aboutsummaryrefslogtreecommitdiff
path: root/sign_request.go
diff options
context:
space:
mode:
authorGibheer <gibheer@gmail.com>2015-01-02 11:40:58 +0100
committerGibheer <gibheer@gmail.com>2015-01-02 11:40:58 +0100
commit0a7c8b863bee1572b90ca5d0a037efd1c6bcd54f (patch)
treef8c5c0f9b997a542d1aa6df881203c515572c9ff /sign_request.go
parentdac4b27f74abbd10bb27159cdb970db89c5d2406 (diff)
add dns names and ip addresses with tests
Diffstat (limited to 'sign_request.go')
-rw-r--r--sign_request.go52
1 files changed, 41 insertions, 11 deletions
diff --git a/sign_request.go b/sign_request.go
index db41f5a..7c6381a 100644
--- a/sign_request.go
+++ b/sign_request.go
@@ -8,7 +8,9 @@ import (
"fmt"
"flag"
"io"
+ "net"
"os"
+ "regexp"
)
type (
@@ -16,38 +18,41 @@ type (
PrivateKeyPath string // path to the private key
Output string // path where to store the CSR
BaseAttributes pkix.Name
+ DNSNames []string // alternative names to the BaseAttributes.CommonName
+ IPAddresses []net.IP // alternative IP addresses
private_key PrivateKey
- output_stream io.WriteCloser // the output stream for the CSR
+ output_stream io.Writer // the output stream for the CSR
}
)
+var (
+ COMMA_SPLIT = regexp.MustCompile(`,[[:space:]]?`)
+)
+
// create a sign request with a private key
func create_sign_request() {
flags := parse_sign_flags()
flags.private_key = load_private_key(flags.PrivateKeyPath)
- var err error
- flags.output_stream, err = open_output_stream(flags.Output)
+ stream, err := open_output_stream(flags.Output)
if err != nil {
crash_with_help(2, fmt.Sprintf("Error when creating file %s: %s", flags.Output, err))
}
- defer flags.output_stream.Close()
+ defer stream.Close()
+ flags.output_stream = stream
- csr_template := &x509.CertificateRequest{
- Subject: flags.BaseAttributes,
- }
- csr_raw, err := x509.CreateCertificateRequest(rand.Reader, csr_template, flags.private_key)
- if err != nil {
+ if err = create_csr(flags); err != nil {
fmt.Fprintln(os.Stderr, "Error when generating CSR: ", err)
os.Exit(3)
}
- block := &pem.Block{Type: TypeLabelCSR, Bytes: csr_raw}
- pem.Encode(flags.output_stream, block)
}
// parse the flags to create a certificate sign request
func parse_sign_flags() SignFlags {
+ dns_names := "" // string to hold the alternative names
+ ips := "" // string to hold the alternative ips
+
flags := SignFlags{}
fs := flag.NewFlagSet("create-cert-sign", flag.ExitOnError)
fs.StringVar(&flags.PrivateKeyPath, "private-key", "", "path to the private key file")
@@ -56,7 +61,32 @@ func parse_sign_flags() SignFlags {
flags.BaseAttributes = pkix.Name{}
fs.StringVar(&flags.BaseAttributes.CommonName, "common-name", "", "the name of the resource")
fs.StringVar(&flags.BaseAttributes.SerialNumber, "serial", "1", "serial number for the request")
+ fs.StringVar(&dns_names, "names", "", "alternative names (comma separated)")
+ fs.StringVar(&ips, "ips", "", "alternative IPs (comma separated)")
fs.Parse(os.Args[2:])
+
+ // convert array flags to config structs
+ flags.DNSNames = COMMA_SPLIT.Split(dns_names, -1)
+ tmp_ips := COMMA_SPLIT.Split(ips, -1)
+ for _, sip := range tmp_ips {
+ flags.IPAddresses = append(flags.IPAddresses, net.ParseIP(sip))
+ }
+
return flags
}
+
+// generate the csr and print into flags.output_stream
+func create_csr(flags SignFlags) (error) {
+ csr_template := &x509.CertificateRequest{
+ Subject: flags.BaseAttributes,
+ DNSNames: flags.DNSNames,
+ IPAddresses: flags.IPAddresses,
+ }
+ csr_raw, err := x509.CreateCertificateRequest(rand.Reader, csr_template, flags.private_key)
+ if err != nil { return err }
+
+ block := &pem.Block{Type: TypeLabelCSR, Bytes: csr_raw}
+ pem.Encode(flags.output_stream, block)
+ return nil
+}