reformat code with gofmt
Yes, I know that this breaks the history search, but it had to be done sooner or later. I also adjusted my editor to follow the guidelines more closely.
This commit is contained in:
parent
bb41ff218a
commit
ba5a59931e
10
command.go
10
command.go
|
@ -2,8 +2,8 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"flag"
|
||||
"fmt"
|
||||
"os"
|
||||
)
|
||||
|
||||
|
@ -51,7 +51,9 @@ func (c *Command) eval(args []string) error {
|
|||
return cmd.eval(rest)
|
||||
}
|
||||
}
|
||||
if err := c.Flags().Parse(args); err != nil { return err }
|
||||
if err := c.Flags().Parse(args); err != nil {
|
||||
return err
|
||||
}
|
||||
if c.Run != nil {
|
||||
c.Run(c, rest)
|
||||
} else {
|
||||
|
@ -83,7 +85,9 @@ func (c *Command) Help(args []string) {
|
|||
}
|
||||
}
|
||||
}
|
||||
if c.Long != "" { fmt.Println(c.Long, "\n") }
|
||||
if c.Long != "" {
|
||||
fmt.Println(c.Long, "\n")
|
||||
}
|
||||
c.Usage()
|
||||
}
|
||||
|
||||
|
|
100
flags.go
100
flags.go
|
@ -78,7 +78,7 @@ type (
|
|||
length int
|
||||
}
|
||||
|
||||
flagCheck func()(error)
|
||||
flagCheck func() error
|
||||
)
|
||||
|
||||
var (
|
||||
|
@ -218,16 +218,22 @@ func InitFlagPrivateKey(cmd *Command) {
|
|||
|
||||
// check the private key flag and load the private key
|
||||
func checkPrivateKey() error {
|
||||
if flagContainer.privateKeyPath == "" { return fmt.Errorf("No private key given!") }
|
||||
if flagContainer.privateKeyPath == "" {
|
||||
return fmt.Errorf("No private key given!")
|
||||
}
|
||||
// check permissions of private key file
|
||||
info, err := os.Stat(flagContainer.privateKeyPath)
|
||||
if err != nil { return fmt.Errorf("Error reading private key: %s", err) }
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error reading private key: %s", err)
|
||||
}
|
||||
if info.Mode().Perm().String()[4:] != "------" {
|
||||
return fmt.Errorf("private key file modifyable by others!")
|
||||
}
|
||||
|
||||
pk, err := ReadPrivateKeyFile(flagContainer.privateKeyPath)
|
||||
if err != nil { return fmt.Errorf("Error reading private key: %s", err) }
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error reading private key: %s", err)
|
||||
}
|
||||
FlagPrivateKey = pk
|
||||
return nil
|
||||
}
|
||||
|
@ -239,10 +245,14 @@ func InitFlagPublicKey(cmd *Command) {
|
|||
|
||||
// parse public key flag
|
||||
func checkPublicKey() error {
|
||||
if flagContainer.publicKeyPath == "" { return fmt.Errorf("No public key given!") }
|
||||
if flagContainer.publicKeyPath == "" {
|
||||
return fmt.Errorf("No public key given!")
|
||||
}
|
||||
|
||||
pu, err := ReadPublicKeyFile(flagContainer.publicKeyPath)
|
||||
if err != nil { return fmt.Errorf("Error reading public key: %s", err) }
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error reading public key: %s", err)
|
||||
}
|
||||
FlagPublicKey = pu
|
||||
return nil
|
||||
}
|
||||
|
@ -282,11 +292,15 @@ func checkCertFlags() error {
|
|||
var err error
|
||||
if notbefore := flagContainer.certGeneration.notBefore; notbefore != "" {
|
||||
FlagCertificateGeneration.NotBefore, err = parseTimeRFC3339(notbefore)
|
||||
if err != nil { return err }
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if notafter := flagContainer.certGeneration.notAfter; notafter != "" {
|
||||
FlagCertificateGeneration.NotAfter, err = parseTimeRFC3339(notafter)
|
||||
if err != nil { return err }
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -303,7 +317,9 @@ func InitFlagCSR(cmd *Command) {
|
|||
// parse the certificate sign request
|
||||
func checkCSR() error {
|
||||
rest, err := ioutil.ReadFile(flagContainer.signRequestPath)
|
||||
if err != nil { return fmt.Errorf("Error reading certificate sign request: %s", err) }
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error reading certificate sign request: %s", err)
|
||||
}
|
||||
|
||||
var csr_asn1 []byte
|
||||
var block *pem.Block
|
||||
|
@ -322,7 +338,9 @@ func checkCSR() error {
|
|||
}
|
||||
|
||||
csr, err := pki.LoadCertificateSignRequest(csr_asn1)
|
||||
if err != nil { return fmt.Errorf("Invalid certificate sign request: %s", err) }
|
||||
if err != nil {
|
||||
return fmt.Errorf("Invalid certificate sign request: %s", err)
|
||||
}
|
||||
FlagCertificateSignRequest = csr
|
||||
return nil
|
||||
}
|
||||
|
@ -343,7 +361,9 @@ func checkOutput() error {
|
|||
os.O_WRONLY|os.O_APPEND|os.O_CREATE, // do not kill users files!
