forked from eliquious/kappa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
new-cert.go
141 lines (117 loc) · 4.6 KB
/
new-cert.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
package commands
import (
"crypto/rand"
"crypto/rsa"
"fmt"
"os"
"path"
"strings"
log "github.com/mgutz/logxi/v1"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"github.com/subsilent/kappa/auth"
)
// NewCertCmd is the kappa root command.
var NewCertCmd = &cobra.Command{
Use: "new-cert",
Short: "new-cert creates a new certificate",
Long: ``,
Run: func(cmd *cobra.Command, args []string) {
// Create logger
writer := log.NewConcurrentWriter(os.Stdout)
logger := log.NewLogger(writer, "new-cert")
err := InitializeConfig(writer)
if err != nil {
return
}
// Setup directory structure
if err := auth.CreatePkiDirectories(logger, "."); err != nil {
return
}
// Create file paths
pki := path.Join(".", "pki")
reqFile := path.Join(pki, "reqs", viper.GetString("Name")+".req")
privFile := path.Join(pki, "private", viper.GetString("Name")+".key")
crtFile := path.Join(pki, "public", viper.GetString("Name")+".crt")
// Verify it is ok to delete files if they exist
if !viper.GetBool("ForceOverwrite") {
var files []string
for _, filename := range []string{reqFile, privFile, crtFile} {
if _, err := os.Stat(filename); err == nil {
files = append(files, filename)
}
}
if len(files) > 0 {
var input string
fmt.Println("This operation will overwrite these existing files:")
for _, file := range files {
fmt.Println("\t", file)
}
fmt.Print("Are you sure you want to overwrite these files (yN)? ")
fmt.Scanln(&input)
if !strings.Contains(strings.ToLower(input), "y") {
fmt.Println("New certificate was not created.")
return
}
}
}
// generate private key
privatekey, err := rsa.GenerateKey(rand.Reader, viper.GetInt("Bits"))
if err != nil {
logger.Warn("Error generating private key")
return
}
// Create Certificate request
csr, req, err := auth.CreateCertificateRequest(logger, privatekey,
viper.GetString("Name"), viper.GetString("Organization"),
viper.GetString("Country"), viper.GetString("Hosts"))
if err != nil {
logger.Warn("Error creating CA", "err", err.Error())
return
}
// Create Certificate
crt, err := auth.CreateCertificate(logger, csr, privatekey,
viper.GetInt("Years"), viper.GetString("Hosts"))
if err != nil {
logger.Warn("Error creating certificate", "err", err.Error())
return
}
// Save cert request
auth.SaveCertificateRequest(logger, req, reqFile)
// Save private key
auth.SavePrivateKey(logger, privatekey, privFile)
// Save certificate
auth.SaveCertificate(logger, crt, crtFile)
},
}
// Pointer to NewCertCmd used in initialization
var newCertCmd *cobra.Command
// Command line args
var (
Name string
ForceOverwrite bool
)
func init() {
NewCertCmd.PersistentFlags().IntVarP(&KeyBits, "bits", "", 4096, "Number of bits in key")
NewCertCmd.PersistentFlags().StringVarP(&Hosts, "hosts", "", "127.0.0.1", "IP of cert")
NewCertCmd.PersistentFlags().IntVarP(&Years, "years", "", 10, "Number of years until the certificate expires")
NewCertCmd.PersistentFlags().StringVarP(&Organization, "organization", "", "kappa-ca", "Organization for CA")
NewCertCmd.PersistentFlags().StringVarP(&Country, "country", "", "USA", "Country of origin for CA")
NewCertCmd.PersistentFlags().StringVarP(&Name, "name", "", "localhost", "Name of certificate")
NewCertCmd.PersistentFlags().BoolVarP(&ForceOverwrite, "overwrite", "", false, "Overwrite replaces existing certs")
newCertCmd = NewCertCmd
}
// InitializeNewCertConfig sets up the command line options for creating a new certificate
func InitializeNewCertConfig(logger log.Logger) error {
viper.SetDefault("Name", "localhost")
viper.SetDefault("ForceOverwrite", "false")
if newCertCmd.PersistentFlags().Lookup("name").Changed {
logger.Info("", "Name", Name)
viper.Set("Name", Name)
}
if newCertCmd.PersistentFlags().Lookup("overwrite").Changed {
logger.Info("", "ForceOverwrite", ForceOverwrite)
viper.Set("ForceOverwrite", ForceOverwrite)
}
return nil
}