func generate(c *cli.Context) {
outputDir := c.GlobalString("output-directory")
if outputDir == "" {
cli.ShowAppHelp(c)
log.Fatalf("you must specify an output directory")
}
caCertPath := filepath.Join(outputDir, "ca.pem")
caKeyPath := filepath.Join(outputDir, "ca-key.pem")
org := c.String("org")
bits := c.Int("bits")
overwrite := c.Bool("overwrite")
log.Printf("generating ca: org=%s bits=%d", org, bits)
log.Debugf("creating output dir: path=%s", outputDir)
if err := os.MkdirAll(outputDir, 0700); err != nil {
log.Fatal(err)
}
// cert
if err := utils.CreateIfNotExists(caCertPath, overwrite); err != nil {
log.Fatal(err)
}
// key
if err := utils.CreateIfNotExists(caKeyPath, overwrite); err != nil {
log.Fatal(err)
}
cert, key, err := tlsutils.GenerateCACertificate(org, bits)
if err != nil {
log.Fatal(err)
}
log.Debugf("creating certificate: path=%s", caCertPath)
if err := ioutil.WriteFile(caCertPath, cert, 0600); err != nil {
log.Fatal(err)
}
log.Debugf("creating key: path=%s", caKeyPath)
if err := ioutil.WriteFile(caKeyPath, key, 0600); err != nil {
log.Fatal(err)
}
}
func generate(c *cli.Context) {
outputDir := c.GlobalString("output-directory")
if outputDir == "" {
cli.ShowAppHelp(c)
log.Fatalf("you must specify an output directory")
}
hosts := c.StringSlice("host")
caCertPath := filepath.Join(outputDir, "ca.pem")
caKeyPath := filepath.Join(outputDir, "ca-key.pem")
serverCertPath := filepath.Join(outputDir, "server.pem")
serverKeyPath := filepath.Join(outputDir, "server-key.pem")
clientCertPath := filepath.Join(outputDir, "cert.pem")
clientKeyPath := filepath.Join(outputDir, "key.pem")
org := c.String("org")
bits := c.Int("bits")
overwrite := c.Bool("overwrite")
log.Printf("generating ca: org=%s bits=%d", org, bits)
log.Debugf("creating output dir: path=%s", outputDir)
if err := os.MkdirAll(outputDir, 0700); err != nil {
log.Fatal(err)
}
// ca cert
if err := utils.CreateIfNotExists(caCertPath, overwrite); err != nil {
log.Fatal(err)
}
// ca key
if err := utils.CreateIfNotExists(caKeyPath, overwrite); err != nil {
log.Fatal(err)
}
// server cert
if err := utils.CreateIfNotExists(serverCertPath, overwrite); err != nil {
log.Fatal(err)
}
// server key
if err := utils.CreateIfNotExists(serverKeyPath, overwrite); err != nil {
log.Fatal(err)
}
// client cert
if err := utils.CreateIfNotExists(clientCertPath, overwrite); err != nil {
log.Fatal(err)
}
// client key
if err := utils.CreateIfNotExists(clientKeyPath, overwrite); err != nil {
log.Fatal(err)
}
// generate ca
caCert, caKey, err := tlsutils.GenerateCACertificate(org, bits)
if err != nil {
log.Fatal(err)
}
log.Debugf("creating ca certificate: path=%s", caCertPath)
if err := ioutil.WriteFile(caCertPath, caCert, 0600); err != nil {
log.Fatal(err)
}
log.Debugf("creating ca key: path=%s", caKeyPath)
if err := ioutil.WriteFile(caKeyPath, caKey, 0600); err != nil {
log.Fatal(err)
}
// generate client
clientCert, clientKey, err := tlsutils.GenerateCertificate(
nil,
caCert,
caKey,
org,
"",
bits,
)
if err != nil {
log.Fatal(err)
}
log.Debugf("creating client certificate: path=%s", clientCertPath)
if err := ioutil.WriteFile(clientCertPath, clientCert, 0600); err != nil {
log.Fatal(err)
}
log.Debugf("creating client key: path=%s", clientKeyPath)
if err := ioutil.WriteFile(clientKeyPath, clientKey, 0600); err != nil {
log.Fatal(err)
}
// generate server
serverCert, serverKey, err := tlsutils.GenerateCertificate(
hosts,
caCert,
caKey,
org,
"",
bits,
)
if err != nil {
log.Fatal(err)
}
log.Debugf("creating server certificate: path=%s", serverCertPath)
if err := ioutil.WriteFile(serverCertPath, serverCert, 0600); err != nil {
log.Fatal(err)
}
log.Debugf("creating server key: path=%s", serverKeyPath)
if err := ioutil.WriteFile(serverKeyPath, serverKey, 0600); err != nil {
log.Fatal(err)
}
}
func generate(c *cli.Context) {
outputDir := c.GlobalString("output-directory")
if outputDir == "" {
cli.ShowAppHelp(c)
log.Fatalf("you must specify an output directory")
}
commonName := c.String("common-name")
caCertPath := c.String("ca-cert")
caKeyPath := c.String("ca-key")
certPath := c.String("cert")
keyPath := c.String("key")
org := c.String("org")
bits := c.Int("bits")
overwrite := c.Bool("overwrite")
if caCertPath == "" {
caCertPath = filepath.Join(outputDir, "ca.pem")
}
if caKeyPath == "" {
caKeyPath = filepath.Join(outputDir, "ca-key.pem")
}
if certPath == "" {
certPath = filepath.Join(outputDir, "cert.pem")
}
if keyPath == "" {
keyPath = filepath.Join(outputDir, "key.pem")
}
log.Printf("generating client certificate: cn=%q org=%s bits=%d cert=%q key=%q",
commonName,
org,
bits,
certPath,
keyPath,
)
log.Debugf("creating output dir: path=%s", outputDir)
if err := os.MkdirAll(outputDir, 0700); err != nil {
log.Fatal(err)
}
// cert
if err := utils.CreateIfNotExists(certPath, overwrite); err != nil {
log.Fatal(err)
}
// key
if err := utils.CreateIfNotExists(keyPath, overwrite); err != nil {
log.Fatal(err)
}
caCert, err := ioutil.ReadFile(caCertPath)
if err != nil {
log.Fatal(err)
}
caKey, err := ioutil.ReadFile(caKeyPath)
if err != nil {
log.Fatal(err)
}
cert, key, err := tlsutils.GenerateCertificate(
nil,
caCert,
caKey,
org,
commonName,
bits,
)
if err != nil {
log.Fatal(err)
}
log.Debugf("creating certificate: path=%s", certPath)
if err := ioutil.WriteFile(certPath, cert, 0600); err != nil {
log.Fatal(err)
}
log.Debugf("creating key: path=%s", keyPath)
if err := ioutil.WriteFile(keyPath, key, 0600); err != nil {
log.Fatal(err)
}
}