func newSignAction(c *cli.Context) { if len(c.Args()) != 1 { fmt.Fprintln(os.Stderr, "One host name must be provided.") os.Exit(1) } name := c.Args()[0] if depot.CheckCertificateHost(d, name) { fmt.Fprintln(os.Stderr, "Certificate has existed!") os.Exit(1) } csr, err := depot.GetCertificateSigningRequest(d, name) if err != nil { fmt.Fprintln(os.Stderr, "Get certificate request error:", err) os.Exit(1) } crt, err := depot.GetCertificateAuthority(d) if err != nil { fmt.Fprintln(os.Stderr, "Get CA certificate error:", err) if isFileNotExist(err) { fmt.Fprintln(os.Stderr, "Please run 'etcd-ca init' to initial the depot.") } os.Exit(1) } info, err := depot.GetCertificateAuthorityInfo(d) if err != nil { fmt.Fprintln(os.Stderr, "Get CA certificate info error:", err) os.Exit(1) } key, err := depot.GetEncryptedPrivateKeyAuthority(d, getPassPhrase(c, "CA key")) if err != nil { fmt.Fprintln(os.Stderr, "Get CA key error:", err) os.Exit(1) } crtHost, err := pkix.CreateCertificateHost(crt, info, key, csr, c.Int("years")) if err != nil { fmt.Fprintln(os.Stderr, "Create certificate error:", err) os.Exit(1) } else { fmt.Printf("Created %s/crt from %s/csr signed by ca/key\n", name, name) } if err = depot.PutCertificateHost(d, name, crtHost); err != nil { fmt.Fprintln(os.Stderr, "Save certificate error:", err) } if err = depot.UpdateCertificateAuthorityInfo(d, info); err != nil { fmt.Fprintln(os.Stderr, "Update CA info error:", err) } }
func newCertAction(c *cli.Context) { if len(c.Args()) != 1 { fmt.Fprintln(os.Stderr, "One host name must be provided.") os.Exit(1) } name := c.Args()[0] if depot.CheckCertificateSigningRequest(d, name) || depot.CheckPrivateKeyHost(d, name) { fmt.Fprintln(os.Stderr, "Certificate request has existed!") os.Exit(1) } var passphrase []byte var err error if c.IsSet("passphrase") { passphrase = []byte(c.String("passphrase")) } else { passphrase, err = createPassPhrase() if err != nil { fmt.Fprintln(os.Stderr, err) os.Exit(1) } } key, err := pkix.CreateRSAKey(c.Int("key-bits")) if err != nil { fmt.Fprintln(os.Stderr, "Create RSA Key error:", err) os.Exit(1) } else { fmt.Printf("Created %s/key\n", name) } csr, err := pkix.CreateCertificateSigningRequest(key, name, c.String("ip"), c.String("domain"), c.String("organization"), c.String("country")) if err != nil { fmt.Fprintln(os.Stderr, "Create certificate request error:", err) os.Exit(1) } else { fmt.Printf("Created %s/crt\n", name) } if err = depot.PutCertificateSigningRequest(d, name, csr); err != nil { fmt.Fprintln(os.Stderr, "Save certificate request error:", err) } if err = depot.PutEncryptedPrivateKeyHost(d, name, key, passphrase); err != nil { fmt.Fprintln(os.Stderr, "Save key error:", err) } }
func initAction(c *cli.Context) { if depot.CheckCertificateAuthority(d) || depot.CheckCertificateAuthorityInfo(d) || depot.CheckPrivateKeyAuthority(d) { fmt.Fprintln(os.Stderr, "CA has existed!") os.Exit(1) } var passphrase []byte var err error if c.IsSet("passphrase") { passphrase = []byte(c.String("passphrase")) } else { passphrase, err = createPassPhrase() if err != nil { fmt.Fprintln(os.Stderr, err) os.Exit(1) } } key, err := pkix.CreateRSAKey(c.Int("key-bits")) if err != nil { fmt.Fprintln(os.Stderr, "Create RSA Key error:", err) os.Exit(1) } else { fmt.Println("Created ca/key") } crt, info, err := pkix.CreateCertificateAuthority(key, c.Int("years"), c.String("organization"), c.String("country")) if err != nil { fmt.Fprintln(os.Stderr, "Create certificate error:", err) os.Exit(1) } else { fmt.Println("Created ca/crt") } if err = depot.PutCertificateAuthority(d, crt); err != nil { fmt.Fprintln(os.Stderr, "Save certificate error:", err) } if err = depot.PutCertificateAuthorityInfo(d, info); err != nil { fmt.Fprintln(os.Stderr, "Save certificate info error:", err) } if err = depot.PutEncryptedPrivateKeyAuthority(d, key, passphrase); err != nil { fmt.Fprintln(os.Stderr, "Save key error:", err) } }