forked from smallstep/cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sign.go
93 lines (74 loc) · 2.09 KB
/
sign.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package certificate
import (
"encoding/pem"
"fmt"
"io/ioutil"
"github.com/pkg/errors"
"github.com/smallstep/cli/crypto/x509util"
"github.com/smallstep/cli/errs"
"github.com/urfave/cli"
)
func signCommand() cli.Command {
return cli.Command{
Name: "sign",
Action: cli.ActionFunc(signAction),
Usage: "sign a certificate signing request (CSR)",
UsageText: `**step certificate sign** <csr_file> <crt_file> <key_file>`,
Description: `**step certificate sign** generates a signed
certificate from a certificate signing request (CSR).
## POSITIONAL ARGUMENTS
<csr_file>
: The path to a certificate signing request (CSR) to be signed.
<crt_file>
: The path to an issuing certificate.
<key_file>
: The path to a private key for signing the CSR.
## EXIT CODES
This command returns 0 on success and \>0 if any error occurs.
## EXAMPLES
Sign a certificate signing request:
'''
$ step certificate sign ./certificate-signing-request.csr \
./issuer-certificate.crt ./issuer-private-key.priv
'''
`,
}
}
func signAction(ctx *cli.Context) error {
if err := errs.NumberOfArguments(ctx, 3); err != nil {
return err
}
csrFile := ctx.Args().Get(0)
crtFile := ctx.Args().Get(1)
keyFile := ctx.Args().Get(2)
csrBytes, err := ioutil.ReadFile(csrFile)
if err != nil {
return errors.WithStack(err)
}
csr, err := x509util.LoadCSRFromBytes(csrBytes)
if err != nil {
return errors.WithStack(err)
}
if err := x509util.CheckCertificateRequestSignature(csr); err != nil {
return errors.Wrapf(err, "Certificate Request has invalid signature")
}
issuerIdentity, err := x509util.LoadIdentityFromDisk(crtFile, keyFile)
if err != nil {
return errors.WithStack(err)
}
leafProfile, err := x509util.NewLeafProfileWithCSR(csr, issuerIdentity.Crt,
issuerIdentity.Key)
if err != nil {
return errors.WithStack(err)
}
crtBytes, err := leafProfile.CreateCertificate()
if err != nil {
return errors.Wrapf(err, "failure creating new leaf certificate from input csr")
}
block := &pem.Block{
Type: "CERTIFICATE",
Bytes: crtBytes,
}
fmt.Printf("%s", string(pem.EncodeToMemory(block)))
return nil
}