From bb41ff218a14b6597607408de6efed37cc8dae40 Mon Sep 17 00:00:00 2001 From: Gibheer Date: Tue, 24 Mar 2015 21:21:02 +0100 Subject: [PATCH] add start and end date to certificates This adds the start and end date flags for certificate generation and also a flag to define, if the resulting certificate should be a CA or not. Next step in the implementation is to define the key usages. --- flags.go | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ main.go | 7 ++----- 2 files changed, 64 insertions(+), 5 deletions(-) diff --git a/flags.go b/flags.go index 2b267b7..d4ed23a 100644 --- a/flags.go +++ b/flags.go @@ -10,10 +10,12 @@ import ( "fmt" "io" "io/ioutil" + "math/big" "net" "os" "reflect" "strings" + "time" "github.com/gibheer/pki" ) @@ -59,6 +61,7 @@ type ( signRequestPath string // path to the certificate sign request certificateFlags certiticateRequestRawFlags // container for certificate related flags signature string // a base64 encoded signature + certGeneration certGenerationRaw } privateKeyGenerationFlags struct { @@ -67,6 +70,14 @@ type ( Size int // bitsize for rsa } + certGenerationRaw struct { + serial int64 + notBefore string + notAfter string + isCA bool + length int + } + flagCheck func()(error) ) @@ -144,6 +155,8 @@ certificate requests and certificates and sign/verify messages.`, FlagCertificateRequestData *pki.CertificateData // the certificate sign request FlagCertificateSignRequest *pki.CertificateRequest + // certificate specific creation stuff + FlagCertificateGeneration pki.CertificateOptions ) func InitFlags() { @@ -179,6 +192,7 @@ func InitFlags() { // create-certificate InitFlagPrivateKey(CmdCreateCert) InitFlagOutput(CmdCreateCert) + InitFlagCert(CmdCreateCert) InitFlagCSR(CmdCreateCert) } @@ -233,6 +247,54 @@ func checkPublicKey() error { return nil } +// add flag to load certificate flags +func InitFlagCert(cmd *Command) { + cmd.Flags().Int64Var(&flagContainer.certGeneration.serial, "serial", 0, "serial number of all certificates") + cmd.Flags().BoolVar(&flagContainer.certGeneration.isCA, "ca", false, "check if the resulting certificate is a ca") + cmd.Flags().IntVar( + &flagContainer.certGeneration. + length, + "length", + 0, + "the number of certificates allowed in the chain between this cert and the end certificate", + ) + cmd.Flags().StringVar( + &flagContainer.certGeneration.notBefore, + "not-before", + time.Now().Format(time.RFC3339), + "time before the certificate is not valid in RFC3339 format (default now)", + ) + cmd.Flags().StringVar( + &flagContainer.certGeneration. + notAfter, + "not-after", + time.Now().Add(time.Duration(180 * 24 * time.Hour)).Format(time.RFC3339), + "time after which the certificate is not valid in RFC3339 format (default now + 180 days)", + ) +} + +// parse the certificate data +func checkCertFlags() error { + FlagCertificateGeneration.IsCA = flagContainer.certGeneration.isCA + FlagCertificateGeneration.CALength = flagContainer.certGeneration.length + FlagCertificateGeneration.SerialNumber = big.NewInt(flagContainer.certGeneration.serial) + + var err error + if notbefore := flagContainer.certGeneration.notBefore; notbefore != "" { + FlagCertificateGeneration.NotBefore, err = parseTimeRFC3339(notbefore) + if err != nil { return err } + } + if notafter := flagContainer.certGeneration.notAfter; notafter != "" { + FlagCertificateGeneration.NotAfter, err = parseTimeRFC3339(notafter) + if err != nil { return err } + } + return nil +} + +func parseTimeRFC3339(tr string) (time.Time, error) { + return time.Parse(time.RFC3339, tr) +} + // add flag to load certificate sign request func InitFlagCSR(cmd *Command) { cmd.Flags().StringVar(&flagContainer.signRequestPath, "csr-path", "", "path to the certificate sign request") diff --git a/main.go b/main.go index ba8ee0a..4d7419c 100644 --- a/main.go +++ b/main.go @@ -6,7 +6,6 @@ import ( "fmt" "io" "io/ioutil" - "math/big" "os" "github.com/gibheer/pki" @@ -119,17 +118,15 @@ func create_sign_request(cmd *Command, args []string) { } func create_cert(cmd *Command, args []string) { - err := checkFlags(checkPrivateKey, checkOutput, checkCSR) + err := checkFlags(checkPrivateKey, checkOutput, checkCSR, checkCertFlags) if err != nil { crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err) } // TODO implement flags for all certificate options - cert_opts := pki.CertificateOptions{} - cert_opts.SerialNumber = big.NewInt(1) cert, err := FlagCertificateSignRequest.ToCertificate( FlagPrivateKey, - cert_opts, + FlagCertificateGeneration, nil, ) if err != nil { crash_with_help(cmd, ErrorProgram, "Error generating certificate: %s", err) }