Example #1
0
func getAuthFiles(c *cli.Context) ([]*TarFile, error) {
	name := "ca"
	tarFiles := make([]*TarFile, 0)

	crtFile, err := d.GetFile(depot.AuthCrtTag())
	if err != nil {
		return nil, errors.New("Get CA certificate error: " + err.Error())
	}
	crtTarFile, err := generateTarFile(crtFile, name+crtSuffix)
	if err != nil {
		return nil, errors.New("Generate certificate tar file error: " + err.Error())
	}
	tarFiles = append(tarFiles, crtTarFile)

	keyFile, err := d.GetFile(depot.AuthPrivKeyTag())
	if err != nil {
		return nil, errors.New("Get CA key error: " + err.Error())
	}
	keyTarFile, err := generateTarFile(keyFile, name+keySuffix)
	if err != nil {
		return nil, errors.New("Generate key tar file error: " + err.Error())
	}
	if c.Bool("insecure") {
		if keyTarFile, err = decryptEncryptedKeyTarFile(keyTarFile, getPassPhrase(c, name+" key")); err != nil {
			return nil, errors.New("Get decrypted CA key error: " + err.Error())
		}
	}
	tarFiles = append(tarFiles, keyTarFile)

	return tarFiles, nil
}
Example #2
0
func initAction(c *cli.Context) {
	if depot.CheckCertificateAuthority(d) || depot.CheckCertificateAuthorityInfo(d) || depot.CheckPrivateKeyAuthority(d) {
		fmt.Fprintln(os.Stderr, "CA has existed!")
		os.Exit(1)
	}

	var passphrase []byte
	var err error
	if c.IsSet("passphrase") {
		passphrase = []byte(c.String("passphrase"))
	} else {
		passphrase, err = createPassPhrase()
		if err != nil {
			fmt.Fprintln(os.Stderr, err)
			os.Exit(1)
		}
	}

	key, err := pkix.CreateRSAKey(c.Int("key-bits"))
	if err != nil {
		fmt.Fprintln(os.Stderr, "Create RSA Key error:", err)
		os.Exit(1)
	} else {
		fmt.Println("Created ca/key")
	}

	crt, info, err := pkix.CreateCertificateAuthority(key, c.Int("years"), c.String("organization"), c.String("country"))
	if err != nil {
		fmt.Fprintln(os.Stderr, "Create certificate error:", err)
		os.Exit(1)
	} else {
		fmt.Println("Created ca/crt")
	}

	if err = depot.PutCertificateAuthority(d, crt); err != nil {
		fmt.Fprintln(os.Stderr, "Save certificate error:", err)
	}
	if err = depot.PutCertificateAuthorityInfo(d, info); err != nil {
		fmt.Fprintln(os.Stderr, "Save certificate info error:", err)
	}
	if err = depot.PutEncryptedPrivateKeyAuthority(d, key, passphrase); err != nil {
		fmt.Fprintln(os.Stderr, "Save key error:", err)
	}
}
Example #3
0
func newSignAction(c *cli.Context) {
	if len(c.Args()) != 1 {
		fmt.Fprintln(os.Stderr, "One host name must be provided.")
		os.Exit(1)
	}
	name := c.Args()[0]

	if depot.CheckCertificateHost(d, name) {
		fmt.Fprintln(os.Stderr, "Certificate has existed!")
		os.Exit(1)
	}

	csr, err := depot.GetCertificateSigningRequest(d, name)
	if err != nil {
		fmt.Fprintln(os.Stderr, "Get certificate request error:", err)
		os.Exit(1)
	}
	crt, err := depot.GetCertificateAuthority(d)
	if err != nil {
		fmt.Fprintln(os.Stderr, "Get CA certificate error:", err)
		if isFileNotExist(err) {
			fmt.Fprintln(os.Stderr, "Please run 'etcd-ca init' to initial the depot.")
		}
		os.Exit(1)
	}
	info, err := depot.GetCertificateAuthorityInfo(d)
	if err != nil {
		fmt.Fprintln(os.Stderr, "Get CA certificate info error:", err)
		os.Exit(1)
	}
	key, err := depot.GetEncryptedPrivateKeyAuthority(d, getPassPhrase(c, "CA key"))
	if err != nil {
		fmt.Fprintln(os.Stderr, "Get CA key error:", err)
		os.Exit(1)
	}

