func scanMain(args []string, c cli.Config) (err error) {
if c.List {
printJSON(scan.Default)
} else {
if err = scan.LoadRootCAs(c.CABundleFile); err != nil {
return
}
// Execute for each HOST argument given
for len(args) > 0 {
var host string
host, args, err = cli.PopFirstArgument(args)
if err != nil {
return
}
fmt.Printf("Scanning %s...\n", host)
var results map[string]scan.FamilyResult
results, err = scan.Default.RunScans(host, c.IP, c.Family, c.Scanner, c.Timeout)
if err != nil {
return
}
if results != nil {
printJSON(results)
}
}
}
return
}
func genkeyMain(args []string, c cli.Config) (err error) {
csrFile, args, err := cli.PopFirstArgument(args)
if err != nil {
return
}
csrFileBytes, err := cli.ReadStdin(csrFile)
if err != nil {
return
}
req := csr.CertificateRequest{
KeyRequest: csr.NewBasicKeyRequest(),
}
err = json.Unmarshal(csrFileBytes, &req)
if err != nil {
return
}
if c.IsCA {
var key, csrPEM, cert []byte
cert, csrPEM, key, err = initca.New(&req)
if err != nil {
return
}
cli.PrintCert(key, csrPEM, cert)
} else {
if req.CA != nil {
err = errors.New("ca section only permitted in initca")
return
}
var key, csrPEM []byte
g := &csr.Generator{Validator: Validator}
csrPEM, key, err = g.ProcessRequest(&req)
if err != nil {
key = nil
return
}
cli.PrintCert(key, csrPEM, nil)
}
return nil
}
func printDefaults(args []string, c cli.Config) (err error) {
arg, args, err := cli.PopFirstArgument(args)
if err != nil {
return
}
if arg == "list" {
printAvailable()
} else {
if config, ok := defaults[arg]; !ok {
printAvailable()
} else {
fmt.Println(config)
}
}
return
}
func gencertMain(args []string, c cli.Config) (err error) {
csrJSONFile, args, err := cli.PopFirstArgument(args)
if err != nil {
return
}
csrJSONFileBytes, err := cli.ReadStdin(csrJSONFile)
if err != nil {
return
}
req := csr.CertificateRequest{
KeyRequest: csr.NewBasicKeyRequest(),
}
err = json.Unmarshal(csrJSONFileBytes, &req)
if err != nil {
return
}
if c.IsCA {
var key, csrPEM, cert []byte
log.Infof("re-generate a CA certificate from CSR and CA key")
cert, csrPEM, err = initca.NewFromPEM(&req, c.CAKeyFile)
if err != nil {
log.Errorf("%v\n", err)
log.Infof("fallback to generating a new CA key and certificate from CSR")
cert, csrPEM, key, err = initca.New(&req)
if err != nil {
return
}
}
cli.PrintCert(key, csrPEM, cert)
} else {
if req.CA != nil {
err = errors.New("ca section only permitted in initca")
return
}
// Remote can be forced on the command line or in the config
if c.Remote == "" && c.CFG == nil {
if c.CAFile == "" {
log.Error("need a CA certificate (provide one with -ca)")
return
}
if c.CAKeyFile == "" {
log.Error("need a CA key (provide one with -ca-key)")
return
}
}
var key, csrBytes []byte
g := &csr.Generator{Validator: genkey.Validator}
csrBytes, key, err = g.ProcessRequest(&req)
if err != nil {
key = nil
return
}
s, err := sign.SignerFromConfig(c)
if err != nil {
return err
}
var cert []byte
req := signer.SignRequest{
Request: string(csrBytes),
Hosts: signer.SplitHosts(c.Hostname),
Profile: c.Profile,
Label: c.Label,
}
cert, err = s.Sign(req)
if err != nil {
return err
}
cli.PrintCert(key, csrBytes, cert)
}
return nil
}
func selfSignMain(args []string, c cli.Config) (err error) {
if c.Hostname == "" && !c.IsCA {
c.Hostname, args, err = cli.PopFirstArgument(args)
if err != nil {
return
}
}
csrFile, args, err := cli.PopFirstArgument(args)
if err != nil {
return
}
csrFileBytes, err := cli.ReadStdin(csrFile)
if err != nil {
return
}
var req csr.CertificateRequest
err = json.Unmarshal(csrFileBytes, &req)
if err != nil {
return
}
var key, csrPEM []byte
g := &csr.Generator{Validator: genkey.Validator}
csrPEM, key, err = g.ProcessRequest(&req)
if err != nil {
key = nil
return
}
priv, err := helpers.ParsePrivateKeyPEM(key)
if err != nil {
key = nil
return
}
var profile *config.SigningProfile
// If there is a config, use its signing policy. Otherwise, leave policy == nil
// and NewSigner will use DefaultConfig().
if c.CFG != nil {
if c.Profile != "" && c.CFG.Signing.Profiles != nil {
profile = c.CFG.Signing.Profiles[c.Profile]
}
}
if profile == nil {
profile = config.DefaultConfig()
profile.Expiry = 2190 * time.Hour
}
cert, err := selfsign.Sign(priv, csrPEM, profile)
if err != nil {
key = nil
priv = nil
return
}
fmt.Fprintf(os.Stderr, `*** WARNING ***
Self-signed certificates are dangerous. Use this self-signed
certificate at your own risk.
It is strongly recommended that these certificates NOT be used
in production.
*** WARNING ***
`)
cli.PrintCert(key, csrPEM, cert)
return
}