119 lines
3.9 KiB
Go
119 lines
3.9 KiB
Go
package main
|
|
|
|
// create a sign request needed for the final certificate
|
|
|
|
import (
|
|
"crypto"
|
|
"crypto/rand"
|
|
"crypto/x509"
|
|
"crypto/x509/pkix"
|
|
"encoding/pem"
|
|
"fmt"
|
|
"flag"
|
|
"io"
|
|
"net"
|
|
"os"
|
|
"reflect"
|
|
"regexp"
|
|
)
|
|
|
|
type (
|
|
SignFlags struct {
|
|
PrivateKeyPath string // path to the private key
|
|
Output string // path where to store the CSR
|
|
BaseAttributes pkix.Name
|
|
DNSNames []string // alternative names to the BaseAttributes.CommonName
|
|
IPAddresses []net.IP // alternative IP addresses
|
|
|
|
private_key crypto.Signer
|
|
output_stream io.Writer // the output stream for the CSR
|
|
}
|
|
)
|
|
|
|
var (
|
|
COMMA_SPLIT = regexp.MustCompile(`,[[:space:]]?`)
|
|
)
|
|
|
|
// create a sign request with a private key
|
|
func create_sign_request() {
|
|
flags := parse_sign_flags()
|
|
flags.private_key = load_private_key(flags.PrivateKeyPath)
|
|
|
|
stream, err := open_output_stream(flags.Output)
|
|
if err != nil {
|
|
crash_with_help(2, fmt.Sprintf("Error when creating file %s: %s", flags.Output, err))
|
|
}
|
|
defer stream.Close()
|
|
flags.output_stream = stream
|
|
|
|
if err = create_csr(flags); err != nil {
|
|
fmt.Fprintln(os.Stderr, "Error when generating CSR: ", err)
|
|
os.Exit(3)
|
|
}
|
|
}
|
|
|
|
// parse the flags to create a certificate sign request
|
|
func parse_sign_flags() SignFlags {
|
|
dns_names := "" // string to hold the alternative names
|
|
ips := "" // string to hold the alternative ips
|
|
var container struct {
|
|
Country, Organization, OrganizationalUnit, Locality, Province,
|
|
StreetAddress, PostalCode string
|
|
}
|
|
|
|
flags := SignFlags{}
|
|
fs := flag.NewFlagSet("create-cert-sign", flag.ExitOnError)
|
|
fs.StringVar(&flags.PrivateKeyPath, "private-key", "", "path to the private key file")
|
|
fs.StringVar(&flags.Output, "output", "STDOUT", "path where the generated csr should be stored")
|
|
|
|
flags.BaseAttributes = pkix.Name{}
|
|
fs.StringVar(&flags.BaseAttributes.CommonName, "common-name", "", "the name of the resource")
|
|
fs.StringVar(&flags.BaseAttributes.SerialNumber, "serial", "1", "serial number for the request")
|
|
fs.StringVar(&dns_names, "names", "", "alternative names (comma separated)")
|
|
fs.StringVar(&ips, "ips", "", "alternative IPs (comma separated)")
|
|
fs.StringVar(&container.Country, "country", "", "country of the organization")
|
|
fs.StringVar(&container.Organization, "organization", "", "the name of the organization")
|
|
fs.StringVar(&container.OrganizationalUnit, "org-unit", "", "the organizational unit")
|
|
fs.StringVar(&container.Locality, "city", "", "the city or locality")
|
|
fs.StringVar(&container.Province, "province", "", "the province")
|
|
fs.StringVar(&container.StreetAddress, "street", "", "the street address for the cert")
|
|
fs.StringVar(&container.PostalCode, "postal-code", "", "the postal code of the city")
|
|
fs.Parse(os.Args[2:])
|
|
|
|
// convert array flags to config structs
|
|
if dns_names != "" {
|
|
flags.DNSNames = COMMA_SPLIT.Split(dns_names, -1)
|
|
}
|
|
if ips != "" {
|
|
tmp_ips := COMMA_SPLIT.Split(ips, -1)
|
|
for _, sip := range tmp_ips {
|
|
flags.IPAddresses = append(flags.IPAddresses, net.ParseIP(sip))
|
|
}
|
|
}
|
|
|
|
container_type := reflect.ValueOf(container)
|
|
config_type := reflect.ValueOf(&flags.BaseAttributes).Elem()
|
|
for i := 0; i < container_type.NumField(); i++ {
|
|
field := container_type.Field(i)
|
|
new_field := config_type.FieldByName(container_type.Type().Field(i).Name)
|
|
new_field.Set(reflect.ValueOf(COMMA_SPLIT.Split(field.String(), -1)))
|
|
}
|
|
|
|
return flags
|
|
}
|
|
|
|
// generate the csr and print into flags.output_stream
|
|
func create_csr(flags SignFlags) (error) {
|
|
csr_template := &x509.CertificateRequest{
|
|
Subject: flags.BaseAttributes,
|
|
DNSNames: flags.DNSNames,
|
|
IPAddresses: flags.IPAddresses,
|
|
}
|
|
csr_raw, err := x509.CreateCertificateRequest(rand.Reader, csr_template, flags.private_key)
|
|
if err != nil { return err }
|
|
|
|
block := &pem.Block{Type: TypeLabelCSR, Bytes: csr_raw}
|
|
pem.Encode(flags.output_stream, block)
|
|
return nil
|
|
}
|