Add ability to pass emailAddress in the SCEP client

syncsynchalt · Sep 11, 2018 · 247ee76 · 247ee76
1 parent 60dc986
commit 247ee76
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 12 deletions.
diff --git a/cmd/scepclient/csr.go b/cmd/scepclient/csr.go
@@ -5,6 +5,7 @@ import (
 	"crypto/rsa"
 	"crypto/x509"
 	"crypto/x509/pkix"
+	"encoding/asn1"
 	"encoding/pem"
 	"errors"
 	"io/ioutil"
@@ -18,9 +19,9 @@ const (
 )
 
 type csrOptions struct {
-	cn, org, country, ou, locality, province, challenge string
-	key                                                 *rsa.PrivateKey
-	sigAlgo                                             x509.SignatureAlgorithm
+	cn, emailAddress, org, country, ou, locality, province, challenge string
+	key                                                               *rsa.PrivateKey
+	sigAlgo                                                           x509.SignatureAlgorithm
 }
 
 func loadOrMakeCSR(path string, opts *csrOptions) (*x509.CertificateRequest, error) {
@@ -41,6 +42,11 @@ func loadOrMakeCSR(path string, opts *csrOptions) (*x509.CertificateRequest, err
 		Locality:           subjOrNil(opts.locality),
 		Country:            subjOrNil(opts.country),
 	}
+	if opts.emailAddress != "" {
+		var oidEmailAddress = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1}
+		subject.ExtraNames = append(subject.ExtraNames, pkix.AttributeTypeAndValue{
+			Type: oidEmailAddress, Value: opts.emailAddress})
+	}
 	template := x509util.CertificateRequest{
 		CertificateRequest: x509.CertificateRequest{
 			Subject:            subject,

diff --git a/cmd/scepclient/scepclient.go b/cmd/scepclient/scepclient.go
@@ -36,6 +36,7 @@ type runCfg struct {
 	selfSignPath string
 	certPath     string
 	cn           string
+	emailAddress string
 	org          string
 	ou           string
 	locality     string
@@ -81,15 +82,16 @@ func run(cfg runCfg) error {
 	}
 
 	opts := &csrOptions{
-		cn:        cfg.cn,
-		org:       cfg.org,
-		country:   strings.ToUpper(cfg.country),
-		ou:        cfg.ou,
-		locality:  cfg.locality,
-		province:  cfg.province,
-		challenge: cfg.challenge,
-		key:       key,
-		sigAlgo:   sigAlgo,
+		cn:           cfg.cn,
+		emailAddress: cfg.emailAddress,
+		org:          cfg.org,
+		country:      strings.ToUpper(cfg.country),
+		ou:           cfg.ou,
+		locality:     cfg.locality,
+		province:     cfg.province,
+		challenge:    cfg.challenge,
+		key:          key,
+		sigAlgo:      sigAlgo,
 	}
 
 	csr, err := loadOrMakeCSR(cfg.csrPath, opts)
@@ -273,6 +275,7 @@ func main() {
 		flKeySize           = flag.Int("keySize", 2048, "rsa key size")
 		flOrg               = flag.String("organization", "scep-client", "organization for cert")
 		flCName             = flag.String("cn", "scepclient", "common name for certificate")
+		flEmailAddress      = flag.String("email-address", "", "emailAddress for certificate")
 		flOU                = flag.String("ou", "MDM", "organizational unit for certificate")
 		flLoc               = flag.String("locality", "", "locality for certificate")
 		flProvince          = flag.String("province", "", "province for certificate")
@@ -318,6 +321,7 @@ func main() {
 		selfSignPath: selfSignPath,
 		certPath:     *flCertPath,
 		cn:           *flCName,
+		emailAddress: *flEmailAddress,
 		org:          *flOrg,
 		country:      *flCountry,
 		locality:     *flLoc,