Пример #1
0
func generate(c *cli.Context) {
	outputDir := c.GlobalString("output-directory")
	if outputDir == "" {
		cli.ShowAppHelp(c)
		log.Fatalf("you must specify an output directory")
	}

	caCertPath := filepath.Join(outputDir, "ca.pem")
	caKeyPath := filepath.Join(outputDir, "ca-key.pem")
	org := c.String("org")
	bits := c.Int("bits")
	overwrite := c.Bool("overwrite")

	log.Printf("generating ca: org=%s bits=%d", org, bits)

	log.Debugf("creating output dir: path=%s", outputDir)
	if err := os.MkdirAll(outputDir, 0700); err != nil {
		log.Fatal(err)
	}

	// cert
	if err := utils.CreateIfNotExists(caCertPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// key
	if err := utils.CreateIfNotExists(caKeyPath, overwrite); err != nil {
		log.Fatal(err)
	}

	cert, key, err := tlsutils.GenerateCACertificate(org, bits)
	if err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating certificate: path=%s", caCertPath)
	if err := ioutil.WriteFile(caCertPath, cert, 0600); err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating key: path=%s", caKeyPath)
	if err := ioutil.WriteFile(caKeyPath, key, 0600); err != nil {
		log.Fatal(err)
	}
}
Пример #2
0
func generate(c *cli.Context) {
	outputDir := c.GlobalString("output-directory")
	if outputDir == "" {
		cli.ShowAppHelp(c)
		log.Fatalf("you must specify an output directory")
	}

	hosts := c.StringSlice("host")
	caCertPath := filepath.Join(outputDir, "ca.pem")
	caKeyPath := filepath.Join(outputDir, "ca-key.pem")
	serverCertPath := filepath.Join(outputDir, "server.pem")
	serverKeyPath := filepath.Join(outputDir, "server-key.pem")
	clientCertPath := filepath.Join(outputDir, "cert.pem")
	clientKeyPath := filepath.Join(outputDir, "key.pem")
	org := c.String("org")
	bits := c.Int("bits")
	overwrite := c.Bool("overwrite")

	log.Printf("generating ca: org=%s bits=%d", org, bits)

	log.Debugf("creating output dir: path=%s", outputDir)
	if err := os.MkdirAll(outputDir, 0700); err != nil {
		log.Fatal(err)
	}

	// ca cert
	if err := utils.CreateIfNotExists(caCertPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// ca key
	if err := utils.CreateIfNotExists(caKeyPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// server cert
	if err := utils.CreateIfNotExists(serverCertPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// server key
	if err := utils.CreateIfNotExists(serverKeyPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// client cert
	if err := utils.CreateIfNotExists(clientCertPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// client key
	if err := utils.CreateIfNotExists(clientKeyPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// generate ca
	caCert, caKey, err := tlsutils.GenerateCACertificate(org, bits)
	if err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating ca certificate: path=%s", caCertPath)
	if err := ioutil.WriteFile(caCertPath, caCert, 0600); err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating ca key: path=%s", caKeyPath)
	if err := ioutil.WriteFile(caKeyPath, caKey, 0600); err != nil {
		log.Fatal(err)
	}

	// generate client
	clientCert, clientKey, err := tlsutils.GenerateCertificate(
		nil,
		caCert,
		caKey,
		org,
		"",
		bits,
	)
	if err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating client certificate: path=%s", clientCertPath)
	if err := ioutil.WriteFile(clientCertPath, clientCert, 0600); err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating client key: path=%s", clientKeyPath)
	if err := ioutil.WriteFile(clientKeyPath, clientKey, 0600); err != nil {
		log.Fatal(err)
	}

	// generate server
	serverCert, serverKey, err := tlsutils.GenerateCertificate(
		hosts,
		caCert,
		caKey,
		org,
		"",
		bits,
	)
	if err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating server certificate: path=%s", serverCertPath)
	if err := ioutil.WriteFile(serverCertPath, serverCert, 0600); err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating server key: path=%s", serverKeyPath)
	if err := ioutil.WriteFile(serverKeyPath, serverKey, 0600); err != nil {
		log.Fatal(err)
	}
}
Пример #3
0
func generate(c *cli.Context) {
	outputDir := c.GlobalString("output-directory")
	if outputDir == "" {
		cli.ShowAppHelp(c)
		log.Fatalf("you must specify an output directory")
	}

	commonName := c.String("common-name")
	caCertPath := c.String("ca-cert")
	caKeyPath := c.String("ca-key")
	certPath := c.String("cert")
	keyPath := c.String("key")
	org := c.String("org")
	bits := c.Int("bits")
	overwrite := c.Bool("overwrite")

	if caCertPath == "" {
		caCertPath = filepath.Join(outputDir, "ca.pem")
	}

	if caKeyPath == "" {
		caKeyPath = filepath.Join(outputDir, "ca-key.pem")
	}

	if certPath == "" {
		certPath = filepath.Join(outputDir, "cert.pem")
	}

	if keyPath == "" {
		keyPath = filepath.Join(outputDir, "key.pem")
	}

	log.Printf("generating client certificate: cn=%q org=%s bits=%d cert=%q key=%q",
		commonName,
		org,
		bits,
		certPath,
		keyPath,
	)

	log.Debugf("creating output dir: path=%s", outputDir)
	if err := os.MkdirAll(outputDir, 0700); err != nil {
		log.Fatal(err)
	}

	// cert
	if err := utils.CreateIfNotExists(certPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// key
	if err := utils.CreateIfNotExists(keyPath, overwrite); err != nil {
		log.Fatal(err)
	}

	caCert, err := ioutil.ReadFile(caCertPath)
	if err != nil {
		log.Fatal(err)
	}

	caKey, err := ioutil.ReadFile(caKeyPath)
	if err != nil {
		log.Fatal(err)
	}

	cert, key, err := tlsutils.GenerateCertificate(
		nil,
		caCert,
		caKey,
		org,
		commonName,
		bits,
	)
	if err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating certificate: path=%s", certPath)
	if err := ioutil.WriteFile(certPath, cert, 0600); err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating key: path=%s", keyPath)
	if err := ioutil.WriteFile(keyPath, key, 0600); err != nil {
		log.Fatal(err)
	}
}