/
create_csr.go
108 lines (90 loc) · 2.74 KB
/
create_csr.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
/*
Copyright 2020 The Magma Authors.
This source code is licensed under the BSD-style license found in the
LICENSE file in the root directory of this source tree.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"flag"
"fmt"
"log"
"os"
"magma/orc8r/lib/go/security/csr"
"magma/orc8r/lib/go/security/key"
)
var (
keyFile = flag.String("key", "default_csr.key.pem", "Name used for key file")
rsaBits = flag.Int("rsa-bits", 2048,
"Size of RSA key to generate. Ignored if --ecdsa-curve is set")
ecdsaCurve = flag.String("ecdsa-curve", "",
"ECDSA curve to use to generate a key. One of: P224, P256, P384, P521")
country = flag.String("C", "CL", "Country (C)")
org = flag.String("O", "MagmaClient", "Organization (O)")
commonName = flag.String("CN", "", "Common Name (CN)")
orgUnit = flag.String("OU", "", "Organizational Unit (OU)")
)
const usageExamples string = `
Examples:
Create a CSR using -key keyFile and write into csrFile
$> %s csrFile
If keyFile does not exist, it will create a new key using ecdsaCurve and rsaBits
and write the key into keyFile.
`
func main() {
oldUsage := flag.Usage
flag.Usage = func() {
oldUsage()
cmd := os.Args[0]
fmt.Printf(usageExamples, cmd)
}
flag.Parse()
if flag.NArg() != 1 {
flag.Usage()
os.Exit(2)
}
csrFile := flag.Arg(0)
var priv interface{}
var err error
if _, err = os.Stat(*keyFile); err == nil {
priv, err = key.ReadKey(*keyFile)
if err != nil {
log.Fatalf("Failed to read private key from %s: %s", *keyFile, err)
}
fmt.Printf("Key read from: %s\n", *keyFile)
} else {
priv, err = key.GenerateKey(*ecdsaCurve, *rsaBits)
if err != nil {
log.Fatalf("Failed to generate private key: %s", err)
}
err = key.WriteKey(*keyFile, priv)
if err != nil {
log.Fatalf("Failed to write private key to %s: %s", *keyFile, err)
}
fmt.Printf("Key created and written into %s\n", *keyFile)
}
template := x509.CertificateRequest{
Subject: pkix.Name{
Country: []string{*country},
Organization: []string{*org},
OrganizationalUnit: []string{*orgUnit},
CommonName: *commonName,
},
}
csrDER, err := x509.CreateCertificateRequest(rand.Reader, &template, priv)
if err != nil {
log.Fatalf("Failed to create certificate request: %s", err)
}
err = csr.WriteCSR(csrDER, csrFile)
if err != nil {
log.Fatalf("Failed to write certificate request: %s", err)
}
fmt.Printf("CSR written into %s\n", csrFile)
}