|
||||
0600,
|
||||
)
|
||||
if err != nil { return err }
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -360,7 +380,9 @@ func checkInput() error {
|
|||
}
|
||||
var err error
|
||||
FlagInput, err = os.Open(flagContainer.inputPath)
|
||||
if err != nil { return err }
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -381,11 +403,16 @@ func checkPrivateKeyGeneration() error {
|
|||
switch pk_type {
|
||||
case "ecdsa":
|
||||
switch flagContainer.length {
|
||||
case 224: FlagPrivateKeyGeneration.Curve = elliptic.P224()
|
||||
case 256: FlagPrivateKeyGeneration.Curve = elliptic.P256()
|
||||
case 384: FlagPrivateKeyGeneration.Curve = elliptic.P384()
|
||||
case 521: FlagPrivateKeyGeneration.Curve = elliptic.P521()
|
||||
default: return fmt.Errorf("Curve %d unknown!", flagContainer.length)
|
||||
case 224:
|
||||
FlagPrivateKeyGeneration.Curve = elliptic.P224()
|
||||
case 256:
|
||||
FlagPrivateKeyGeneration.Curve = elliptic.P256()
|
||||
case 384:
|
||||
FlagPrivateKeyGeneration.Curve = elliptic.P384()
|
||||
case 521:
|
||||
FlagPrivateKeyGeneration.Curve = elliptic.P521()
|
||||
default:
|
||||
return fmt.Errorf("Curve %d unknown!", flagContainer.length)
|
||||
}
|
||||
case "rsa":
|
||||
size := flagContainer.length
|
||||
|
@ -394,7 +421,8 @@ func checkPrivateKeyGeneration() error {
|
|||
} else {
|
||||
return fmt.Errorf("Length of %d is not allowed for rsa!", size)
|
||||
}
|
||||
default: return fmt.Errorf("Type %s is unknown!", pk_type)
|
||||
default:
|
||||
return fmt.Errorf("Type %s is unknown!", pk_type)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -408,7 +436,9 @@ func InitFlagSignature(cmd *Command) {
|
|||
func checkSignature() error {
|
||||
var err error
|
||||
FlagSignature, err = base64.StdEncoding.DecodeString(flagContainer.signature)
|
||||
if err != nil { return err }
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -416,40 +446,40 @@ func checkSignature() error {
|
|||
func InitFlagCertificateFields(cmd *Command) {
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certificateFlags.manual.serialNumber,
|
||||
"serial", "1", "unique serial number of the CA");
|
||||
"serial", "1", "unique serial number of the CA")
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certificateFlags.manual.commonName,
|
||||
"common-name", "", "common name of the entity to certify");
|
||||
"common-name", "", "common name of the entity to certify")
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certificateFlags.manual.dnsNames,
|
||||
"dns-names", "", "comma separated list of alternative fqdn entries for the entity");
|
||||
"dns-names", "", "comma separated list of alternative fqdn entries for the entity")
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certificateFlags.manual.emailAddresses,
|
||||
"email-address", "", "comma separated list of alternative email entries for the entity");
|
||||
"email-address", "", "comma separated list of alternative email entries for the entity")
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certificateFlags.manual.ipAddresses,
|
||||
"ip-address", "", "comma separated list of alternative ip entries for the entity");
|
||||
"ip-address", "", "comma separated list of alternative ip entries for the entity")
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certificateFlags.automatic.Country,
|
||||
"country", "", "comma separated list of countries the entitiy resides in");
|
||||
"country", "", "comma separated list of countries the entitiy resides in")
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certificateFlags.automatic.Organization,
|
||||
"organization", "", "comma separated list of organizations the entity belongs to");
|
||||
"organization", "", "comma separated list of organizations the entity belongs to")
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certificateFlags.automatic.OrganizationalUnit,
|
||||
"organization-unit", "", "comma separated list of organization units or departments the entity belongs to");
|
||||
"organization-unit", "", "comma separated list of organization units or departments the entity belongs to")
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certificateFlags.automatic.Locality,
|
||||
"locality", "", "comma separated list of localities or cities the entity resides in");
|
||||
"locality", "", "comma separated list of localities or cities the entity resides in")
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certificateFlags.automatic.Province,
|
||||
