Skip to content

Commit

Permalink
Reorganizar os comandos e melhorar a validação.
Browse files Browse the repository at this point in the history
  • Loading branch information
beppler committed Jan 28, 2023
1 parent 1b971d1 commit ef461d1
Showing 1 changed file with 76 additions and 44 deletions.
120 changes: 76 additions & 44 deletions simpleca.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,49 @@ func main() {
app.Usage = "Simple Certificate Authority"
app.Version = version
app.Commands = []*cli.Command{
{
Name: "crl",
Usage: "Create/Update a certificate revogation list (CRL)",
Flags: []cli.Flag{
&cli.StringFlag{
Name: "ca-cert",
Usage: "Certificate authority certificate file `NAME`",
Required: true,
},
&cli.StringFlag{
Name: "ca-key",
Usage: "Certificare authority private key file `NAME`",
},
&cli.StringFlag{
Name: "ca-password",
Usage: "private key password",
},
&cli.IntFlag{
Name: "validity",
Usage: "Validity time in `days` (0 to copy certificate authority validity)",
Value: 7,
Action: func(ctx *cli.Context, validity int) error {
if validity < 1 {
return fmt.Errorf("validity must be a positive number")
}
return nil
},
},
&cli.StringSliceFlag{
Name: "cert",
Usage: "Certificate to be included on CRL",
},
&cli.StringFlag{
Name: "in",
Usage: "Certificate revogation list input file `NAME`",
},
&cli.StringFlag{
Name: "out",
Usage: "Certificate revogation list output file `NAME`",
},
},
Action: createCRL,
},
{
Name: "csr",
Usage: "Create a certificate request",
Expand Down Expand Up @@ -90,39 +133,6 @@ func main() {
},
Action: createCSR,
},
{
Name: "crl",
Usage: "Create/Update a certificate revogation list (CRL)",
Flags: []cli.Flag{
&cli.StringFlag{
Name: "ca-cert",
Usage: "Certificate authority certificate file `NAME`",
Required: true,
},
&cli.StringFlag{
Name: "ca-key",
Usage: "Certificare authority private key file `NAME`",
},
&cli.StringFlag{
Name: "ca-password",
Usage: "private key password",
},
&cli.IntFlag{
Name: "validity",
Usage: "Validity time in `days` (0 to copy certificate authority validity)",
Value: 7,
},
&cli.StringSliceFlag{
Name: "cert",
Usage: "Certificate to be included on CRL",
},
&cli.StringFlag{
Name: "out",
Usage: "Certificate revogation list output file `NAME`",
},
},
Action: createCRL,
},
{
Name: "key",
Usage: "Private key support",
Expand Down Expand Up @@ -258,11 +268,23 @@ func main() {
Name: "max-path-len",
Usage: "Maximum number of subordinate CAs",
Value: 0,
Action: func(ctx *cli.Context, maxPathLen int) error {
if maxPathLen < 0 {
return fmt.Errorf("path length must be equal or greater than 0")
}
return nil
},
},
&cli.IntFlag{
Name: "validity",
Usage: "Validity time in `YEARS`",
Value: 5,
Action: func(ctx *cli.Context, validity int) error {
if validity < 1 {
return fmt.Errorf("validity must be a positive number")
}
return nil
},
},
&cli.StringFlag{
Name: "out",
Expand Down Expand Up @@ -304,6 +326,12 @@ func main() {
Name: "validity",
Usage: "Validity time in `YEARS`",
Value: 2,
Action: func(ctx *cli.Context, validity int) error {
if validity < 1 {
return fmt.Errorf("validity must be a positive number")
}
return nil
},
},
&cli.StringFlag{
Name: "out",
Expand Down Expand Up @@ -345,6 +373,12 @@ func main() {
Name: "validity",
Usage: "Validity time in `YEARS`",
Value: 2,
Action: func(ctx *cli.Context, validity int) error {
if validity < 1 {
return fmt.Errorf("validity must be a positive number")
}
return nil
},
},
&cli.StringFlag{
Name: "out",
Expand Down Expand Up @@ -386,6 +420,12 @@ func main() {
Name: "validity",
Usage: "Validity time in `YEARS`",
Value: 2,
Action: func(ctx *cli.Context, validity int) error {
if validity < 1 {
return fmt.Errorf("validity must be a positive number")
}
return nil
},
},
&cli.StringFlag{
Name: "out",
Expand Down Expand Up @@ -555,15 +595,13 @@ func createCSR(c *cli.Context) error {
func createCRL(c *cli.Context) error {
caCertName := c.String("ca-cert")
validity := c.Int("validity")
if validity < 0 {
return fmt.Errorf("validity must be a positive number")
}
caKeyName := c.String("ca-key")
if caKeyName == "" {
caKeyName = strings.TrimSuffix(caCertName, filepath.Ext(caCertName)) + ".key"
}
caPassword := c.String("ca-password")
certNames := c.StringSlice("cert")
inFileName := c.String("in")
outFileName := c.String("out")

pemBytes, err := os.ReadFile(caCertName)
Expand Down Expand Up @@ -609,8 +647,8 @@ func createCRL(c *cli.Context) error {

var revokedCertificates []pkix.RevokedCertificate

if _, err := os.Stat(outFileName); !os.IsNotExist(err) {
crlBytes, err := os.ReadFile(outFileName)
if inFileName != "" {
crlBytes, err := os.ReadFile(inFileName)
if err != nil {
return fmt.Errorf("failed to load original crl: %w", err)
}
Expand Down Expand Up @@ -736,9 +774,6 @@ func encodePkcs(c *cli.Context) error {

func signCA(c *cli.Context) error {
maxPathLen := c.Int("max-path-len")
if maxPathLen < 0 {
return fmt.Errorf("path length must be equal or greater than 0")
}

configure := func(template *x509.Certificate) error {
template.IsCA = true
Expand Down Expand Up @@ -813,9 +848,6 @@ func signRequest(c *cli.Context, allowSelfSign bool, configure func(*x509.Certif
}
caPassword := c.String("ca-password")
validity := c.Int("validity")
if validity < 1 {
return fmt.Errorf("validity must be a positive number")
}
crls := c.StringSlice("crl")
outFileName := c.String("out")

Expand Down

0 comments on commit ef461d1

Please sign in to comment.