add dns names and ip addresses with tests

2 files changed, 125 insertions, 11 deletions

diff --git a/sign_request.go b/sign_request.go
index db41f5a..7c6381a 100644
--- a/sign_request.go
+++ b/sign_request.go
@@ -8,7 +8,9 @@ import (
   "fmt"
   "flag"
   "io"
+  "net"
   "os"
+  "regexp"
 )
 
 type (
@@ -16,38 +18,41 @@ type (
     PrivateKeyPath string // path to the private key
     Output         string // path where to store the CSR
     BaseAttributes pkix.Name
+    DNSNames       []string // alternative names to the BaseAttributes.CommonName
+    IPAddresses    []net.IP // alternative IP addresses
 
     private_key PrivateKey
-    output_stream io.WriteCloser // the output stream for the CSR
+    output_stream io.Writer // the output stream for the CSR
   }
 )
 
+var (
+  COMMA_SPLIT = regexp.MustCompile(`,[[:space:]]?`)
+)
+
 // create a sign request with a private key
 func create_sign_request() {
   flags := parse_sign_flags()
   flags.private_key = load_private_key(flags.PrivateKeyPath)
 
-  var err error
-  flags.output_stream, err = open_output_stream(flags.Output)
+  stream, err := open_output_stream(flags.Output)
   if err != nil {
     crash_with_help(2, fmt.Sprintf("Error when creating file %s: %s", flags.Output, err))
   }
-  defer flags.output_stream.Close()
+  defer stream.Close()
+  flags.output_stream = stream
 
-  csr_template := &x509.CertificateRequest{
-    Subject: flags.BaseAttributes,
-  }
-  csr_raw, err := x509.CreateCertificateRequest(rand.Reader, csr_template, flags.private_key)
-  if err != nil {
+  if err = create_csr(flags); err != nil {
     fmt.Fprintln(os.Stderr, "Error when generating CSR: ", err)
     os.Exit(3)
   }
-  block := &pem.Block{Type: TypeLabelCSR, Bytes: csr_raw}
-  pem.Encode(flags.output_stream, block)
 }
 
 // parse the flags to create a certificate sign request
 func parse_sign_flags() SignFlags {
+  dns_names := "" // string to hold the alternative names
+  ips       := "" // string to hold the alternative ips
+
   flags := SignFlags{}
   fs := flag.NewFlagSet("create-cert-sign", flag.ExitOnError)
   fs.StringVar(&flags.PrivateKeyPath, "private-key", "", "path to the private key file")
@@ -56,7 +61,32 @@ func parse_sign_flags() SignFlags {
   flags.BaseAttributes = pkix.Name{}
   fs.StringVar(&flags.BaseAttributes.CommonName, "common-name", "", "the name of the resource")
   fs.StringVar(&flags.BaseAttributes.SerialNumber, "serial", "1", "serial number for the request")
+  fs.StringVar(&dns_names, "names", "", "alternative names (comma separated)")
+  fs.StringVar(&ips, "ips", "", "alternative IPs (comma separated)")
 
   fs.Parse(os.Args[2:])
+
+  // convert array flags to config structs
+  flags.DNSNames =  COMMA_SPLIT.Split(dns_names, -1)
+  tmp_ips        := COMMA_SPLIT.Split(ips, -1)
+  for _, sip := range tmp_ips {
+    flags.IPAddresses = append(flags.IPAddresses, net.ParseIP(sip))
+  }
+
   return flags
 }
+
+// generate the csr and print into flags.output_stream
+func create_csr(flags SignFlags) (error) {
+  csr_template := &x509.CertificateRequest{
+    Subject:     flags.BaseAttributes,
+    DNSNames:    flags.DNSNames,
+    IPAddresses: flags.IPAddresses,
+  }
+  csr_raw, err := x509.CreateCertificateRequest(rand.Reader, csr_template, flags.private_key)
+  if err != nil { return err }
+
+  block := &pem.Block{Type: TypeLabelCSR, Bytes: csr_raw}
+  pem.Encode(flags.output_stream, block)
+  return nil
+}
diff --git a/sign_request_test.go b/sign_request_test.go
new file mode 100644
index 0000000..fef7db5
--- /dev/null
+++ b/sign_request_test.go
@@ -0,0 +1,84 @@
+package main
+
+import (
+  "bytes"
+  "crypto/x509"
+  "encoding/pem"
+  "io/ioutil"
+  "net"
+  "testing"
+)
+
+type CSRTest struct {
+  ShouldBe []string
+  Set      func(*SignFlags)
+  Fetch    func(*x509.CertificateRequest) []string
+}
+
+const (
+  RAW_PRIVATE_KEY = `-----BEGIN EC PRIVATE KEY-----
+MIHbAgEBBEFkAEFc5264Yo7Xo+yj3ZwaqdffTphGT3/8Q+pvi4ULmXaFiGoTkR5X
+lKnlRUEp0I4Ra9U7GjLDtFLwTaLzdXuUT6AHBgUrgQQAI6GBiQOBhgAEAdW0usq0
+zEzvhR0u5ZSbOXRzg+TbICZGfOLy9KpKfz6I6suFOAO7f3fwDNOqMfyYUhtenMz7
+T/BKArg+v58UWHrwAb/UeI4l+OMOoMHYtNNO4nAjTdyY8yFSFY5syzKEYIBzUoLM
+VSfuxBk5ZS2J478X1Vxacq03keDeAY43Oc80XBih
+-----END EC PRIVATE KEY-----`
+)
+
+func SetupTest() (*SignFlags, *bytes.Buffer) {
+  p, _ := pem.Decode([]byte(RAW_PRIVATE_KEY))
+  buf := bytes.NewBuffer(make([]byte, 0))
+
+  flags := &SignFlags{
+    private_key: load_private_key_ecdsa(p),
+    output_stream: buf,
+  }
+  return flags, buf
+}
+
+func TestCSRGeneration(t *testing.T) {
+  tests := []CSRTest {
+    {
+      []string{"foo"},
+      func(f *SignFlags) { f.BaseAttributes.CommonName = "foo" },
+      func(c *x509.CertificateRequest) []string { return []string{c.Subject.CommonName} },
+    }, {
+      []string{"foo.com", "bar.com", "baz.com"},
+      func(f *SignFlags) { f.DNSNames = []string{ "foo.com", "bar.com", "baz.com" }},
+      func(c *x509.CertificateRequest) []string { return c.DNSNames },
+    },
+    {
+      []string{"127.0.0.1", "192.168.0.1"},
+      func(f *SignFlags) { f.IPAddresses = []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("192.168.0.1") }},
+      func(c *x509.CertificateRequest) []string {
+        res := make([]string, 0)
+        for _, ip := range c.IPAddresses {
+          res = append(res, ip.String())
+        }
+        return res
+      },
+    },
+  }
+  for _, test := range tests {
+    flags, io := SetupTest()
+    test.Set(flags)
+
+    create_csr(*flags)
+    res, _ := ioutil.ReadAll(io)
+    raw, _ := pem.Decode(res)
+
+    csr, _ := x509.ParseCertificateRequest(raw.Bytes)
+    if !diff(test.ShouldBe, test.Fetch(csr)) {
+      t.Logf("Expected: %v\nbut got: %v", test.ShouldBe, test.Fetch(csr))
+      t.Fail()
+    }
+  }
+}
+
+func diff(a, b []string) bool {
+  if len(a) != len(b) { return false }
+  for i, e := range a {
+    if e != b[i] { return false }
+  }
+  return true
+}