	crtHost, err := pkix.CreateCertificateHost(crt, info, key, csr, c.Int("years"), c.Bool("server"), c.Bool("client"))
	if err != nil {
		fmt.Fprintln(os.Stderr, "Create certificate error:", err)
		os.Exit(1)
	} else {
		fmt.Printf("Created %s/crt from %s/csr signed by ca/key\n", name, name)
	}

	if err = depot.PutCertificateHost(d, name, crtHost); err != nil {
		fmt.Fprintln(os.Stderr, "Save certificate error:", err)
	}
	if err = depot.UpdateCertificateAuthorityInfo(d, info); err != nil {
		fmt.Fprintln(os.Stderr, "Update CA info error:", err)
	}
}
Example #4
0
func newExportAction(c *cli.Context) {
	if len(c.Args()) > 1 {
		fmt.Fprintln(os.Stderr, "At most one host name could be provided.")
		os.Exit(1)
	}

	if _, err := depot.GetCertificateAuthority(d); isFileNotExist(err) {
		fmt.Fprintln(os.Stderr, "Please run 'etcd-ca init' to initial the depot.")
		os.Exit(1)
	}

	var files []*TarFile
	var err error
	if len(c.Args()) == 0 {
		files, err = getAuthFiles(c)
	} else {
		files, err = getHostFiles(c, c.Args()[0])
	}
	if err != nil {
		fmt.Fprintln(os.Stderr, err)
		os.Exit(1)
	}

	w := tar.NewWriter(os.Stdout)
	defer w.Close()
	if err = outputTarFiles(w, files); err != nil {
		fmt.Fprintln(os.Stderr, "Save tar error:", err)
		os.Exit(1)
	}
}
Example #5
0
func newCertAction(c *cli.Context) {
	if len(c.Args()) != 1 {
		fmt.Fprintln(os.Stderr, "One host name must be provided.")
		os.Exit(1)
	}
	name := c.Args()[0]

	if depot.CheckCertificateSigningRequest(d, name) || depot.CheckPrivateKeyHost(d, name) {
		fmt.Fprintln(os.Stderr, "Certificate request has existed!")
		os.Exit(1)
	}

	var passphrase []byte
	var err error
	if c.IsSet("passphrase") {
		passphrase = []byte(c.String("passphrase"))
	} else {
		passphrase, err = createPassPhrase()
		if err != nil {
			fmt.Fprintln(os.Stderr, err)
			os.Exit(1)
		}
	}

	key, err := pkix.CreateRSAKey(c.Int("key-bits"))
	if err != nil {
		fmt.Fprintln(os.Stderr, "Create RSA Key error:", err)
		os.Exit(1)
	} else {
		fmt.Printf("Created %s/key\n", name)
	}

	csr, err := pkix.CreateCertificateSigningRequest(key, name, c.String("ip"), c.String("domain"), c.String("organization"), c.String("country"))
	if err != nil {
		fmt.Fprintln(os.Stderr, "Create certificate request error:", err)
		os.Exit(1)
	} else {
		fmt.Printf("Created %s/crt\n", name)
	}

	if err = depot.PutCertificateSigningRequest(d, name, csr); err != nil {
		fmt.Fprintln(os.Stderr, "Save certificate request error:", err)
	}
	if err = depot.PutEncryptedPrivateKeyHost(d, name, key, passphrase); err != nil {
		fmt.Fprintln(os.Stderr, "Save key error:", err)
	}
}