Commit 02ad18fc authored by Heiko Reese's avatar Heiko Reese
Browse files

parent bff3ba53
......@@ -43,6 +43,31 @@ type sanGenerator struct {
Values []string
}
var requestArgs = struct {
Profile string
CommonName string
Organisation string
OU []string
Locality string
State string
Country string
SANDNS []string
SANIP []net.IP
SANURI []string
SANEmail []string
RequesterName string
RequesterEmail string
RequesterOU string
Keyfile string
Keypass string
Keysize int
PIN string
Outdir string
SkipPDF bool
Publish bool
DryRun bool
}{}
// requestCmd represents the request command
var requestCmd *cobra.Command = &cobra.Command{
Use: "request",
......@@ -54,18 +79,16 @@ var requestCmd *cobra.Command = &cobra.Command{
err error
pkey *rsa.PrivateKey
)
viper.BindPFlags(cmd.Flags())
spew.Dump(viper.AllSettings())
//os.Exit(1)
viper.BindPFlags(cmd.PersistentFlags())
// check ca name
if viper.GetString("ca") == "" {
if !viper.IsSet("ca") {
log.Fatal("Please specify a valid CA")
}
// check cn
if viper.GetString("cn") == "" {
log.Fatal("Please specify a common name")
log.Fatal("Please specify a common name (»CN«)")
}
// clean up CommonName
......@@ -163,20 +186,6 @@ var requestCmd *cobra.Command = &cobra.Command{
} else {
log.Printf("Wrote private to »%s« (format: PKCS1/PEM)", filename)
}
/*
// save key as pkcs8
pkcs8key, err := x509.MarshalPKCS8PrivateKey(pkey)
if err != nil {
log.Fatal("Unable to marshal private key as PKCS8: ", err)
}
filename = filepath.Join(outputdir, basefilename+".key.p8")
err = ioutil.WriteFile(filename, pkcs8key, 0600)
if err != nil {
log.Fatalf("Unable to write private to »%s« as PKCS8: %s", filename, err)
} else {
log.Printf("Wrote private to »%s« (format: PKCS8)", filename)
}
*/
}
// prepare certificate request
......@@ -239,7 +248,8 @@ var requestCmd *cobra.Command = &cobra.Command{
}
request.URIs = sanurllist
}
spew.Dump(request); os.Exit(4)
spew.Dump(request)
os.Exit(4)
// generate certificate request
csr, err := dfnpki.GenerateRequest(pkey, request)
......@@ -349,38 +359,33 @@ func init() {
rootCmd.AddCommand(requestCmd)
// Here you will define your flags and configuration settings.
requestCmd.Flags().SortFlags = false
requestCmd.Flags().StringVar(&globalArgs.Profile, "profile", "Web Server", "Certificate profile")
requestCmd.Flags().StringVarP(&globalArgs.CommonName, "cn", "c", "", "Set »CommonName« (common name) part of distinguished name")
requestCmd.Flags().StringSliceVar(&globalArgs.OU, "ou", nil, "Set »OU« (organizational unit) part(s) of distinguished name")
requestCmd.Flags().StringVar(&globalArgs.Organisation, "o", "", "Set »O« (organization) part of distinguished name")
requestCmd.Flags().StringVar(&globalArgs.Locality, "locality", "", "Set »L« (locality) part of distinguished name")
requestCmd.Flags().StringVar(&globalArgs.State, "state", "", "Set »ST« (state) part of distinguished name")
requestCmd.Flags().StringVar(&globalArgs.Country, "country", "", "Set »C« (country) part of distinguished name")
requestCmd.Flags().StringSliceVar(&globalArgs.SANDNS, "dns", nil, "Add »DNS« (hostname or domain name) Subject Alternative Name(s)")
requestCmd.Flags().StringSliceVar(&globalArgs.SANIP, "ip", nil, "Add »IP« (ip address) Subject Alternative Name(s)")
requestCmd.Flags().StringSliceVar(&globalArgs.SANURI, "uri", nil, "Add »URI« Subject Alternative Name(s)")
requestCmd.Flags().StringSliceVar(&globalArgs.SANEmail, "email", nil, "Add »email« Subject Alternative Name(s)")
// TODO: add other types
requestCmd.Flags().StringVar(&globalArgs.RequesterName, "RequesterName", "", "Name of requester (»Beantrager«); set to CommonName for personal certificate")
requestCmd.Flags().StringVar(&globalArgs.RequesterEmail, "RequesterEmail", "", "E-Mail of requester (»Beantrager«)")
requestCmd.Flags().StringVar(&globalArgs.RequesterOU, "RequesterOU", "", "Organisational Unit of requester (»Beantrager«)")
requestCmd.Flags().BoolVar(&globalArgs.Publish, "publish", true, "Publish certificate")
requestCmd.Flags().StringVar(&globalArgs.PIN, "pin", "", "PIN for revocation and retrieval of unpublished certificates")
requestCmd.Flags().StringVarP(&globalArgs.Keyfile, "keyfile", "k", "", "Read key from filename if set; autogenerated otherwise")
requestCmd.PersistentFlags().SortFlags = false
requestCmd.PersistentFlags().StringVar(&requestArgs.Profile, "profile", "Web Server", "Certificate profile")
requestCmd.PersistentFlags().StringVarP(&requestArgs.CommonName, "cn", "c", "", "Set »CommonName« (common name) part of distinguished name")
