Mostly implemented issue and provision commands. Restructured AI generateed code.

2025-07-28 10:20:52 +02:00
parent 9696f95043
commit 0e86c49965
5 changed files with 286 additions and 208 deletions
--- a/main.go
+++ b/main.go
@@ -8,7 +8,6 @@ import (
 )

 var Version = "dev"
-var configPath string

 func main() {

@@ -18,7 +17,6 @@ func main() {
 	var validity string
 	var san []string
 	var name string
-	var fromFile string
 	var dryRun bool
 	var verbose bool
 	var crlFile string
@@ -26,6 +24,7 @@ func main() {
 	var revokeName string
 	var revokeSerial string
 	var revokeReasonStr string
+	var provisionFile string

 	var rootCmd = &cobra.Command{
 		Use:   "lab-ca",
@@ -36,6 +35,13 @@ func main() {
 		},
 	}

+	// Define persistent flags (global for all commands)
+	rootCmd.PersistentFlags().BoolVar(&overwrite, "overwrite", false, "Allow overwriting existing files")
+	rootCmd.PersistentFlags().BoolVar(&verbose, "verbose", false, "Print detailed information about each processed certificate")
+	rootCmd.PersistentFlags().BoolVar(&dryRun, "dry-run", false, "Validate and show what would be created, but do not write files (batch mode)")
+	rootCmd.PersistentFlags().StringVar(&CAConfigPath, "config-path", "ca_config.hcl", "Path to CA configuration file")
+
+	// lab-ca initca command
 	var initCmd = &cobra.Command{
 		Use:   "initca",
 		Short: "Generate a new CA certificate and key",
@@ -43,83 +49,57 @@ func main() {
 			InitCA(overwrite)
 		},
 	}
+	rootCmd.AddCommand(initCmd)

-	initCmd.Flags().StringVar(&configPath, "config", "ca_config.hcl", "Path to CA configuration file")
-	initCmd.Flags().BoolVar(&overwrite, "overwrite", false, "Allow overwriting existing files")
-
+	// lab-ca issue command
 	var issueCmd = &cobra.Command{
 		Use:   "issue",
 		Short: "Issue a new certificate (client, server, server-only, code-signing, email)",
 		Run: func(cmd *cobra.Command, args []string) {
-			if err := LoadCA(); err != nil {
-				fmt.Fprintf(os.Stderr, "ERROR: %v\n", err)
-				os.Exit(1)
-			}
-			if err := IssueCertificate(configPath,
-				subject,
-				certType,
-				validity,
-				san,
-				name,
-				fromFile,
-				overwrite,
-				dryRun,
-				verbose); err != nil {
+			err := IssueCertificate(CertificateDefinition{
+				Name:     name,
+				Subject:  subject,
+				Type:     certType,
+				Validity: validity,
+				SAN:      san,
+			}, overwrite, dryRun, verbose)
+
+			if err != nil {
 				fmt.Fprintf(os.Stderr, "ERROR: %v\n", err)
 				os.Exit(1)
 			}
 		},
 	}

-	issueCmd.Flags().StringVar(&configPath, "config", "ca_config.hcl", "Path to CA configuration file")
+	issueCmd.Flags().StringVar(&name, "name", "", "Name for the certificate and key files (used as subject if --subject is omitted)")
 	issueCmd.Flags().StringVar(&subject, "subject", "", "Subject Common Name for the certificate (optional, defaults to --name)")
 	issueCmd.Flags().StringVar(&certType, "type", "server", "Certificate type: client, server, server-only, code-signing, email")
 	issueCmd.Flags().StringArrayVar(&san, "san", nil,
-		"Subject Alternative Name (SAN). Use multiple times for multiple values.\n"+
-			"Format: dns:example.com, ip:1.2.3.4, email:user@example.com")
+		"Subject Alternative Name (SAN). Use multiple times for multiple values.\nFormat: dns:example.com, ip:1.2.3.4, email:user@example.com")
 	issueCmd.Flags().StringVar(&validity, "validity", "1y", "Certificate validity (e.g. 2y, 6m, 30d). Overrides config file for this certificate.")
-	issueCmd.Flags().BoolVar(&overwrite, "overwrite", false, "Allow overwriting existing files")
-	issueCmd.Flags().StringVar(&fromFile, "from-file", "", "Path to HCL file with multiple certificate definitions (batch mode)")
-	issueCmd.Flags().BoolVar(&dryRun, "dry-run", false, "Validate and show what would be created, but do not write files (batch mode)")
-	issueCmd.Flags().BoolVar(&verbose, "verbose", false, "Print detailed information about each processed certificate")
-	// Only require --name in simple mode
-	issueCmd.Flags().StringVar(&name, "name", "", "Name for the certificate and key files (used as subject if --subject is omitted)")
-	issueCmd.PreRun = func(cmd *cobra.Command, args []string) {
-		if fromFile == "" {
-			cmd.MarkFlagRequired("name")
-		}
-	}
+	issueCmd.MarkFlagRequired("name")
+	rootCmd.AddCommand(issueCmd)

