forked from smallstep/cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
flags.go
187 lines (157 loc) 路 5.59 KB
/
flags.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
package flags
import (
"path/filepath"
"time"
"github.com/smallstep/certificates/api"
"github.com/smallstep/cli/config"
"github.com/smallstep/cli/errs"
"github.com/urfave/cli"
)
var (
// KTY is the flag to set the key type.
KTY = cli.StringFlag{
Name: "kty",
Value: "EC",
Usage: `The <kty> to build the certificate upon.
If unset, default is EC.
: <kty> is a case-sensitive string and must be one of:
**EC**
: Create an **elliptic curve** keypair
**OKP**
: Create an octet key pair (for **"Ed25519"** curve)
**RSA**
: Create an **RSA** keypair`,
}
// Size is the flag to set the key size.
Size = cli.IntFlag{
Name: "size",
Usage: `The <size> (in bits) of the key for RSA and oct key types. RSA keys require a
minimum key size of 2048 bits. If unset, default is 2048 bits for RSA keys and 128 bits for oct keys.`,
}
// Curve is the flag to se the key curve.
Curve = cli.StringFlag{
Name: "crv, curve",
Usage: `The elliptic <curve> to use for EC and OKP key types. Corresponds
to the **"crv"** JWK parameter. Valid curves are defined in JWA [RFC7518]. If
unset, default is P-256 for EC keys and Ed25519 for OKP keys.
: <curve> is a case-sensitive string and must be one of:
**P-256**
: NIST P-256 Curve
**P-384**
: NIST P-384 Curve
**P-521**
: NIST P-521 Curve
**Ed25519**
: Ed25519 Curve`,
}
// Subtle is the flag required for delicate operations.
Subtle = cli.BoolFlag{
Name: "subtle",
}
// Insecure is the flag required on insecure operations
Insecure = cli.BoolFlag{
Name: "insecure",
}
// Force is a cli.Flag used to overwrite files.
Force = cli.BoolFlag{
Name: "f,force",
Usage: "Force the overwrite of files without asking.",
}
// PasswordFile is a cli.Flag used to pass a file to encrypt or decrypt a
// private key.
PasswordFile = cli.StringFlag{
Name: "password-file",
Usage: `The path to the <file> containing the password to encrypt or decrypt the private key.`,
}
// NoPassword is a cli.Flag used to avoid using a password to encrypt private
// keys.
NoPassword = cli.BoolFlag{
Name: "no-password",
Usage: `Do not ask for a password to encrypt a private key. Sensitive key material will
be written to disk unencrypted. This is not recommended. Requires **--insecure** flag.`,
}
// Token is a cli.Flag used to pass the CA token.
Token = cli.StringFlag{
Name: "token",
Usage: `The one-time <token> used to authenticate with the CA in order to create the
certificate.`,
}
// NotBefore is a cli.Flag used to pass the start period of the certificate
// validity.
NotBefore = cli.StringFlag{
Name: "not-before",
Usage: `The <time|duration> when the certificate validity period starts. If a <time> is
used it is expected to be in RFC 3339 format. If a <duration> is used, it is a
sequence of decimal numbers, each with optional fraction and a unit suffix, such
as "300ms", "-1.5h" or "2h45m". Valid time units are "ns", "us" (or "碌s"), "ms",
"s", "m", "h".`,
}
// NotAfter is a cli.Flag used to pass the end period of the certificate
// validity.
NotAfter = cli.StringFlag{
Name: "not-after",
Usage: `The <time|duration> when the certificate validity period ends. If a <time> is
used it is expected to be in RFC 3339 format. If a <duration> is used, it is a
sequence of decimal numbers, each with optional fraction and a unit suffix, such
as "300ms", "-1.5h" or "2h45m". Valid time units are "ns", "us" (or "碌s"), "ms",
"s", "m", "h".`,
}
// Provisioner is a cli.Flag used to pass the CA provisioner to use.
Provisioner = cli.StringFlag{
Name: "provisioner,issuer",
Usage: "The provisioner <name> to use.",
}
// CaURL is a cli.Flag used to pass the CA url.
CaURL = cli.StringFlag{
Name: "ca-url",
Usage: "<URI> of the targeted Step Certificate Authority.",
}
// Root is a cli.Flag used to pass the path of the root certificate to use.
Root = cli.StringFlag{
Name: "root",
Usage: "The path to the PEM <file> used as the root certificate authority.",
}
// Offline is a cli.Flag used to activate the offline flow.
Offline = cli.BoolFlag{
Name: "offline",
Usage: `Creates a certificate without contacting the certificate authority. Offline mode
uses the configuration, certificates, and keys created with **step ca init**,
but can accept a different configuration file using '--ca-config>' flag.`,
}
// CaConfig is a cli.Flag used to pass the CA configuration file.
CaConfig = cli.StringFlag{
Name: "ca-config",
Usage: `The <path> to the certificate authority configuration file. Defaults to
$STEPPATH/config/ca.json`,
Value: filepath.Join(config.StepPath(), "config", "ca.json"),
}
)
// ParseTimeOrDuration is a helper that returns the time or the current time
// with an extra duration. It's used in flags like --not-before, --not-after.
func ParseTimeOrDuration(s string) (time.Time, bool) {
if s == "" {
return time.Time{}, true
}
var t time.Time
if err := t.UnmarshalText([]byte(s)); err != nil {
d, err := time.ParseDuration(s)
if err != nil {
return time.Time{}, false
}
t = time.Now().Add(d)
}
return t, true
}
// ParseTimeDuration parses the not-before and not-after flags as a timeDuration
func ParseTimeDuration(ctx *cli.Context) (notBefore api.TimeDuration, notAfter api.TimeDuration, err error) {
var zero api.TimeDuration
notBefore, err = api.ParseTimeDuration(ctx.String("not-before"))
if err != nil {
return zero, zero, errs.InvalidFlagValue(ctx, "not-before", ctx.String("not-before"), "")
}
notAfter, err = api.ParseTimeDuration(ctx.String("not-after"))
if err != nil {
return zero, zero, errs.InvalidFlagValue(ctx, "not-after", ctx.String("not-after"), "")
}
return
}