func newStatusAction(c *cli.Context) { crtAuth, err := depot.GetCertificateAuthority(d) if err != nil { fmt.Fprintln(os.Stderr, "CA certificate hasn't existed!") } else { printSignedStatusLine(crtAuth, "CA") } tags := d.List() for _, tag := range tags { name := depot.GetNameFromHostCrtTag(tag) if name == "" { continue } if !depot.CheckCertificateSigningRequest(d, name) { fmt.Fprintln(os.Stderr, "Certificate request hasn't existed!") continue } crt, err := depot.GetCertificateHost(d, name) if err != nil { fmt.Printf("%s: Unsigned\n", name) continue } printSignedStatusLine(crt, name) } }
func newChainAction(c *cli.Context) { crt, err := depot.GetCertificateAuthority(d) if err != nil { fmt.Fprintln(os.Stderr, "Get CA certificate error:", err) os.Exit(1) } // Should not fail if creating from depot crtBytes, _ := crt.Export() if len(c.Args()) == 0 { fmt.Printf("%s", crtBytes) return } name := c.Args()[0] crtHost, err := depot.GetCertificateHost(d, name) if err != nil { fmt.Fprintln(os.Stderr, "Get certificate error:", err) os.Exit(1) } crtHostBytes, _ := crtHost.Export() if err = crt.VerifyHost(crtHost, name); err != nil { fmt.Fprintln(os.Stderr, "Verify certificate chain error:", err) os.Exit(1) } fmt.Printf("%s%s", crtBytes, crtHostBytes) }
func newExportAction(c *cli.Context) { if len(c.Args()) > 1 { fmt.Fprintln(os.Stderr, "At most one host name could be provided.") os.Exit(1) } if _, err := depot.GetCertificateAuthority(d); isFileNotExist(err) { fmt.Fprintln(os.Stderr, "Please run 'etcd-ca init' to initial the depot.") os.Exit(1) } var files []*TarFile var err error if len(c.Args()) == 0 { files, err = getAuthFiles(c) } else { files, err = getHostFiles(c, c.Args()[0]) } if err != nil { fmt.Fprintln(os.Stderr, err) os.Exit(1) } w := tar.NewWriter(os.Stdout) defer w.Close() if err = outputTarFiles(w, files); err != nil { fmt.Fprintln(os.Stderr, "Save tar error:", err) os.Exit(1) } }
func newSignAction(c *cli.Context) { if len(c.Args()) != 1 { fmt.Fprintln(os.Stderr, "One host name must be provided.") os.Exit(1) } name := c.Args()[0] if depot.CheckCertificateHost(d, name) { fmt.Fprintln(os.Stderr, "Certificate has existed!") os.Exit(1) } csr, err := depot.GetCertificateSigningRequest(d, name) if err != nil { fmt.Fprintln(os.Stderr, "Get certificate request error:", err) os.Exit(1) } crt, err := depot.GetCertificateAuthority(d) if err != nil { fmt.Fprintln(os.Stderr, "Get CA certificate error:", err) if isFileNotExist(err) { fmt.Fprintln(os.Stderr, "Please run 'etcd-ca init' to initial the depot.") } os.Exit(1) } info, err := depot.GetCertificateAuthorityInfo(d) if err != nil { fmt.Fprintln(os.Stderr, "Get CA certificate info error:", err) os.Exit(1) } key, err := depot.GetEncryptedPrivateKeyAuthority(d, getPassPhrase(c, "CA key")) if err != nil { fmt.Fprintln(os.Stderr, "Get CA key error:", err) os.Exit(1) } crtHost, err := pkix.CreateCertificateHost(crt, info, key, csr, c.Int("years")) if err != nil { fmt.Fprintln(os.Stderr, "Create certificate error:", err) os.Exit(1) } else { fmt.Printf("Created %s/crt from %s/csr signed by ca/key\n", name, name) } if err = depot.PutCertificateHost(d, name, crtHost); err != nil { fmt.Fprintln(os.Stderr, "Save certificate error:", err) } if err = depot.UpdateCertificateAuthorityInfo(d, info); err != nil { fmt.Fprintln(os.Stderr, "Update CA info error:", err) } }