-	var versionCmd = &cobra.Command{
-		Use:   "version",
-		Short: "Show version information",
+	// lab-ca provision command
+	var provisionCmd = &cobra.Command{
+		Use:   "provision",
+		Short: "Provision certificates from a batch file (HCL)",
 		Run: func(cmd *cobra.Command, args []string) {
-			fmt.Printf("lab-ca version: %s\n", Version)
-		},
-	}

-	var crlCmd = &cobra.Command{
-		Use:   "crl",
-		Short: "Generate a Certificate Revocation List (CRL)",
-		Run: func(cmd *cobra.Command, args []string) {
-			if err := LoadCA(); err != nil {
-				fmt.Printf("ERROR: %v\n", err)
-				os.Exit(1)
-			}
-			if crlValidityDays <= 0 {
-				crlValidityDays = 30 // default to 30 days
-			}
-			err := CAState.GenerateCRL(crlFile, crlValidityDays)
+			err := ProvisionCertificates(provisionFile, overwrite, false, verbose)
+
 			if err != nil {
-				fmt.Printf("ERROR generating CRL: %v\n", err)
+				fmt.Fprintf(os.Stderr, "ERROR: %v\n", err)
 				os.Exit(1)
 			}
-			fmt.Printf("CRL written to %s (valid for %d days)\n", crlFile, crlValidityDays)
 		},
 	}
-	crlCmd.Flags().StringVar(&crlFile, "crl-file", "crl.pem", "Output path for CRL file (default: crl.pem)")
-	crlCmd.Flags().IntVar(&crlValidityDays, "validity-days", 30, "CRL validity in days (default: 30)")

+	provisionCmd.Flags().StringVar(&provisionFile, "file", "", "Path to HCL file with certificate definitions (required)")
+	provisionCmd.MarkFlagRequired("file")
+	rootCmd.AddCommand(provisionCmd)
+
+	// lab-ca revoke command
 	var revokeCmd = &cobra.Command{
 		Use:   "revoke",
 		Short: "Revoke a certificate by name or serial number",
@@ -178,13 +158,42 @@ func main() {
 	revokeCmd.Flags().StringVar(&revokeName, "name", "", "Certificate name to revoke (mutually exclusive with --serial)")
 	revokeCmd.Flags().StringVar(&revokeSerial, "serial", "", "Certificate serial number to revoke (mutually exclusive with --name)")
 	revokeCmd.Flags().StringVar(&revokeReasonStr, "reason", "cessationOfOperation", "Revocation reason (unspecified, keyCompromise, caCompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, removeFromCRL)")
-
-	rootCmd.AddCommand(initCmd)
-	rootCmd.AddCommand(issueCmd)
-	rootCmd.AddCommand(versionCmd)
-	rootCmd.AddCommand(crlCmd)
 	rootCmd.AddCommand(revokeCmd)

+	// lab-ca crl command
+	var crlCmd = &cobra.Command{
+		Use:   "crl",
+		Short: "Generate a Certificate Revocation List (CRL)",
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := LoadCA(); err != nil {
+				fmt.Printf("ERROR: %v\n", err)
+				os.Exit(1)
+			}
+			if crlValidityDays <= 0 {
+				crlValidityDays = 30 // default to 30 days
+			}
+			err := CAState.GenerateCRL(crlFile, crlValidityDays)
+			if err != nil {
+				fmt.Printf("ERROR generating CRL: %v\n", err)
+				os.Exit(1)
+			}
+			fmt.Printf("CRL written to %s (valid for %d days)\n", crlFile, crlValidityDays)
+		},
+	}
+	crlCmd.Flags().StringVar(&crlFile, "crl-file", "crl.pem", "Output path for CRL file (default: crl.pem)")
+	crlCmd.Flags().IntVar(&crlValidityDays, "validity-days", 30, "CRL validity in days (default: 30)")
+	rootCmd.AddCommand(crlCmd)
+
+	// lab-ca version command
+	var versionCmd = &cobra.Command{
+		Use:   "version",
+		Short: "Show version information",
+		Run: func(cmd *cobra.Command, args []string) {
+			fmt.Printf("lab-ca version: %s\n", Version)
+		},
+	}
+	rootCmd.AddCommand(versionCmd)
+
 	if err := rootCmd.Execute(); err != nil {
 		os.Exit(1)
 	}
@@ -198,10 +207,11 @@ func printMainHelp() {
 	fmt.Println()
 	fmt.Println("Available commands:")
 	fmt.Println("  initca     Generate a new CA certificate and key")
-	fmt.Println("  issue      Issue a new client/server certificate")
-	fmt.Println("  version     Show version information")
+	fmt.Println("  issue      Issue a new certificate")
+	fmt.Println("  version    Show version information")
 	fmt.Println("  crl        Generate a Certificate Revocation List (CRL)")
-	fmt.Println("  revoke      Revoke a certificate by name or serial number")
+	fmt.Println("  revoke     Revoke a certificate by name or serial number")
+	fmt.Println("  provision   Provision certificates from a batch file (HCL)")
 	fmt.Println()
 	fmt.Println("Use 'lab-ca <command> --help' for more information about a command.")
 }