add start and end date to certificates
This adds the start and end date flags for certificate generation and also a flag to define, if the resulting certificate should be a CA or not. Next step in the implementation is to define the key usages.
This commit is contained in:
Gibheer
parent
c69f4de8ce
commit
bb41ff218a
62
flags.go
62
flags.go
|
|
@ -10,10 +10,12 @@ import (
|
|||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"math/big"
|
||||
"net"
|
||||
"os"
|
||||
"reflect"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/gibheer/pki"
|
||||
)
|
||||
|
|
@ -59,6 +61,7 @@ type (
|
|||
signRequestPath string // path to the certificate sign request
|
||||
certificateFlags certiticateRequestRawFlags // container for certificate related flags
|
||||
signature string // a base64 encoded signature
|
||||
certGeneration certGenerationRaw
|
||||
}
|
||||
|
||||
privateKeyGenerationFlags struct {
|
||||
|
|
@ -67,6 +70,14 @@ type (
|
|||
Size int // bitsize for rsa
|
||||
}
|
||||
|
||||
certGenerationRaw struct {
|
||||
serial int64
|
||||
notBefore string
|
||||
notAfter string
|
||||
isCA bool
|
||||
length int
|
||||
}
|
||||
|
||||
flagCheck func()(error)
|
||||
)
|
||||
|
||||
|
|
@ -144,6 +155,8 @@ certificate requests and certificates and sign/verify messages.`,
|
|||
FlagCertificateRequestData *pki.CertificateData
|
||||
// the certificate sign request
|
||||
FlagCertificateSignRequest *pki.CertificateRequest
|
||||
// certificate specific creation stuff
|
||||
FlagCertificateGeneration pki.CertificateOptions
|
||||
)
|
||||
|
||||
func InitFlags() {
|
||||
|
|
@ -179,6 +192,7 @@ func InitFlags() {
|
|||
// create-certificate
|
||||
InitFlagPrivateKey(CmdCreateCert)
|
||||
InitFlagOutput(CmdCreateCert)
|
||||
InitFlagCert(CmdCreateCert)
|
||||
InitFlagCSR(CmdCreateCert)
|
||||
}
|
||||
|
||||
|
|
@ -233,6 +247,54 @@ func checkPublicKey() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// add flag to load certificate flags
|
||||
func InitFlagCert(cmd *Command) {
|
||||
cmd.Flags().Int64Var(&flagContainer.certGeneration.serial, "serial", 0, "serial number of all certificates")
|
||||
cmd.Flags().BoolVar(&flagContainer.certGeneration.isCA, "ca", false, "check if the resulting certificate is a ca")
|
||||
cmd.Flags().IntVar(
|
||||
&flagContainer.certGeneration.
|
||||
length,
|
||||
"length",
|
||||
0,
|
||||
"the number of certificates allowed in the chain between this cert and the end certificate",
|
||||
)
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certGeneration.notBefore,
|
||||
"not-before",
|
||||
time.Now().Format(time.RFC3339),
|
||||
"time before the certificate is not valid in RFC3339 format (default now)",
|
||||
)
|
||||
cmd.Flags().StringVar(
|
||||
&flagContainer.certGeneration.
|
||||
notAfter,
|
||||
"not-after",
|
||||
time.Now().Add(time.Duration(180 * 24 * time.Hour)).Format(time.RFC3339),
|
||||
"time after which the certificate is not valid in RFC3339 format (default now + 180 days)",
|
||||
)
|
||||
}
|
||||
|
||||
// parse the certificate data
|
||||
func checkCertFlags() error {
|
||||
FlagCertificateGeneration.IsCA = flagContainer.certGeneration.isCA
|
||||
FlagCertificateGeneration.CALength = flagContainer.certGeneration.length
|
||||
FlagCertificateGeneration.SerialNumber = big.NewInt(flagContainer.certGeneration.serial)
|
||||
|
||||
var err error
|
||||
if notbefore := flagContainer.certGeneration.notBefore; notbefore != "" {
|
||||
FlagCertificateGeneration.NotBefore, err = parseTimeRFC3339(notbefore)
|
||||
if err != nil { return err }
|
||||
}
|
||||
if notafter := flagContainer.certGeneration.notAfter; notafter != "" {
|
||||
FlagCertificateGeneration.NotAfter, err = parseTimeRFC3339(notafter)
|
||||
if err != nil { return err }
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func parseTimeRFC3339(tr string) (time.Time, error) {
|
||||
return time.Parse(time.RFC3339, tr)
|
||||
}
|
||||
|
||||
// add flag to load certificate sign request
|
||||
func InitFlagCSR(cmd *Command) {
|
||||
cmd.Flags().StringVar(&flagContainer.signRequestPath, "csr-path", "", "path to the certificate sign request")
|
||||
|
|
|
|||
7
main.go
7
main.go
|
|
@ -6,7 +6,6 @@ import (
|
|||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"math/big"
|
||||
"os"
|
||||
|
||||
"github.com/gibheer/pki"
|
||||
|
|
@ -119,17 +118,15 @@ func create_sign_request(cmd *Command, args []string) {
|
|||
}
|
||||
|
||||
func create_cert(cmd *Command, args []string) {
|
||||
err := checkFlags(checkPrivateKey, checkOutput, checkCSR)
|
||||
err := checkFlags(checkPrivateKey, checkOutput, checkCSR, checkCertFlags)
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err)
|
||||
}
|
||||
|
||||
// TODO implement flags for all certificate options
|
||||
cert_opts := pki.CertificateOptions{}
|
||||
cert_opts.SerialNumber = big.NewInt(1)
|
||||
cert, err := FlagCertificateSignRequest.ToCertificate(
|
||||
FlagPrivateKey,
|
||||
cert_opts,
|
||||
FlagCertificateGeneration,
|
||||
nil,
|
||||
)
|
||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Error generating certificate: %s", err) }
|
||||
|
|
|
|||
Loading…
Reference in New Issue