aboutsummaryrefslogtreecommitdiff
path: root/flags.go
blob: 29c294175e5481f5abd8e349d277c7ea9845d247 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
package main

// This file handles the complete parameter assignment, as some parameters are
// often used by multiple functions.

import (
	"encoding/base64"
	"fmt"
	"io"
	"net"
	"os"
	"reflect"
	"strings"

	"github.com/gibheer/pki"
)

type (
	// a container go gather all incoming flags for further processing
	paramContainer struct {
		outputPath       string                     // path to output whatever is generated
		inputPath        string                     // path to an input resource
		cryptType        string                     // type of something (private key)
		length           int                        // the length of something (private key)
		privateKeyPath   string                     // path to the private key
		publicKeyPath    string                     // path to the public key
		signRequestPath  string                     // path to the certificate sign request
		certificateFlags certiticateRequestRawFlags // container for certificate related flags
		signature        string                     // a base64 encoded signature
		certGeneration   certGenerationRaw          // all certificate generation flags
		caPath           string                     // path to a certificate authority
	}

	flagCheck func() error
)

var (
	CmdRoot = &Command{
		Short: "A tool to manage keys and certificates.",
		Long: `This tool provides a way to manage private and public keys, create
certificate requests and certificates and sign/verify messages.`,
	}

	CmdCreatePublicKey = &Command{
		Use:     "create-public",
		Short:   "create a public key from a private key",
		Long:    "Create a public key derived from a private key.",
		Example: "create-public -private-key=foo.ecdsa",
		Run:     create_public_key,
	}

	CmdSignInput = &Command{
		Use:     "sign-input",
		Short:   "sign a text using a private key",
		Long:    "Create a signature using a private key",
		Example: "sign-input -private-key=foo.ecdsa -input=textfile",
		Run:     sign_input,
	}

	CmdVerifyInput = &Command{
		Use:     "verify-input",
		Short:   "verify a text using a signature",
		Long:    "Verify a text using a signature and a public key.",
		Example: "verify-input -public-key=foo.ecdsa.pub -input=textfile -signature=abc456",
		Run:     verify_input,
	}

	CmdCreateSignRequest = &Command{
		Use:     "create-sign-request",
		Short:   "create a certificate sign request",
		Long:    "Create a certificate sign request.",
		Example: "create-sign-request -private-key=foo.ecdsa -common-name=foo -serial=1",
		Run:     create_sign_request,
	}

	// variable to hold the raw arguments before checking
	flagContainer *paramContainer

	// loaded private key
	FlagPrivateKey pki.PrivateKey
	// loaded public key
	FlagPublicKey pki.PublicKey
	// the IO handler for input
	FlagInput io.ReadCloser
	// the IO handler for output
	FlagOutput io.WriteCloser
	// signature from the args
	FlagSignature []byte
	// a certificate filled with the parameters
	FlagCertificateRequestData *pki.CertificateData
	// the certificate sign request
	FlagCertificateSignRequest *pki.CertificateRequest
	// the ca/certificate to use
	FlagCertificate *pki.Certificate
)

func InitFlags() {
	flagContainer = &paramContainer{}
	CmdRoot.AddCommand(
		CmdCreatePrivateKey,
		CmdCreatePublicKey,
		CmdSignInput,
		CmdVerifyInput,
		CmdCreateSignRequest,
		CmdCreateCert,
	)

	// private-key
	InitFlagOutput(CmdCreatePrivateKey)
	InitFlagPrivateKeyGeneration(CmdCreatePrivateKey)
	// public-key
	InitFlagOutput(CmdCreatePublicKey)
	InitFlagPrivateKey(CmdCreatePublicKey)
	// sign-input
	InitFlagInput(CmdSignInput)
	InitFlagPrivateKey(CmdSignInput)
	InitFlagOutput(CmdSignInput)
	// verify-input
	InitFlagInput(CmdVerifyInput)
	InitFlagPrivateKey(CmdVerifyInput)
	InitFlagOutput(CmdVerifyInput)
	InitFlagSignature(CmdVerifyInput)
	// create-sign-request
	InitFlagPrivateKey(CmdCreateSignRequest)
	InitFlagOutput(CmdCreateSignRequest)
	InitFlagCertificateFields(CmdCreateSignRequest)
	// create-certificate
	InitFlagCA(CmdCreateCert)
	InitFlagCert(CmdCreateCert)
	InitFlagCSR(CmdCreateCert)
	InitFlagOutput(CmdCreateCert)
	InitFlagPrivateKey(CmdCreateCert)
}

// check if all checks are successful
func checkFlags(checks ...flagCheck) error {
	for _, check := range checks {
		if err := check(); err != nil {
			return err
		}
	}
	return nil
}

// check if either of the inserted checks is successful
func checkFlagsEither(checks ...flagCheck) flagCheck {
	return func() error {
		errors := make([]error, 0)
		for _, check := range checks {
			if err := check(); err != nil {
				errors = append(errors, err)
			}
		}
		// it is a success, if any check is successful
		if len(checks)-len(errors) > 0 {
			return nil
		}
		return errors[0]
	}
}

// add the public key flag
func InitFlagPublicKey(cmd *Command) {
	cmd.Flags().StringVar(&flagContainer.publicKeyPath, "public-key", "", "path to the public key (required)")
}

// parse public key flag
func checkPublicKey() error {
	if flagContainer.publicKeyPath == "" {
		return fmt.Errorf("No public key given!")
	}

	pu, err := ReadPublicKeyFile(flagContainer.publicKeyPath)
	if err != nil {
		return fmt.Errorf("Error reading public key: %s", err)
	}
	FlagPublicKey = pu
	return nil
}

