From 5d47f05d87479d593e5ff5083988a009a49757cd Mon Sep 17 00:00:00 2001 From: Gibheer Date: Wed, 4 Feb 2015 22:04:17 +0100 Subject: rename files to reflect main function --- create_sign_request.go | 116 ++++++++++++++++++++++++++++++++++++++++++++ create_sign_request_test.go | 84 ++++++++++++++++++++++++++++++++ sign_request.go | 116 -------------------------------------------- sign_request_test.go | 84 -------------------------------- 4 files changed, 200 insertions(+), 200 deletions(-) create mode 100644 create_sign_request.go create mode 100644 create_sign_request_test.go delete mode 100644 sign_request.go delete mode 100644 sign_request_test.go diff --git a/create_sign_request.go b/create_sign_request.go new file mode 100644 index 0000000..dfb9f9f --- /dev/null +++ b/create_sign_request.go @@ -0,0 +1,116 @@ +package main + +import ( + "crypto" + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "fmt" + "flag" + "io" + "net" + "os" + "reflect" + "regexp" +) + +type ( + SignFlags struct { + PrivateKeyPath string // path to the private key + Output string // path where to store the CSR + BaseAttributes pkix.Name + DNSNames []string // alternative names to the BaseAttributes.CommonName + IPAddresses []net.IP // alternative IP addresses + + private_key crypto.Signer + output_stream io.Writer // the output stream for the CSR + } +) + +var ( + COMMA_SPLIT = regexp.MustCompile(`,[[:space:]]?`) +) + +// create a sign request with a private key +func create_sign_request() { + flags := parse_sign_flags() + flags.private_key = load_private_key(flags.PrivateKeyPath) + + stream, err := open_output_stream(flags.Output) + if err != nil { + crash_with_help(2, fmt.Sprintf("Error when creating file %s: %s", flags.Output, err)) + } + defer stream.Close() + flags.output_stream = stream + + if err = create_csr(flags); err != nil { + fmt.Fprintln(os.Stderr, "Error when generating CSR: ", err) + os.Exit(3) + } +} + +// parse the flags to create a certificate sign request +func parse_sign_flags() SignFlags { + dns_names := "" // string to hold the alternative names + ips := "" // string to hold the alternative ips + var container struct { + Country, Organization, OrganizationalUnit, Locality, Province, + StreetAddress, PostalCode string + } + + flags := SignFlags{} + fs := flag.NewFlagSet("create-cert-sign", flag.ExitOnError) + fs.StringVar(&flags.PrivateKeyPath, "private-key", "", "path to the private key file") + fs.StringVar(&flags.Output, "output", "STDOUT", "path where the generated csr should be stored") + + flags.BaseAttributes = pkix.Name{} + fs.StringVar(&flags.BaseAttributes.CommonName, "common-name", "", "the name of the resource") + fs.StringVar(&flags.BaseAttributes.SerialNumber, "serial", "1", "serial number for the request") + fs.StringVar(&dns_names, "names", "", "alternative names (comma separated)") + fs.StringVar(&ips, "ips", "", "alternative IPs (comma separated)") + fs.StringVar(&container.Country, "country", "", "country of the organization") + fs.StringVar(&container.Organization, "organization", "", "the name of the organization") + fs.StringVar(&container.OrganizationalUnit, "org-unit", "", "the organizational unit") + fs.StringVar(&container.Locality, "city", "", "the city or locality") + fs.StringVar(&container.Province, "province", "", "the