requestCmd.PersistentFlags().StringSliceVar(&requestArgs.OU, "ou", nil, "Set »OU« (organizational unit) part(s) of distinguished name")
requestCmd.PersistentFlags().StringVar(&requestArgs.Organisation, "o", "", "Set »O« (organization) part of distinguished name")
requestCmd.PersistentFlags().StringVar(&requestArgs.Locality, "locality", "", "Set »L« (locality) part of distinguished name")
requestCmd.PersistentFlags().StringVar(&requestArgs.State, "state", "", "Set »ST« (state) part of distinguished name")
requestCmd.PersistentFlags().StringVar(&requestArgs.Country, "country", "", "Set »C« (country) part of distinguished name")
requestCmd.PersistentFlags().StringSliceVar(&requestArgs.SANDNS, "dns", nil, "Add »DNS« (hostname or domain name) Subject Alternative Name(s)")
requestCmd.PersistentFlags().IPSliceVar(&requestArgs.SANIP, "ip", nil, "Add »IP« (ip address) Subject Alternative Name(s)")
requestCmd.PersistentFlags().StringSliceVar(&requestArgs.SANURI, "uri", nil, "Add »URI« Subject Alternative Name(s)")
requestCmd.PersistentFlags().StringSliceVar(&requestArgs.SANEmail, "email", nil, "Add »email« Subject Alternative Name(s)")
requestCmd.PersistentFlags().StringVar(&requestArgs.RequesterName, "RequesterName", "", "Name of requester (»Beantrager«); set to CommonName for personal certificate")
requestCmd.PersistentFlags().StringVar(&requestArgs.RequesterEmail, "RequesterEmail", "", "E-Mail of requester (»Beantrager«)")
requestCmd.PersistentFlags().StringVar(&requestArgs.RequesterOU, "RequesterOU", "", "Organisational Unit of requester (»Beantrager«)")
requestCmd.PersistentFlags().BoolVar(&requestArgs.Publish, "publish", true, "Publish certificate")
requestCmd.PersistentFlags().StringVar(&requestArgs.PIN, "pin", "", "PIN for revocation and retrieval of unpublished certificates")
requestCmd.PersistentFlags().StringVarP(&requestArgs.Keyfile, "keyfile", "k", "", "Read key from filename if set; autogenerated otherwise")
requestCmd.MarkFlagFilename("keyfile", "")
requestCmd.Flags().StringVarP(&globalArgs.Keypass, "keypass", "p", "", "Password if secret key is encrypted")
requestCmd.Flags().IntVar(&globalArgs.Keysize, "keysize", 4096, "Size of secret key in bits (only used if --keyfile is not set; minimum size 2048 bits)")
requestCmd.Flags().StringVarP(&globalArgs.Outdir, "outdir", "o", "", "Directory for all output files")
requestCmd.Flags().BoolVarP(&globalArgs.DryRun, "dry-run", "n", false, "Only show request data, don't execute anything")
requestCmd.Flags().BoolVarP(&globalArgs.SkipPDF, "skip-pdf", "s", false, "Don't fetch pdf after request")
requestCmd.PersistentFlags().StringVarP(&requestArgs.Keypass, "keypass", "p", "", "Password if secret key is encrypted")
requestCmd.PersistentFlags().IntVar(&requestArgs.Keysize, "keysize", 4096, "Size of secret key in bits (only used if --keyfile is not set; minimum size 2048 bits)")
requestCmd.PersistentFlags().StringVarP(&requestArgs.Outdir, "outdir", "o", "", "Directory for all output files")
// Cobra supports local flags which will only run when this command
// is called directly, e.g.:
// requestCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
requestCmd.PersistentFlags().BoolVarP(&requestArgs.DryRun, "dry-run", "n", false, "Only show request data, don't execute anything")
requestCmd.PersistentFlags().BoolVarP(&requestArgs.SkipPDF, "skip-pdf", "s", false, "Don't fetch pdf after request")
}
......@@ -59,30 +59,8 @@ var (
}
// see also: Zertifizierungsrichtlinie der DFN-PKI-Sicherheitsniveau Global, Version:3.8, (OID): 1.3.6.1.4.1.22177.300.1.1.4.3.8
globalArgs struct {
DryRun bool
CAName string
RAId int
Profile string
CommonName string
Organisation string
OU []string
Locality string
State string
Country string
SANDNS []string
SANIP []string
SANURI []string
SANEmail []string
RequesterName string
RequesterEmail string
RequesterOU string
Keyfile string
Keypass string
Keysize int
PIN string
Outdir string
SkipPDF bool
Publish bool
}
)
......
package cmd
import (
"net/url"
"strings"
)
// URLSlice stores urls from cmdline arguments
type URLSlice []*url.URL
func (u *URLSlice) String() string {
urls := make([]string, 0, len(*u))
for _, uri := range *u {
urls = append(urls, uri.String())
}
return strings.Join(urls, ", ")
}
func (u *URLSlice) Set(rawurl string) error {
uri, err := url.Parse(rawurl)
if err != nil {
return err
}
*u = append(*u, uri)
return nil
}
func (u *URLSlice) Type() string {
return "URLSlice"
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment