add start and end date to certificates
This adds the start and end date flags for certificate generation and also a flag to define, if the resulting certificate should be a CA or not. Next step in the implementation is to define the key usages.
This commit is contained in:
parent
c69f4de8ce
commit
bb41ff218a
62
flags.go
62
flags.go
|
@ -10,10 +10,12 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
"math/big"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"reflect"
|
"reflect"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/gibheer/pki"
|
"github.com/gibheer/pki"
|
||||||
)
|
)
|
||||||
|
@ -59,6 +61,7 @@ type (
|
||||||
signRequestPath string // path to the certificate sign request
|
signRequestPath string // path to the certificate sign request
|
||||||
certificateFlags certiticateRequestRawFlags // container for certificate related flags
|
certificateFlags certiticateRequestRawFlags // container for certificate related flags
|
||||||
signature string // a base64 encoded signature
|
signature string // a base64 encoded signature
|
||||||
|
certGeneration certGenerationRaw
|
||||||
}
|
}
|
||||||
|
|
||||||
privateKeyGenerationFlags struct {
|
privateKeyGenerationFlags struct {
|
||||||
|
@ -67,6 +70,14 @@ type (
|
||||||
Size int // bitsize for rsa
|
Size int // bitsize for rsa
|
||||||
}
|
}
|
||||||
|
|
||||||
|
certGenerationRaw struct {
|
||||||
|
serial int64
|
||||||
|
notBefore string
|
||||||
|
notAfter string
|
||||||
|
isCA bool
|
||||||
|
length int
|
||||||
|
}
|
||||||
|
|
||||||
flagCheck func()(error)
|
flagCheck func()(error)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -144,6 +155,8 @@ certificate requests and certificates and sign/verify messages.`,
|
||||||
FlagCertificateRequestData *pki.CertificateData
|
FlagCertificateRequestData *pki.CertificateData
|
||||||
// the certificate sign request
|
// the certificate sign request
|
||||||
FlagCertificateSignRequest *pki.CertificateRequest
|
FlagCertificateSignRequest *pki.CertificateRequest
|
||||||
|
// certificate specific creation stuff
|
||||||
|
FlagCertificateGeneration pki.CertificateOptions
|
||||||
)
|
)
|
||||||
|
|
||||||
func InitFlags() {
|
func InitFlags() {
|
||||||
|
@ -179,6 +192,7 @@ func InitFlags() {
|
||||||
// create-certificate
|
// create-certificate
|
||||||
InitFlagPrivateKey(CmdCreateCert)
|
InitFlagPrivateKey(CmdCreateCert)
|
||||||
InitFlagOutput(CmdCreateCert)
|
InitFlagOutput(CmdCreateCert)
|
||||||
|
InitFlagCert(CmdCreateCert)
|
||||||
InitFlagCSR(CmdCreateCert)
|
InitFlagCSR(CmdCreateCert)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -233,6 +247,54 @@ func checkPublicKey() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// add flag to load certificate flags
|
||||||
|
func InitFlagCert(cmd *Command) {
|
||||||
|
cmd.Flags().Int64Var(&flagContainer.certGeneration.serial, "serial", 0, "serial number of all certificates")
|
||||||
|
cmd.Flags().BoolVar(&flagContainer.certGeneration.isCA, "ca", false, "check if the resulting certificate is a ca")
|
||||||
|
cmd.Flags().IntVar(
|
||||||
|
&flagContainer.certGeneration.
|
||||||
|
length,
|
||||||
|
"length",
|
||||||
|
0,
|
||||||
|
"the number of certificates allowed in the chain between this cert and the end certificate",
|
||||||
|
)
|
||||||
|
cmd.Flags().StringVar(
|
||||||
|
&flagContainer.certGeneration.notBefore,
|
||||||
|
"not-before",
|
||||||
|
time.Now().Format(time.RFC3339),
|
||||||
|
"time before the certificate is not valid in RFC3339 format (default now)",
|
||||||
|
)
|
||||||
|
cmd.Flags().StringVar(
|
||||||
|
&flagContainer.certGeneration.
|
||||||
|
notAfter,
|
||||||
|
"not-after",
|
||||||
|
time.Now().Add(time.Duration(180 * 24 * time.Hour)).Format(time.RFC3339),
|
||||||
|
"time after which the certificate is not valid in RFC3339 format (default now + 180 days)",
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
// parse the certificate data
|
||||||
|
func checkCertFlags() error {
|
||||||
|
FlagCertificateGeneration.IsCA = flagContainer.certGeneration.isCA
|
||||||
|
FlagCertificateGeneration.CALength = flagContainer.certGeneration.length
|
||||||
|
FlagCertificateGeneration.SerialNumber = big.NewInt(flagContainer.certGeneration.serial)
|
||||||
|
|
||||||
|
var err error
|
||||||
|
if notbefore := flagContainer.certGeneration.notBefore; notbefore != "" {
|
||||||
|
FlagCertificateGeneration.NotBefore, err = parseTimeRFC3339(notbefore)
|
||||||
|
if err != nil { return err }
|
||||||
|
}
|
||||||
|
if notafter := flagContainer.certGeneration.notAfter; notafter != "" {
|
||||||
|
FlagCertificateGeneration.NotAfter, err = parseTimeRFC3339(notafter)
|
||||||
|
if err != nil { return err }
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func parseTimeRFC3339(tr string) (time.Time, error) {
|
||||||
|
return time.Parse(time.RFC3339, tr)
|
||||||
|
}
|
||||||
|
|
||||||
// add flag to load certificate sign request
|
// add flag to load certificate sign request
|
||||||
func InitFlagCSR(cmd *Command) {
|
func InitFlagCSR(cmd *Command) {
|
||||||
cmd.Flags().StringVar(&flagContainer.signRequestPath, "csr-path", "", "path to the certificate sign request")
|
cmd.Flags().StringVar(&flagContainer.signRequestPath, "csr-path", "", "path to the certificate sign request")
|
||||||
|
|
7
main.go
7
main.go
|
@ -6,7 +6,6 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"math/big"
|
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/gibheer/pki"
|
"github.com/gibheer/pki"
|
||||||
|
@ -119,17 +118,15 @@ func create_sign_request(cmd *Command, args []string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func create_cert(cmd *Command, args []string) {
|
func create_cert(cmd *Command, args []string) {
|
||||||
err := checkFlags(checkPrivateKey, checkOutput, checkCSR)
|
err := checkFlags(checkPrivateKey, checkOutput, checkCSR, checkCertFlags)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err)
|
crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO implement flags for all certificate options
|
// TODO implement flags for all certificate options
|
||||||
cert_opts := pki.CertificateOptions{}
|
|
||||||
cert_opts.SerialNumber = big.NewInt(1)
|
|
||||||
cert, err := FlagCertificateSignRequest.ToCertificate(
|
cert, err := FlagCertificateSignRequest.ToCertificate(
|
||||||
FlagPrivateKey,
|
FlagPrivateKey,
|
||||||
cert_opts,
|
FlagCertificateGeneration,
|
||||||
nil,
|
nil,
|
||||||
)
|
)
|
||||||
if err != nil { crash_with_help(cmd, ErrorProgram, "Error generating certificate: %s", err) }
|
if err != nil { crash_with_help(cmd, ErrorProgram, "Error generating certificate: %s", err) }
|
||||||
|
|
Loading…
Reference in New Issue