aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--flags.go41
1 files changed, 37 insertions, 4 deletions
diff --git a/flags.go b/flags.go
index ab449bd..600fa02 100644
--- a/flags.go
+++ b/flags.go
@@ -5,6 +5,7 @@ package main
import (
"crypto/elliptic"
+ "crypto/x509"
"encoding/base64"
"encoding/pem"
"fmt"
@@ -26,7 +27,18 @@ const (
)
var (
- EcdsaCurves = []int{224, 256, 384, 521}
+ EcdsaCurves = []int{224, 256, 384, 521}
+ ValidKeyUsages = map[string]x509.KeyUsage{
+ "digitalsignature": x509.KeyUsageDigitalSignature,
+ "contentcommitment": x509.KeyUsageContentCommitment,
+ "keyencipherment": x509.KeyUsageKeyEncipherment,
+ "dataencipherment": x509.KeyUsageDataEncipherment,
+ "keyagreement": x509.KeyUsageKeyAgreement,
+ "certsign": x509.KeyUsageCertSign,
+ "crlsign": x509.KeyUsageCRLSign,
+ "encipheronly": x509.KeyUsageEncipherOnly,
+ "decipheronly": x509.KeyUsageDecipherOnly,
+ }
)
type (
@@ -61,7 +73,8 @@ type (
signRequestPath string // path to the certificate sign request
certificateFlags certiticateRequestRawFlags // container for certificate related flags
signature string // a base64 encoded signature
- certGeneration certGenerationRaw
+ certGeneration certGenerationRaw // all certificate generation flags
+ certificatePath string // path to a certificate
}
privateKeyGenerationFlags struct {
@@ -76,6 +89,8 @@ type (
notAfter string
isCA bool
length int
+ caPath string // path to the ca file if isCA is false
+ keyUsage string // comma separated list of key usages
}
flagCheck func() error
@@ -275,12 +290,17 @@ func InitFlagCert(cmd *Command) {
"time before the certificate is not valid in RFC3339 format (default now)",
)
cmd.Flags().StringVar(
- &flagContainer.certGeneration.
- notAfter,
+ &flagContainer.certGeneration.notAfter,
"not-after",
time.Now().Add(time.Duration(180*24*time.Hour)).Format(time.RFC3339),
"time after which the certificate is not valid in RFC3339 format (default now + 180 days)",
)
+ cmd.Flags().StringVar(
+ &flagContainer.certGeneration.keyUsage,
+ "key-usage",
+ "",
+ "comma separated list of key usages",
+ )
}
// parse the certificate data
@@ -302,6 +322,19 @@ func checkCertFlags() error {
return err
}
}
+ // parse the key usage string
+ if keyUstr := flagContainer.certGeneration.keyUsage; keyUstr != "" {
+ keyUarr := strings.Split(keyUstr, ",")
+ var keyUresult x509.KeyUsage
+ for _, usage := range keyUarr {
+ if value, ok := ValidKeyUsages[strings.ToLower(usage)]; ok {
+ keyUresult = keyUresult | value
+ } else {
+ return fmt.Errorf("unsupported key usage '%s'", usage)
+ }
+ }
+ FlagCertificateGeneration.KeyUsage = keyUresult
+ }
return nil
}