add start and end date to certificates

This adds the start and end date flags for certificate generation and also a flag to define, if the resulting certificate should be a CA or not. Next step in the implementation is to define the key usages.
author: Gibheer <gibheer@gmail.com> 2015-03-24 21:21:02 +0100
committer: Gibheer <gibheer@gmail.com> 2015-03-24 21:21:02 +0100
commit: bb41ff218a14b6597607408de6efed37cc8dae40 (patch)
tree: 5214673ba18b66644f1b160149ae1c19e4d00f2f
parent: c69f4de8ce0ada8c99df1543039f188f845cf342 (diff)
2 files changed, 64 insertions, 5 deletions
diff --git a/flags.go b/flags.go
index 2b267b7..d4ed23a 100644
--- a/flags.go
+++ b/flags.go
@@ -10,10 +10,12 @@ import (
   "fmt"
   "io"
   "io/ioutil"
+  "math/big"
   "net"
   "os"
   "reflect"
   "strings"
+  "time"
 
   "github.com/gibheer/pki"
 )
@@ -59,6 +61,7 @@ type (
     signRequestPath  string // path to the certificate sign request
     certificateFlags certiticateRequestRawFlags // container for certificate related flags
     signature        string // a base64 encoded signature
+    certGeneration   certGenerationRaw
   }
 
   privateKeyGenerationFlags struct {
@@ -67,6 +70,14 @@ type (
     Size  int            // bitsize for rsa
   }
 
+  certGenerationRaw struct {
+    serial    int64
+    notBefore string
+    notAfter  string
+    isCA      bool
+    length    int
+  }
+
   flagCheck func()(error)
 )
 
@@ -144,6 +155,8 @@ certificate requests and certificates and sign/verify messages.`,
   FlagCertificateRequestData *pki.CertificateData
   // the certificate sign request
   FlagCertificateSignRequest *pki.CertificateRequest
+  // certificate specific creation stuff
+  FlagCertificateGeneration pki.CertificateOptions
 )
 
 func InitFlags() {
@@ -179,6 +192,7 @@ func InitFlags() {
   // create-certificate
   InitFlagPrivateKey(CmdCreateCert)
   InitFlagOutput(CmdCreateCert)
+  InitFlagCert(CmdCreateCert)
   InitFlagCSR(CmdCreateCert)
 }
 
@@ -233,6 +247,54 @@ func checkPublicKey() error {
   return nil
 }
 
+// add flag to load certificate flags
+func InitFlagCert(cmd *Command) {
+  cmd.Flags().Int64Var(&flagContainer.certGeneration.serial, "serial", 0, "serial number of all certificates")
+  cmd.Flags().BoolVar(&flagContainer.certGeneration.isCA, "ca", false, "check if the resulting certificate is a ca")
+  cmd.Flags().IntVar(
+    &flagContainer.certGeneration.
+    length,
+    "length",
+    0,
+    "the number of certificates allowed in the chain between this cert and the end certificate",
+  )
+  cmd.Flags().StringVar(
+    &flagContainer.certGeneration.notBefore,
+    "not-before",
+    time.Now().Format(time.RFC3339),
+    "time before the certificate is not valid in RFC3339 format (default now)",
+  )
+  cmd.Flags().StringVar(
+    &flagContainer.certGeneration.
+    notAfter,
+    "not-after",
+    time.Now().Add(time.Duration(180 * 24 * time.Hour)).Format(time.RFC3339),
+    "time after which the certificate is not valid in RFC3339 format (default now + 180 days)",
+  )
+}
+
+// parse the certificate data
+func checkCertFlags() error {
+  FlagCertificateGeneration.IsCA = flagContainer.certGeneration.isCA
+  FlagCertificateGeneration.CALength = flagContainer.certGeneration.length
+  FlagCertificateGeneration.SerialNumber = big.NewInt(flagContainer.certGeneration.serial)
+
+  var err error
+  if notbefore := flagContainer.certGeneration.notBefore; notbefore != "" {
+    FlagCertificateGeneration.NotBefore, err = parseTimeRFC3339(notbefore)
+    if err != nil { return err }
+  }
+  if notafter := flagContainer.certGeneration.notAfter; notafter != "" {
+    FlagCertificateGeneration.NotAfter, err = parseTimeRFC3339(notafter)
+    if err != nil { return err }
+  }
+  return nil
+}
+
+func parseTimeRFC3339(tr string) (time.Time, error) {
+  return time.Parse(time.RFC3339, tr)
+}
+
 // add flag to load certificate sign request
 func InitFlagCSR(cmd *Command) {
   cmd.Flags().StringVar(&flagContainer.signRequestPath, "csr-path", "", "path to the certificate sign request")
diff --git a/main.go b/main.go
index ba8ee0a..4d7419c 100644
--- a/main.go
+++ b/main.go
@@ -6,7 +6,6 @@ import (
   "fmt"
   "io"
   "io/ioutil"
-  "math/big"
   "os"
 
   "github.com/gibheer/pki"
@@ -119,17 +118,15 @@ func create_sign_request(cmd *Command, args []string) {
 }
 
 func create_cert(cmd *Command, args []string) {
-  err := checkFlags(checkPrivateKey, checkOutput, checkCSR)
+  err := checkFlags(checkPrivateKey, checkOutput, checkCSR, checkCertFlags)
   if err != nil {
     crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err)
   }
 
   // TODO implement flags for all certificate options
-  cert_opts := pki.CertificateOptions{}
-  cert_opts.SerialNumber = big.NewInt(1)
   cert, err := FlagCertificateSignRequest.ToCertificate(
     FlagPrivateKey,
-    cert_opts,
+    FlagCertificateGeneration,
     nil,
   )
   if err != nil { crash_with_help(cmd, ErrorProgram, "Error generating certificate: %s", err) }
author	Gibheer <gibheer@gmail.com>	2015-03-24 21:21:02 +0100
committer	Gibheer <gibheer@gmail.com>	2015-03-24 21:21:02 +0100
commit	bb41ff218a14b6597607408de6efed37cc8dae40 (patch)
tree	5214673ba18b66644f1b160149ae1c19e4d00f2f
parent	c69f4de8ce0ada8c99df1543039f188f845cf342 (diff)