// initialize the output flag
func InitFlagOutput(cmd *Command) {
	cmd.Flags().StringVar(&flagContainer.outputPath, "output", "STDOUT", "path to the output or STDOUT")
}

// parse the output parameter and open the file handle
func checkOutput() error {
	if flagContainer.outputPath == "STDOUT" {
		FlagOutput = os.Stdout
		return nil
	}
	var err error
	FlagOutput, err = os.OpenFile(
		flagContainer.outputPath,
		os.O_WRONLY|os.O_APPEND|os.O_CREATE, // do not kill users files!
		0600,
	)
	if err != nil {
		return err
	}
	return nil
}

// add the input parameter to load resources from
func InitFlagInput(cmd *Command) {
	cmd.Flags().StringVar(&flagContainer.inputPath, "input", "STDIN", "path to the input or STDIN")
}

// parse the input parameter and open the file handle
func checkInput() error {
	if flagContainer.inputPath == "STDIN" {
		FlagInput = os.Stdin
		return nil
	}
	var err error
	FlagInput, err = os.Open(flagContainer.inputPath)
	if err != nil {
		return err
	}
	return nil
}

// add the signature flag to load a signature from a signing process
func InitFlagSignature(cmd *Command) {
	cmd.Flags().StringVar(&flagContainer.signature, "signature", "", "the base64 encoded signature to use for verification")
}

// parse the signature flag
func checkSignature() error {
	var err error
	FlagSignature, err = base64.StdEncoding.DecodeString(flagContainer.signature)
	if err != nil {
		return err
	}
	return nil
}

// add the certificate fields to the flags
func InitFlagCertificateFields(cmd *Command) {
	cmd.Flags().StringVar(
		&flagContainer.certificateFlags.manual.serialNumber,
		"serial", "1", "unique serial number of the CA")
	cmd.Flags().StringVar(
		&flagContainer.certificateFlags.manual.commonName,
		"common-name", "", "common name of the entity to certify")
	cmd.Flags().StringVar(
		&flagContainer.certificateFlags.manual.dnsNames,
		"dns-names", "", "comma separated list of alternative fqdn entries for the entity")
	cmd.Flags().StringVar(
		&flagContainer.certificateFlags.manual.emailAddresses,
		"email-address", "", "comma separated list of alternative email entries for the entity")
	cmd.Flags().StringVar(
		&flagContainer.certificateFlags.manual.ipAddresses,
		"ip-address", "", "comma separated list of alternative ip entries for the entity")
	cmd.Flags().StringVar(
		&flagContainer.certificateFlags.automatic.Country,
		"country", "", "comma separated list of countries the entitiy resides in")
	cmd.Flags().StringVar(
		&flagContainer.certificateFlags.automatic.Organization,
		"organization", "", "comma separated list of organizations the entity belongs to")
	cmd.Flags().StringVar(
		&flagContainer.certificateFlags.automatic.OrganizationalUnit,
		"organization-unit", "", "comma separated list of organization units or departments the entity belongs to")
	cmd.Flags().StringVar(
		&flagContainer.certificateFlags.automatic.Locality,
		"locality", "", "comma separated list of localities or cities the entity resides in")
	cmd.Flags().StringVar(
		&flagContainer.certificateFlags.automatic.Province,
		"province", "", "comma separated list of provinces the entity resides in")
	cmd.Flags().StringVar(
		&flagContainer.certificateFlags.automatic.StreetAddress,
		"street-address", "", "comma separated list of street addresses the entity resides in")
	cmd.Flags().StringVar(
		&flagContainer.certificateFlags.automatic.PostalCode,
		"postal-code", "", "comma separated list of postal codes of the localities")
}

// parse the certificate fields into a raw certificate
func checkCertificateFields() error {
	FlagCertificateRequestData = pki.NewCertificateData()
	// convert the automatic flags
	container_type := reflect.ValueOf(&flagContainer.certificateFlags.automatic).Elem()
	cert_data_type := reflect.ValueOf(&FlagCertificateRequestData.Subject).Elem()

	for _, field := range []string{"Country", "Organization", "OrganizationalUnit",
		"Locality", "Province", "StreetAddress", "PostalCode"} {
		field_value := container_type.FieldByName(field).String()
		if field_value == "" {
			continue
		}
		target := cert_data_type.FieldByName(field)
		target.Set(reflect.ValueOf(strings.Split(field_value, ",")))
	}

	// convert the manual flags
	data := FlagCertificateRequestData
	raw_data := flagContainer.certificateFlags.manual
	data.Subject.SerialNumber = raw_data.serialNumber
	data.Subject.CommonName = raw_data.commonName
	if raw_data.dnsNames != "" {
		data.DNSNames = strings.Split(raw_data.dnsNames, ",")
	}
	if raw_data.emailAddresses != "" {
		data.EmailAddresses = strings.Split(raw_data.emailAddresses, ",")
	}

	if raw_data.ipAddresses == "" {
		return nil
	}
	raw_ips := strings.Split(raw_data.ipAddresses, ",")
	data.IPAddresses = make([]net.IP, len(raw_ips))
	for i, ip := range raw_ips {
		data.IPAddresses[i] = net.ParseIP(ip)
		if data.IPAddresses[i] == nil {
			return fmt.Errorf("'%s' is not a valid IP", ip)
		}
	}

	return nil
}