province") + fs.StringVar(&container.StreetAddress, "street", "", "the street address for the cert") + fs.StringVar(&container.PostalCode, "postal-code", "", "the postal code of the city") + fs.Parse(os.Args[2:]) + + // convert array flags to config structs + if dns_names != "" { + flags.DNSNames = COMMA_SPLIT.Split(dns_names, -1) + } + if ips != "" { + tmp_ips := COMMA_SPLIT.Split(ips, -1) + for _, sip := range tmp_ips { + flags.IPAddresses = append(flags.IPAddresses, net.ParseIP(sip)) + } + } + + container_type := reflect.ValueOf(container) + config_type := reflect.ValueOf(&flags.BaseAttributes).Elem() + for i := 0; i < container_type.NumField(); i++ { + field := container_type.Field(i) + new_field := config_type.FieldByName(container_type.Type().Field(i).Name) + new_field.Set(reflect.ValueOf(COMMA_SPLIT.Split(field.String(), -1))) + } + + return flags +} + +// generate the csr and print into flags.output_stream +func create_csr(flags SignFlags) (error) { + csr_template := &x509.CertificateRequest{ + Subject: flags.BaseAttributes, + DNSNames: flags.DNSNames, + IPAddresses: flags.IPAddresses, + } + csr_raw, err := x509.CreateCertificateRequest(rand.Reader, csr_template, flags.private_key) + if err != nil { return err } + + block := &pem.Block{Type: TypeLabelCSR, Bytes: csr_raw} + pem.Encode(flags.output_stream, block) + return nil +} diff --git a/create_sign_request_test.go b/create_sign_request_test.go new file mode 100644 index 0000000..fef7db5 --- /dev/null +++ b/create_sign_request_test.go @@ -0,0 +1,84 @@ +package main + +import ( + "bytes" + "crypto/x509" + "encoding/pem" + "io/ioutil" + "net" + "testing" +) + +type CSRTest struct { + ShouldBe []string + Set func(*SignFlags) + Fetch func(*x509.CertificateRequest) []string +} + +const ( + RAW_PRIVATE_KEY = `-----BEGIN EC PRIVATE KEY----- +MIHbAgEBBEFkAEFc5264Yo7Xo+yj3ZwaqdffTphGT3/8Q+pvi4ULmXaFiGoTkR5X +lKnlRUEp0I4Ra9U7GjLDtFLwTaLzdXuUT6AHBgUrgQQAI6GBiQOBhgAEAdW0usq0 +zEzvhR0u5ZSbOXRzg+TbICZGfOLy9KpKfz6I6suFOAO7f3fwDNOqMfyYUhtenMz7 +T/BKArg+v58UWHrwAb/UeI4l+OMOoMHYtNNO4nAjTdyY8yFSFY5syzKEYIBzUoLM +VSfuxBk5ZS2J478X1Vxacq03keDeAY43Oc80XBih +-----END EC PRIVATE KEY-----` +) + +func SetupTest() (*SignFlags, *bytes.Buffer) { + p, _ := pem.Decode([]byte(RAW_PRIVATE_KEY)) + buf := bytes.NewBuffer(make([]byte, 0)) + + flags := &SignFlags{ + private_key: load_private_key_ecdsa(p), + output_stream: buf, + } + return flags, buf +} + +func TestCSRGeneration(t *testing.T) { + tests := []CSRTest { + { + []string{"foo"}, + func(f *SignFlags) { f.BaseAttributes.CommonName = "foo" }, + func(c *x509.CertificateRequest) []string { return []string{c.Subject.CommonName} }, + }, { + []string{"foo.com", "bar.com", "baz.com"}, + func(f *SignFlags) { f.DNSNames = []string{ "foo.com", "bar.com", "baz.com" }}, + func(c *x509.CertificateRequest) []string { return c.DNSNames }, + }, + { + []string{"127.0.0.1", "192.168.0.1"}, + func(f *SignFlags) { f.IPAddresses = []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("192.168.0.1") }}, + func(c *x509.CertificateRequest) []string { + res := make([]string, 0) + for _, ip := range c.IPAddresses { + res = append(res, ip.String()) + } + return res + }, + }, + } + for _, test := range tests { + flags, io := SetupTest() + test.Set(flags) + + create_csr(*flags) + res, _ := ioutil.ReadAll(io) + raw, _ := pem.Decode(res) + + csr, _ := x509.ParseCertificateRequest(raw.Bytes) + if !diff(test.ShouldBe, test.Fetch(csr)) { + t.Logf("Expected: %v\nbut got: %v", test.ShouldBe, test.Fetch(csr)) + t.Fail() + } + } +} + +func diff(a, b []string) bool { + if len(a) != len(b) { return false } + for i, e := range a { + if e != b[i] { return false } + } + return true +} diff --git a/sign_request.go b/sign_request.go deleted file mode 100644 index dfb9f9f..0000000 --- a/sign_request.go +++ /dev/null @@ -1,116 +0,0 @@ -package main - -import ( - "crypto" - "crypto/rand" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "fmt" - "flag" - "io" - "net" - "os" - "reflect" - "regexp" -) - -type ( - SignFlags struct { - PrivateKeyPath string // path to the private key - Output string // path where to store the CSR - BaseAttributes pkix.Name - DNSNames []string // alternative names to the BaseAttributes.CommonName - IPAddresses []net.IP // alternative IP addresses - - private_key crypto.Signer - output_stream io.Writer // the output stream for the CSR - } -) - -var ( - COMMA_SPLIT = regexp.MustCompile(`,[[:space:]]?`) -) - -// create a sign request with a private key -func create_sign_request() { - flags := parse_sign_flags() - flags.private_key = load_private_key(flags.PrivateKeyPath) - - stream, err := open_output_stream(flags.Output) - if err != nil { - crash_with_help(2, fmt.Sprintf("Error when creating file %s: %s", flags.Output, err)) - } - defer stream.Close() - flags.output_stream = stream - - if err = create_csr(flags); err != nil { - fmt.Fprintln(os.Stderr, "Error when generating CSR: ", err) - os.Exit(3) - } -} - -// parse the flags to create a certificate sign request -func parse_sign_flags() SignFlags { - dns_names := "" // string to hold the alternative names - ips := "" // string to hold the alternative ips - var container struct { - Country, Organization, OrganizationalUnit, Locality, Province, - StreetAddress, PostalCode string - } - - flags := SignFlags{} - fs := flag.NewFlagSet("create-cert-sign", flag.ExitOnError) - fs.StringVar(&flags.PrivateKeyPath, "private-key", "", "path to the private key file") - fs.StringVar(&flags.Output, "output", "STDOUT", "path where the generated csr should be stored") - - flags.BaseAttributes = pkix.Name{} - fs.StringVar(&flags.BaseAttributes.CommonName, "common-name", "", "the name of the resource") - fs.StringVar(&flags.BaseAttributes.SerialNumber, "serial", "1", "serial number for the request") - fs.StringVar(&dns_names, "names", "", "alternative names (comma separated)") - fs.StringVar(&ips, "ips", "", "alternative IPs (comma separated)") - fs.StringVar(&container.Country, "country", "", "country of the organization") - fs.StringVar(&container.Organization, "organization", "", "the name of the organization") - fs.StringVar(&container.OrganizationalUnit, "org-unit", "", "the organizational unit") - fs.StringVar(&container.Locality, "city", "", "the city or locality") - fs.StringVar(&container.Province, "province", "", "the province") - fs.StringVar(&container.StreetAddress, "street", "", "the street address for the cert") - fs.StringVar(&container.PostalCode, "postal-code", "", "the postal code of the city") - fs.Parse(os.Args[2:]) - - // convert array flags to config structs - if dns_names != "" { - flags.DNSNames = COMMA_SPLIT.Split(dns_names, -1) - } - if ips != "" { - tmp_ips := COMMA_SPLIT.Split(ips, -1) - for _, sip := range tmp_ips { - flags.IPAddresses = append(flags.IPAddresses, net.ParseIP(sip)) - } - } - - container_type := reflect.ValueOf(container) - config_type := reflect.ValueOf(&flags.BaseAttributes).Elem() - for i := 0; i < container_type.NumField(); i++ { - field := container_type.Field(i) - new_field := config_type.FieldByName(container_type.Type().Field(i).Name) - new_field.Set(reflect.ValueOf(COMMA_SPLIT.Split(field.String(), -1))) - } - - return flags -} - -// generate the csr and print into flags.output_stream -func create_csr(flags SignFlags) (error) { - csr_template := &x509.CertificateRequest{ - Subject: flags.BaseAttributes, - DNSNames: flags.DNSNames, - IPAddresses: flags.IPAddresses, - } - csr_raw, err := x509.CreateCertificateRequest(rand.Reader, csr_template, flags.private_key) - if err != nil { return err } - - block := &pem.Block{Type: TypeLabelCSR, Bytes: csr_raw} - pem.Encode(flags.output_stream, block) - return nil -} diff --git a/sign_request_test.go b/sign_request_test.go deleted file mode 100644 index fef7db5..0000000 --- a/sign_request_test.go +++ /dev/null @@ -1,84 +0,0 @@ -package main - -import ( - "bytes" - "crypto/x509" - "encoding/pem" - "io/ioutil" - "net" - "testing" -) - -type CSRTest struct { - ShouldBe []string - Set func(*SignFlags) - Fetch func(*x509.CertificateRequest) []string -} - -const ( - RAW_PRIVATE_KEY = `-----BEGIN EC PRIVATE KEY----- -MIHbAgEBBEFkAEFc5264Yo7Xo+yj3ZwaqdffTphGT3/8Q+pvi4ULmXaFiGoTkR5X -lKnlRUEp0I4Ra9U7GjLDtFLwTaLzdXuUT6AHBgUrgQQAI6GBiQOBhgAEAdW0usq0 -zEzvhR0u5ZSbOXRzg+TbICZGfOLy9KpKfz6I6suFOAO7f3fwDNOqMfyYUhtenMz7 -T/BKArg+v58UWHrwAb/UeI4l+OMOoMHYtNNO4nAjTdyY8yFSFY5syzKEYIBzUoLM -VSfuxBk5ZS2J478X1Vxacq03keDeAY43Oc80XBih ------END EC PRIVATE KEY-----` -) - -func SetupTest() (*SignFlags, *bytes.Buffer) { - p, _ := pem.Decode([]byte(RAW_PRIVATE_KEY)) - buf := bytes.NewBuffer(make([]byte, 0)) - - flags := &SignFlags{ - private_key: load_private_key_ecdsa(p), - output_stream: buf, - } - return flags, buf -} - -func TestCSRGeneration(t *testing.T) { - tests := []CSRTest { - { - []string{"foo"}, - func(f *SignFlags) { f.BaseAttributes.CommonName = "foo" }, - func(c *x509.CertificateRequest) []string { return []string{c.Subject.CommonName} }, - }, { - []string{"foo.com", "bar.com", "baz.com"}, - func(f *SignFlags) { f.DNSNames = []string{ "foo.com", "bar.com", "baz.com" }}, - func(c *x509.CertificateRequest) []string { return c.DNSNames }, - }, - { - []string{"127.0.0.1", "192.168.0.1"}, - func(f *SignFlags) { f.IPAddresses = []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("192.168.0.1") }}, - func(c *x509.CertificateRequest) []string { - res := make([]string, 0) - for _, ip := range c.IPAddresses { - res = append(res, ip.String()) - } - return res - }, - }, - } - for _, test := range tests { - flags, io := SetupTest() - test.Set(flags) - - create_csr(*flags) - res, _ := ioutil.ReadAll(io) - raw, _ := pem.Decode(res) - - csr, _ := x509.ParseCertificateRequest(raw.Bytes) - if !diff(test.ShouldBe, test.Fetch(csr)) { - t.Logf("Expected: %v\nbut got: %v", test.ShouldBe, test.Fetch(csr)) - t.Fail() - } - } -} - -func diff(a, b []string) bool { - if len(a) != len(b) { return false } - for i, e := range a { - if e != b[i] { return false } - } - return true -} -- cgit v1.2.3-70-g09d2