gibheer
/
pkictl
0
0
Fork 0
Code

add start and end date to certificates 

This adds the start and end date flags for certificate generation and
also a flag to define, if the resulting certificate should be a CA or
not.
Next step in the implementation is to define the key usages.
This commit is contained in:
Gibheer 2015-03-24 21:21:02 +01:00
parent c69f4de8ce
commit bb41ff218a
2 changed files with 64 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
flags.go
View File

@ -10,10 +10,12 @@ import (
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"math/big"
"net" "net"
"os" "os"
"reflect" "reflect"
"strings" "strings"
"time"
"github.com/gibheer/pki" "github.com/gibheer/pki"
) )
@ -59,6 +61,7 @@ type (
signRequestPath string // path to the certificate sign request signRequestPath string // path to the certificate sign request
certificateFlags certiticateRequestRawFlags // container for certificate related flags certificateFlags certiticateRequestRawFlags // container for certificate related flags
signature string // a base64 encoded signature signature string // a base64 encoded signature
certGeneration certGenerationRaw
} }
privateKeyGenerationFlags struct { privateKeyGenerationFlags struct {
@ -67,6 +70,14 @@ type (
Size int // bitsize for rsa Size int // bitsize for rsa
} }
certGenerationRaw struct {
serial int64
notBefore string
notAfter string
isCA bool
length int
}
flagCheck func()(error) flagCheck func()(error)
) )
@ -144,6 +155,8 @@ certificate requests and certificates and sign/verify messages.`,
FlagCertificateRequestData *pki.CertificateData FlagCertificateRequestData *pki.CertificateData
// the certificate sign request // the certificate sign request
FlagCertificateSignRequest *pki.CertificateRequest FlagCertificateSignRequest *pki.CertificateRequest
// certificate specific creation stuff
FlagCertificateGeneration pki.CertificateOptions
) )
func InitFlags() { func InitFlags() {
@ -179,6 +192,7 @@ func InitFlags() {
// create-certificate // create-certificate
InitFlagPrivateKey(CmdCreateCert) InitFlagPrivateKey(CmdCreateCert)
InitFlagOutput(CmdCreateCert) InitFlagOutput(CmdCreateCert)
InitFlagCert(CmdCreateCert)
InitFlagCSR(CmdCreateCert) InitFlagCSR(CmdCreateCert)
} }
@ -233,6 +247,54 @@ func checkPublicKey() error {
return nil return nil
} }
// add flag to load certificate flags
func InitFlagCert(cmd *Command) {
cmd.Flags().Int64Var(&flagContainer.certGeneration.serial, "serial", 0, "serial number of all certificates")
cmd.Flags().BoolVar(&flagContainer.certGeneration.isCA, "ca", false, "check if the resulting certificate is a ca")
cmd.Flags().IntVar(
&flagContainer.certGeneration.
length,
"length",
0,
"the number of certificates allowed in the chain between this cert and the end certificate",
)
cmd.Flags().StringVar(
&flagContainer.certGeneration.notBefore,
"not-before",
time.Now().Format(time.RFC3339),
"time before the certificate is not valid in RFC3339 format (default now)",
)
cmd.Flags().StringVar(
&flagContainer.certGeneration.
notAfter,
"not-after",
time.Now().Add(time.Duration(180 * 24 * time.Hour)).Format(time.RFC3339),
"time after which the certificate is not valid in RFC3339 format (default now + 180 days)",
)
}
// parse the certificate data
func checkCertFlags() error {
FlagCertificateGeneration.IsCA = flagContainer.certGeneration.isCA
FlagCertificateGeneration.CALength = flagContainer.certGeneration.length
FlagCertificateGeneration.SerialNumber = big.NewInt(flagContainer.certGeneration.serial)
var err error
if notbefore := flagContainer.certGeneration.notBefore; notbefore != "" {
FlagCertificateGeneration.NotBefore, err = parseTimeRFC3339(notbefore)
if err != nil { return err }
}
if notafter := flagContainer.certGeneration.notAfter; notafter != "" {
FlagCertificateGeneration.NotAfter, err = parseTimeRFC3339(notafter)
if err != nil { return err }
}
return nil
}
func parseTimeRFC3339(tr string) (time.Time, error) {
return time.Parse(time.RFC3339, tr)
}
// add flag to load certificate sign request // add flag to load certificate sign request
func InitFlagCSR(cmd *Command) { func InitFlagCSR(cmd *Command) {
cmd.Flags().StringVar(&flagContainer.signRequestPath, "csr-path", "", "path to the certificate sign request") cmd.Flags().StringVar(&flagContainer.signRequestPath, "csr-path", "", "path to the certificate sign request")

7
main.go
View File

@ -6,7 +6,6 @@ import (
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"math/big"
"os" "os"
"github.com/gibheer/pki" "github.com/gibheer/pki"
@ -119,17 +118,15 @@ func create_sign_request(cmd *Command, args []string) {
} }
func create_cert(cmd *Command, args []string) { func create_cert(cmd *Command, args []string) {
err := checkFlags(checkPrivateKey, checkOutput, checkCSR) err := checkFlags(checkPrivateKey, checkOutput, checkCSR, checkCertFlags)
if err != nil { if err != nil {
crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err) crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err)
} }
// TODO implement flags for all certificate options // TODO implement flags for all certificate options
cert_opts := pki.CertificateOptions{}
cert_opts.SerialNumber = big.NewInt(1)
cert, err := FlagCertificateSignRequest.ToCertificate( cert, err := FlagCertificateSignRequest.ToCertificate(
FlagPrivateKey, FlagPrivateKey,
cert_opts, FlagCertificateGeneration,
nil, nil,
) )
if err != nil { crash_with_help(cmd, ErrorProgram, "Error generating certificate: %s", err) } if err != nil { crash_with_help(cmd, ErrorProgram, "Error generating certificate: %s", err) }