"province", "", "comma separated list of provinces the entity resides in");
|
||||
"province", "", "comma separated list of provinces the entity resides in")
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certificateFlags.automatic.StreetAddress,
|
||||
"street-address", "", "comma separated list of street addresses the entity resides in");
|
||||
"street-address", "", "comma separated list of street addresses the entity resides in")
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certificateFlags.automatic.PostalCode,
|
||||
"postal-code", "", "comma separated list of postal codes of the localities");
|
||||
"postal-code", "", "comma separated list of postal codes of the localities")
|
||||
}
|
||||
|
||||
// parse the certificate fields into a raw certificate
|
||||
|
@ -462,7 +492,9 @@ func checkCertificateFields() error {
|
|||
for _, field := range []string{"Country", "Organization", "OrganizationalUnit",
|
||||
"Locality", "Province", "StreetAddress", "PostalCode"} {
|
||||
field_value := container_type.FieldByName(field).String()
|
||||
if field_value == "" { continue }
|
||||
if field_value == "" {
|
||||
continue
|
||||
}
|
||||
target := cert_data_type.FieldByName(field)
|
||||
target.Set(reflect.ValueOf(strings.Split(field_value, ",")))
|
||||
}
|
||||
|
@ -479,7 +511,9 @@ func checkCertificateFields() error {
|
|||
data.EmailAddresses = strings.Split(raw_data.emailAddresses, ",")
|
||||
}
|
||||
|
||||
if raw_data.ipAddresses == "" { return nil }
|
||||
if raw_data.ipAddresses == "" {
|
||||
return nil
|
||||
}
|
||||
raw_ips := strings.Split(raw_data.ipAddresses, ",")
|
||||
data.IPAddresses = make([]net.IP, len(raw_ips))
|
||||
for i, ip := range raw_ips {
|
||||
|
|
8
io.go
8
io.go
|
@ -15,7 +15,9 @@ var (
|
|||
// load a pem section from a file
|
||||
func readSectionFromFile(path, btype string) ([]byte, error) {
|
||||
raw, err := readFile(path)
|
||||
if err != nil { return raw, err }
|
||||
if err != nil {
|
||||
return raw, err
|
||||
}
|
||||
|
||||
return decodeSection(raw, btype)
|
||||
}
|
||||
|
@ -23,7 +25,9 @@ func readSectionFromFile(path, btype string) ([]byte, error) {
|
|||
// read a file completely and report possible errors
|
||||
func readFile(path string) ([]byte, error) {
|
||||
raw, err := ioutil.ReadFile(path)
|
||||
if err != nil { return EmptyByteArray, err }
|
||||
if err != nil {
|
||||
return EmptyByteArray, err
|
||||
}
|
||||
return raw, nil
|
||||
}
|
||||
|
||||
|
|
73
main.go
73
main.go
|
@ -35,15 +35,24 @@ func create_private_key(cmd *Command, args []string) {
|
|||
|
||||
var pk pki.Pemmer
|
||||
switch FlagPrivateKeyGeneration.Type {
|
||||
case "ecdsa": pk, err = pki.NewPrivateKeyEcdsa(FlagPrivateKeyGeneration.Curve)
|
||||
case "rsa": pk, err = pki.NewPrivateKeyRsa(FlagPrivateKeyGeneration.Size)
|
||||
default: crash_with_help(cmd, ErrorInput, "Unknown private key type '%s'", FlagPrivateKeyGeneration.Type)
|
||||
case "ecdsa":
|
||||
pk, err = pki.NewPrivateKeyEcdsa(FlagPrivateKeyGeneration.Curve)
|
||||
case "rsa":
|
||||
pk, err = pki.NewPrivateKeyRsa(FlagPrivateKeyGeneration.Size)
|
||||
default:
|
||||
crash_with_help(cmd, ErrorInput, "Unknown private key type '%s'", FlagPrivateKeyGeneration.Type)
|
||||
}
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error creating private key: %s", err)
|
||||
}
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Error creating private key: %s", err) }
|
||||
marsh_pem, err := pk.MarshalPem()
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err)
|
||||
}
|
||||
_, err = marsh_pem.WriteTo(FlagOutput)
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Error when writing output: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error when writing output: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
// create a public key derived from a private key
|
||||
|
@ -56,9 +65,13 @@ func create_public_key(cmd *Command, args []string) {
|
|||
var pub_key pki.Pemmer
|
||||
pub_key = FlagPrivateKey.Public()
|
||||
marsh_pem, err := pub_key.MarshalPem()
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err)
|
||||
}
|
||||
_, err = marsh_pem.WriteTo(FlagOutput)
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Error when writing output: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error when writing output: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
// sign a message using he private key
|
||||
|
@ -69,11 +82,17 @@ func sign_input(cmd *Command, args []string) {
|
|||
}
|
||||
|
||||
