func newSignAction(c *cli.Context) { if len(c.Args()) != 1 { fmt.Fprintln(os.Stderr, "One host name must be provided.") os.Exit(1) } formattedReqName := strings.Replace(c.Args()[0], " ", "_", -1) formattedCAName := strings.Replace(c.String("CA"), " ", "_", -1) if depot.CheckCertificate(d, formattedReqName) { fmt.Fprintln(os.Stderr, "Certificate has existed!") os.Exit(1) } csr, err := depot.GetCertificateSigningRequest(d, formattedReqName) if err != nil { fmt.Fprintln(os.Stderr, "Get certificate request error:", err) os.Exit(1) } crt, err := depot.GetCertificate(d, formattedCAName) if err != nil { fmt.Fprintln(os.Stderr, "Get CA certificate error:", err) os.Exit(1) } key, err := depot.GetPrivateKey(d, formattedCAName) if err != nil { key, err = depot.GetEncryptedPrivateKey(d, formattedCAName, getPassPhrase(c, "CA key")) if err != nil { fmt.Fprintln(os.Stderr, "Get CA key error:", err) os.Exit(1) } } crtHost, err := pkix.CreateCertificateHost(crt, key, csr, c.Int("years")) if err != nil { fmt.Fprintln(os.Stderr, "Create certificate error:", err) os.Exit(1) } else { fmt.Printf("Created %s/%s.crt from %s/%s.csr signed by %s/%s.key\n", depotDir, formattedReqName, depotDir, formattedReqName, depotDir, formattedCAName) } if c.Bool("stdout") { crtBytes, err := crtHost.Export() if err != nil { fmt.Fprintln(os.Stderr, "Print certificate error:", err) os.Exit(1) } else { fmt.Printf(string(crtBytes[:])) } } if err = depot.PutCertificate(d, formattedReqName, crtHost); err != nil { fmt.Fprintln(os.Stderr, "Save certificate error:", err) } }
func newCertAction(c *cli.Context) { var name = "" ips := pkix.ParseAndValidateIPs(c.String("ip")) domains := strings.Split(c.String("domain"), ",") if c.String("domain") == "" { domains = nil } switch { case len(c.String("common-name")) != 0: name = c.String("common-name") case len(domains) != 0: name = domains[0] case len(ips) != 0: name = ips[0].String() default: fmt.Fprintln(os.Stderr, "Must provide Common Name or SAN") os.Exit(1) } formattedName := strings.Replace(name, " ", "_", -1) if depot.CheckCertificateSigningRequest(d, formattedName) || depot.CheckPrivateKey(d, formattedName) { fmt.Fprintln(os.Stderr, "Certificate request has existed!") os.Exit(1) } var passphrase []byte var err error if c.IsSet("passphrase") { passphrase = []byte(c.String("passphrase")) } else { passphrase, err = createPassPhrase() if err != nil { fmt.Fprintln(os.Stderr, err) os.Exit(1) } } var key *pkix.Key if c.IsSet("key") { keyBytes, err := ioutil.ReadFile(c.String("key")) key, err = pkix.NewKeyFromPrivateKeyPEM(keyBytes) if err != nil { fmt.Fprintln(os.Stderr, "Read Key error:", err) os.Exit(1) } fmt.Printf("Read %s.key\n", name) } else { key, err = pkix.CreateRSAKey(c.Int("key-bits")) if err != nil { fmt.Fprintln(os.Stderr, "Create RSA Key error:", err) os.Exit(1) } if len(passphrase) > 0 { fmt.Printf("Created %s/%s.key (encrypted by passphrase)\n", depotDir, formattedName) } else { fmt.Printf("Created %s/%s.key\n", depotDir, formattedName) } } csr, err := pkix.CreateCertificateSigningRequest(key, c.String("organizational-unit"), ips, domains, c.String("organization"), c.String("country"), c.String("province"), c.String("locality"), name) if err != nil { fmt.Fprintln(os.Stderr, "Create certificate request error:", err) os.Exit(1) } else { fmt.Printf("Created %s/%s.csr\n", depotDir, formattedName) } if c.Bool("stdout") { csrBytes, err := csr.Export() if err != nil { fmt.Fprintln(os.Stderr, "Print certificate request error:", err) os.Exit(1) } else { fmt.Printf(string(csrBytes[:])) } } if err = depot.PutCertificateSigningRequest(d, formattedName, csr); err != nil { fmt.Fprintln(os.Stderr, "Save certificate request error:", err) } if len(passphrase) > 0 { if err = depot.PutEncryptedPrivateKey(d, formattedName, key, passphrase); err != nil { fmt.Fprintln(os.Stderr, "Save encrypted private key error:", err) } } else { if err = depot.PutPrivateKey(d, formattedName, key); err != nil { fmt.Fprintln(os.Stderr, "Save private key error:", err) } } }
func initAction(c *cli.Context) { if !c.IsSet("common-name") { fmt.Println("Must supply Common Name for CA") os.Exit(1) } formattedName := strings.Replace(c.String("common-name"), " ", "_", -1) if depot.CheckCertificate(d, formattedName) || depot.CheckPrivateKey(d, formattedName) { fmt.Fprintln(os.Stderr, "CA with specified name already exists!") os.Exit(1) } var passphrase []byte var err error if c.IsSet("passphrase") { passphrase = []byte(c.String("passphrase")) } else { passphrase, err = createPassPhrase() if err != nil { fmt.Fprintln(os.Stderr, err) os.Exit(1) } } var key *pkix.Key if c.IsSet("key") { keyBytes, err := ioutil.ReadFile(c.String("key")) key, err = pkix.NewKeyFromPrivateKeyPEM(keyBytes) if err != nil { fmt.Fprintln(os.Stderr, "Read Key error:", err) os.Exit(1) } fmt.Printf("Read %s\n", c.String("key")) } else { key, err = pkix.CreateRSAKey(c.Int("key-bits")) if err != nil { fmt.Fprintln(os.Stderr, "Create RSA Key error:", err) os.Exit(1) } if len(passphrase) > 0 { fmt.Printf("Created %s/%s.key (encrypted by passphrase)\n", depotDir, formattedName) } else { fmt.Printf("Created %s/%s.key\n", depotDir, formattedName) } } crt, err := pkix.CreateCertificateAuthority(key, c.String("organizational-unit"), c.Int("years"), c.String("organization"), c.String("country"), c.String("province"), c.String("locality"), c.String("common-name")) if err != nil { fmt.Fprintln(os.Stderr, "Create certificate error:", err) os.Exit(1) } else { fmt.Printf("Created %s/%s.crt\n", depotDir, formattedName) } if c.Bool("stdout") { crtBytes, err := crt.Export() if err != nil { fmt.Fprintln(os.Stderr, "Print CA certificate error:", err) os.Exit(1) } else { fmt.Printf(string(crtBytes[:])) } } if err = depot.PutCertificate(d, formattedName, crt); err != nil { fmt.Fprintln(os.Stderr, "Save certificate error:", err) } if len(passphrase) > 0 { if err = depot.PutEncryptedPrivateKey(d, formattedName, key, passphrase); err != nil { fmt.Fprintln(os.Stderr, "Save encrypted private key error:", err) } } else { if err = depot.PutPrivateKey(d, formattedName, key); err != nil { fmt.Fprintln(os.Stderr, "Save private key error:", err) } } }
func getPassPhrase(c *cli.Context, name string) []byte { if c.IsSet("passphrase") { return []byte(c.String("passphrase")) } return askPassPhrase(name) }