewFlags("sign-input")
fs.AddPrivateKey()
fs.AddInput()
fs.AddOutput()
err := fs.Parse(program_args())
if err != nil { os.Exit(2) }
message, err := ioutil.ReadAll(fs.Flags.Input)
if err != nil { crash_with_help(2, "Error reading input: %s", err) }
signature, err := fs.Flags.PrivateKey.Sign(message, crypto.SHA256)
if err != nil { crash_with_help(2, "Could not compute signature: %s", err) }
_, err = io.WriteString(fs.Flags.Output, base64.StdEncoding.EncodeToString(signature))
if err != nil { crash_with_help(2, "Could not write to output: %s", err) }
// if we print to stderr, send a final line break to make the output nice
if fs.Flags.Output == os.Stdout {
// we can ignore the result, as either Stdout did work or not
_, _ = io.WriteString(fs.Flags.Output, "\n")
}
}
// verify a message using a signature and a public key
func verify_input() {
fs := NewFlags("sign-input")
fs.AddPublicKey()
fs.AddInput()
fs.AddOutput()
fs.AddSignature()
err := fs.Parse(program_args())
if err != nil { os.Exit(2) }
signature := fs.Flags.Signature
message, err := ioutil.ReadAll(fs.Flags.Input)
if err != nil { crash_with_help(2, "Error reading input: %s", err) }
valid, err := fs.Flags.PublicKey.Verify(message, signature, crypto.SHA256)
if err != nil { crash_with_help(2, "Could not verify message with signature: %s", err) }
if valid {
fmt.Println("valid")
os.Exit(0)
}
fmt.Println("invalid")
os.Exit(1)
}
// create a certificate sign request
func create_sign_request() {
fs := NewFlags("create-cert-sign")
fs.AddPrivateKey()
fs.AddOutput()
fs.AddCertificateFields()
fs.Parse(program_args())
csr, err := fs.Flags.CertificateData.ToCertificateRequest(fs.Flags.PrivateKey)
if err != nil { crash_with_help(2, "Could not create certificate sign request: %s", err) }
pem_block, err := csr.MarshalPem()
if err != nil { crash_with_help(2, "Could not covnert to pem: %s", err) }
_, err = pem_block.WriteTo(fs.Flags.Output)
if err != nil { crash_with_help(2, "Encoding didn't work: %s", err) }
}
func create_cert() {
fs := NewFlags("create-cert")
fs.AddPrivateKey()
fs.AddCSR()
fs.AddOutput()
fs.Parse(program_args())
// TODO implement flags for all certificate options
cert_opts := pki.CertificateOptions{}
cert_opts.SerialNumber = big.NewInt(1)
cert, err := fs.Flags.CertificateSignRequest.ToCertificate(
fs.Flags.PrivateKey,
cert_opts,
nil,
)
if err != nil { crash_with_help(2, "Error generating certificate: %s", err) }
pem_block, err := cert.MarshalPem()
if err != nil { crash_with_help(2, "Error converting to pem: %s", err) }
_, err = pem_block.WriteTo(fs.Flags.Output)
if err != nil { crash_with_help(2, "Output didn't work: %s", err) }
}
// print the module help
func print_modules() {
fmt.Printf(`Usage: %s command args
where 'command' is one of:
create-private create a new private key
create-public create a public key from a private one
sign-input sign a message with a private key
verify-signature verify a signature
create-cert-sign create a new certificate sign request
create-cert sign a certificate request
help show this help
info get info on a file
`, filepath.Base(os.Args[0]))
fmt.Println()
}
// crash and provide a helpful message
func crash_with_help(code int, message string, args ...interface{}) {
fmt.Fprintf(os.Stderr, message + "\n", args...)
print_modules()
os.Exit(code)
}
// return the arguments to the program
func program_args() []string {
return os.Args[2:]
}
