func genkeyMain(args []string, c cli.Config) (err error) { csrFile, args, err := cli.PopFirstArgument(args) if err != nil { return } csrFileBytes, err := cli.ReadStdin(csrFile) if err != nil { return } var req csr.CertificateRequest err = json.Unmarshal(csrFileBytes, &req) if err != nil { return } if c.IsCA { var key, cert []byte cert, key, err = initca.New(&req) if err != nil { return } cli.PrintCert(key, nil, cert) } else { if req.CA != nil { err = errors.New("ca section only permitted in initca") return } var key, csrPEM []byte g := &csr.Generator{Validator: Validator} csrPEM, key, err = g.ProcessRequest(&req) if err != nil { key = nil return } cli.PrintCert(key, csrPEM, nil) } return nil }
func scanMain(args []string, c cli.Config) (err error) { if c.List { printJSON(scan.Default) } else { // Execute for each HOST argument given for len(args) > 0 { var host string host, args, err = cli.PopFirstArgument(args) if err != nil { return } var results map[string]scan.FamilyResult results, err = scan.Default.RunScans(host, c.Family, c.Scanner) if err != nil { return } printJSON(results) } } return }
func selfSignMain(args []string, c cli.Config) (err error) { if c.Hostname == "" && !c.IsCA { c.Hostname, args, err = cli.PopFirstArgument(args) if err != nil { return } } csrFile, args, err := cli.PopFirstArgument(args) if err != nil { return } csrFileBytes, err := cli.ReadStdin(csrFile) if err != nil { return } var req csr.CertificateRequest err = json.Unmarshal(csrFileBytes, &req) if err != nil { return } var key, csrPEM []byte g := &csr.Generator{Validator: genkey.Validator} csrPEM, key, err = g.ProcessRequest(&req) if err != nil { key = nil return } priv, err := helpers.ParsePrivateKeyPEM(key) if err != nil { key = nil return } var profile *config.SigningProfile // If there is a config, use its signing policy. Otherwise, leave policy == nil // and NewSigner will use DefaultConfig(). if c.CFG != nil { if c.Profile != "" && c.CFG.Signing.Profiles != nil { profile = c.CFG.Signing.Profiles[c.Profile] } } if profile == nil { profile = config.DefaultConfig() profile.Expiry = 2190 * time.Hour } cert, err := selfsign.Sign(priv, csrPEM, profile) if err != nil { key = nil priv = nil return } fmt.Fprintf(os.Stderr, `*** WARNING *** Self-signed certificates are dangerous. Use this self-signed certificate at your own risk. It is strongly recommended that these certificates NOT be used in production. *** WARNING *** `) cli.PrintCert(key, csrPEM, cert) return }
func gencertMain(args []string, c cli.Config) (err error) { csrJSONFile, args, err := cli.PopFirstArgument(args) if err != nil { return } csrJSONFileBytes, err := cli.ReadStdin(csrJSONFile) if err != nil { return } var req csr.CertificateRequest err = json.Unmarshal(csrJSONFileBytes, &req) if err != nil { return } if c.IsCA { var key, cert []byte cert, err = initca.NewFromPEM(&req, c.CAKeyFile) if err != nil { log.Errorf("%v\n", err) log.Infof("generating a new CA key and certificate from CSR") cert, key, err = initca.New(&req) if err != nil { return } } cli.PrintCert(key, nil, cert) } else { if req.CA != nil { err = errors.New("ca section only permitted in initca") return } // Remote can be forced on the command line or in the config if c.Remote == "" && c.CFG == nil { if c.CAFile == "" { log.Error("need a CA certificate (provide one with -ca)") return } if c.CAKeyFile == "" { log.Error("need a CA key (provide one with -ca-key)") return } } var key, csrBytes []byte g := &csr.Generator{Validator: genkey.Validator} csrBytes, key, err = g.ProcessRequest(&req) if err != nil { key = nil return } s, err := sign.SignerFromConfig(c) if err != nil { return err } var cert []byte req := signer.SignRequest{ Request: string(csrBytes), Hosts: signer.SplitHosts(c.Hostname), Profile: c.Profile, Label: c.Label, } cert, err = s.Sign(req) if err != nil { return err } cli.PrintCert(key, csrBytes, cert) } return nil }
// signerMain is the main CLI of signer functionality. // [TODO: zi] Decide whether to drop the argument list and only use flags to specify all the inputs. func signerMain(args []string, c cli.Config) (err error) { if c.CSRFile == "" { c.CSRFile, args, err = cli.PopFirstArgument(args) if err != nil { return } } var subjectData *signer.Subject if len(args) > 0 { var subjectFile string subjectFile, args, err = cli.PopFirstArgument(args) if err != nil { return } var subjectJSON []byte subjectJSON, err = ioutil.ReadFile(subjectFile) if err != nil { return } subjectData = new(signer.Subject) err = json.Unmarshal(subjectJSON, subjectData) if err != nil { return } } csr, err := cli.ReadStdin(c.CSRFile) if err != nil { return } // Remote can be forced on the command line or in the config if c.Remote == "" && c.CFG == nil { if c.CAFile == "" { log.Error("need CA certificate (provide one with -ca)") return } if c.CAKeyFile == "" { log.Error("need CA key (provide one with -ca-key)") return } } s, err := SignerFromConfig(c) if err != nil { return } req := signer.SignRequest{ Hosts: signer.SplitHosts(c.Hostname), Request: string(csr), Subject: subjectData, Profile: c.Profile, Label: c.Label, } cert, err := s.Sign(req) if err != nil { return } cli.PrintCert(nil, csr, cert) return }