gibheer
/
pkictl
0
0
Fork 0
Code

add basic key usage flag to certificates

This commit is contained in:
Gibheer 2015-03-30 20:20:58 +02:00
parent ba5a59931e
commit 855fde6d68
1 changed files with 37 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
flags.go
View File

@ -5,6 +5,7 @@ package main
import ( import (
"crypto/elliptic" "crypto/elliptic"
"crypto/x509"
"encoding/base64" "encoding/base64"
"encoding/pem" "encoding/pem"
"fmt" "fmt"
@ -26,7 +27,18 @@ const (
) )
var ( var (
EcdsaCurves = []int{224, 256, 384, 521} EcdsaCurves = []int{224, 256, 384, 521}
ValidKeyUsages = map[string]x509.KeyUsage{
"digitalsignature": x509.KeyUsageDigitalSignature,
"contentcommitment": x509.KeyUsageContentCommitment,
"keyencipherment": x509.KeyUsageKeyEncipherment,
"dataencipherment": x509.KeyUsageDataEncipherment,
"keyagreement": x509.KeyUsageKeyAgreement,
"certsign": x509.KeyUsageCertSign,
"crlsign": x509.KeyUsageCRLSign,
"encipheronly": x509.KeyUsageEncipherOnly,
"decipheronly": x509.KeyUsageDecipherOnly,
}
) )
type ( type (
@ -61,7 +73,8 @@ type (
signRequestPath string // path to the certificate sign request signRequestPath string // path to the certificate sign request
certificateFlags certiticateRequestRawFlags // container for certificate related flags certificateFlags certiticateRequestRawFlags // container for certificate related flags
signature string // a base64 encoded signature signature string // a base64 encoded signature
certGeneration certGenerationRaw certGeneration certGenerationRaw // all certificate generation flags
certificatePath string // path to a certificate
} }
privateKeyGenerationFlags struct { privateKeyGenerationFlags struct {
@ -76,6 +89,8 @@ type (
notAfter string notAfter string
isCA bool isCA bool
length int length int
caPath string // path to the ca file if isCA is false
keyUsage string // comma separated list of key usages
} }
flagCheck func() error flagCheck func() error
@ -275,12 +290,17 @@ func InitFlagCert(cmd *Command) {
"time before the certificate is not valid in RFC3339 format (default now)", "time before the certificate is not valid in RFC3339 format (default now)",
) )
cmd.Flags().StringVar( cmd.Flags().StringVar(
&flagContainer.certGeneration. &flagContainer.certGeneration.notAfter,
notAfter,
"not-after", "not-after",
time.Now().Add(time.Duration(180*24*time.Hour)).Format(time.RFC3339), time.Now().Add(time.Duration(180*24*time.Hour)).Format(time.RFC3339),
"time after which the certificate is not valid in RFC3339 format (default now + 180 days)", "time after which the certificate is not valid in RFC3339 format (default now + 180 days)",
) )
cmd.Flags().StringVar(
&flagContainer.certGeneration.keyUsage,
"key-usage",
"",
"comma separated list of key usages",
)
} }
// parse the certificate data // parse the certificate data
@ -302,6 +322,19 @@ func checkCertFlags() error {
return err return err
} }
} }
// parse the key usage string
if keyUstr := flagContainer.certGeneration.keyUsage; keyUstr != "" {
keyUarr := strings.Split(keyUstr, ",")
var keyUresult x509.KeyUsage
for _, usage := range keyUarr {
if value, ok := ValidKeyUsages[strings.ToLower(usage)]; ok {
keyUresult = keyUresult | value
} else {
return fmt.Errorf("unsupported key usage '%s'", usage)
}
}
FlagCertificateGeneration.KeyUsage = keyUresult
}
return nil return nil
} }