message, err := ioutil.ReadAll(FlagInput)
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Error reading input: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error reading input: %s", err)
|
||||
}
|
||||
signature, err := FlagPrivateKey.Sign(message, crypto.SHA256)
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Could not compute signature: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Could not compute signature: %s", err)
|
||||
}
|
||||
_, err = io.WriteString(FlagOutput, base64.StdEncoding.EncodeToString(signature))
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Could not write to output: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Could not write to output: %s", err)
|
||||
}
|
||||
|
||||
// if we print to stderr, send a final line break to make the output nice
|
||||
if FlagOutput == os.Stdout {
|
||||
|
@ -91,9 +110,13 @@ func verify_input(cmd *Command, args []string) {
|
|||
|
||||
signature := FlagSignature
|
||||
message, err := ioutil.ReadAll(FlagInput)
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Error reading input: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error reading input: %s", err)
|
||||
}
|
||||
valid, err := FlagPublicKey.Verify(message, signature, crypto.SHA256)
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Could not verify message using signature: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Could not verify message using signature: %s", err)
|
||||
}
|
||||
if valid {
|
||||
fmt.Println("valid")
|
||||
os.Exit(0)
|
||||
|
@ -110,11 +133,17 @@ func create_sign_request(cmd *Command, args []string) {
|
|||
}
|
||||
|
||||
csr, err := FlagCertificateRequestData.ToCertificateRequest(FlagPrivateKey)
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Could not create certificate sign request: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Could not create certificate sign request: %s", err)
|
||||
}
|
||||
pem_block, err := csr.MarshalPem()
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err)
|
||||
}
|
||||
_, err = pem_block.WriteTo(FlagOutput)
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Could not write to output: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Could not write to output: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
func create_cert(cmd *Command, args []string) {
|
||||
|
@ -129,11 +158,17 @@ func create_cert(cmd *Command, args []string) {
|
|||
FlagCertificateGeneration,
|
||||
nil,
|
||||
)
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Error generating certificate: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error generating certificate: %s", err)
|
||||
}
|
||||
pem_block, err := cert.MarshalPem()
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err)
|
||||
}
|
||||
_, err = pem_block.WriteTo(FlagOutput)
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Could not write to output: %s", err) }
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Could not write to output: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
// crash and provide a helpful message
|
||||
|
|
|
@ -17,13 +17,17 @@ func ReadPrivateKeyFile(path string) (pki.PrivateKey, error) {
|
|||
raw_pk, err := readSectionFromFile(path, pki.PemLabelEcdsa)
|
||||
if err == nil {
|
||||
pk, err := pki.LoadPrivateKeyEcdsa(raw_pk)
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return pk, nil
|
||||
}
|
||||
raw_pk, err = readSectionFromFile(path, pki.PemLabelRsa)
|
||||
if err == nil {
|
||||
pk, err := pki.LoadPrivateKeyRsa(raw_pk)
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return pk, nil
|
||||
}
|
||||
return nil, ErrNoPKFound
|
||||
|
@ -32,12 +36,18 @@ func ReadPrivateKeyFile(path string) (pki.PrivateKey, error) {
|
|||
// read the public key and try to figure out what kind of key it might be
|
||||
func ReadPublicKeyFile(path string) (pki.PublicKey, error) {
|
||||
raw_pu, err := readSectionFromFile(path, pki.PemLabelPublic)
|
||||
if err != nil { return nil, ErrNoPUFound }
|
||||
if err != nil {
|
||||
return nil, ErrNoPUFound
|
||||
}
|
||||
|
||||
var public pki.PublicKey
|
||||
public, err = pki.LoadPublicKeyEcdsa(raw_pu)
|
||||
if err == nil { return public, nil }
|
||||
if err == nil {
|
||||
return public, nil
|
||||
}
|
||||
public, err = pki.LoadPublicKeyRsa(raw_pu)
|
||||
if err == nil { return public, nil }
|
||||
if err == nil {
|
||||
return public, nil
|
||||
}
|
||||
return nil, ErrUnknownFormat
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue