Implemented basic functionality.
This commit is contained in:
113
main.go
113
main.go
@@ -7,10 +7,19 @@ import (
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var Version = "dev"
|
||||
|
||||
func main() {
|
||||
var configPath string
|
||||
var overwrite bool
|
||||
var subject string
|
||||
var certType string
|
||||
var validity string
|
||||
var san []string
|
||||
var name string
|
||||
var fromFile string
|
||||
var dryRun bool
|
||||
var verbose bool
|
||||
|
||||
var rootCmd = &cobra.Command{
|
||||
Use: "lab-ca",
|
||||
@@ -34,19 +43,112 @@ func main() {
|
||||
|
||||
var issueCmd = &cobra.Command{
|
||||
Use: "issue",
|
||||
Short: "Issue a new client/server certificate",
|
||||
Short: "Issue a new certificate (client, server, server-only, code-signing, email)",
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
IssueCertificate(configPath, subject, overwrite)
|
||||
if fromFile != "" {
|
||||
certDefs, defaults, err := LoadCertificatesFile(fromFile)
|
||||
if err != nil {
|
||||
fmt.Printf("Error loading certificates file: %v\n", err)
|
||||
return
|
||||
}
|
||||
successes := 0
|
||||
errors := 0
|
||||
for i, def := range certDefs {
|
||||
if defaults != nil {
|
||||
if def.Type == "" {
|
||||
def.Type = defaults.Type
|
||||
}
|
||||
if def.Validity == "" {
|
||||
def.Validity = defaults.Validity
|
||||
}
|
||||
if len(def.SAN) == 0 && len(defaults.SAN) > 0 {
|
||||
def.SAN = defaults.SAN
|
||||
}
|
||||
}
|
||||
finalDef := renderCertificateDefTemplates(def, defaults)
|
||||
|
||||
fmt.Printf("[%d/%d] Issuing %s... ", i+1, len(certDefs), finalDef.Name)
|
||||
|
||||
if dryRun {
|
||||
fmt.Printf("(dry run)\n")
|
||||
}
|
||||
|
||||
if verbose {
|
||||
fmt.Printf("\n Name: %s\n", finalDef.Name)
|
||||
fmt.Printf(" Subject: %s\n", finalDef.Subject)
|
||||
fmt.Printf(" Type: %s\n", finalDef.Type)
|
||||
fmt.Printf(" Validity: %s\n", finalDef.Validity)
|
||||
fmt.Printf(" SAN: %v\n\n", finalDef.SAN)
|
||||
}
|
||||
|
||||
basename := finalDef.Name + "." + finalDef.Type
|
||||
|
||||
if dryRun {
|
||||
successes++
|
||||
continue
|
||||
}
|
||||
|
||||
err := IssueCertificateWithBasename(configPath, basename, finalDef.Subject, finalDef.Type, finalDef.Validity, finalDef.SAN, overwrite, dryRun)
|
||||
if err != nil {
|
||||
fmt.Printf("ERROR: %v\n", err)
|
||||
errors++
|
||||
} else {
|
||||
if !verbose {
|
||||
fmt.Printf("done\n")
|
||||
}
|
||||
successes++
|
||||
}
|
||||
}
|
||||
fmt.Printf("Batch complete: %d succeeded, %d failed.\n", successes, errors)
|
||||
return
|
||||
}
|
||||
// Simple mode
|
||||
subjectName := subject
|
||||
if subjectName == "" {
|
||||
subjectName = name
|
||||
}
|
||||
finalDef := renderCertificateDefTemplates(CertificateDef{Name: name, Subject: subject, Type: certType, Validity: validity, SAN: san}, nil)
|
||||
if verbose {
|
||||
fmt.Printf("\nCertificate:\n")
|
||||
fmt.Printf(" Name: %s\n", finalDef.Name)
|
||||
fmt.Printf(" Subject: %s\n", finalDef.Subject)
|
||||
fmt.Printf(" Type: %s\n", finalDef.Type)
|
||||
fmt.Printf(" Validity: %s\n", finalDef.Validity)
|
||||
fmt.Printf(" SAN: %v\n", finalDef.SAN)
|
||||
}
|
||||
IssueCertificate(configPath, finalDef.Name, finalDef.Subject, finalDef.Type, finalDef.Validity, finalDef.SAN, overwrite)
|
||||
},
|
||||
}
|
||||
|
||||
issueCmd.Flags().StringVar(&configPath, "config", "ca_config.hcl", "Path to CA configuration file")
|
||||
issueCmd.Flags().StringVar(&subject, "subject", "", "Subject Common Name for the certificate (required)")
|
||||
issueCmd.Flags().StringVar(&subject, "subject", "", "Subject Common Name for the certificate (optional, defaults to --name)")
|
||||
issueCmd.Flags().StringVar(&certType, "type", "server", "Certificate type: client, server, server-only, code-signing, email")
|
||||
issueCmd.Flags().StringArrayVar(&san, "san", nil,
|
||||
"Subject Alternative Name (SAN). Use multiple times for multiple values.\n"+
|
||||
"Format: dns:example.com, ip:1.2.3.4, email:user@example.com")
|
||||
issueCmd.Flags().StringVar(&validity, "validity", "1y", "Certificate validity (e.g. 2y, 6m, 30d). Overrides config file for this certificate.")
|
||||
issueCmd.Flags().BoolVar(&overwrite, "overwrite", false, "Allow overwriting existing files")
|
||||
issueCmd.MarkFlagRequired("subject")
|
||||
issueCmd.Flags().StringVar(&fromFile, "from-file", "", "Path to HCL file with multiple certificate definitions (batch mode)")
|
||||
issueCmd.Flags().BoolVar(&dryRun, "dry-run", false, "Validate and show what would be created, but do not write files (batch mode)")
|
||||
issueCmd.Flags().BoolVar(&verbose, "verbose", false, "Print detailed information about each processed certificate")
|
||||
// Only require --name in simple mode
|
||||
issueCmd.Flags().StringVar(&name, "name", "", "Name for the certificate and key files (used as subject if --subject is omitted)")
|
||||
issueCmd.PreRun = func(cmd *cobra.Command, args []string) {
|
||||
if fromFile == "" {
|
||||
cmd.MarkFlagRequired("name")
|
||||
}
|
||||
}
|
||||
|
||||
var versionCmd = &cobra.Command{
|
||||
Use: "version",
|
||||
Short: "Show version information",
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
fmt.Printf("lab-ca version: %s\n", Version)
|
||||
},
|
||||
}
|
||||
rootCmd.AddCommand(initcaCmd)
|
||||
rootCmd.AddCommand(issueCmd)
|
||||
rootCmd.AddCommand(versionCmd)
|
||||
|
||||
if err := rootCmd.Execute(); err != nil {
|
||||
os.Exit(1)
|
||||
@@ -62,6 +164,9 @@ func printMainHelp() {
|
||||
fmt.Println("Available commands:")
|
||||
fmt.Println(" initca Generate a new CA certificate and key")
|
||||
fmt.Println(" issue Issue a new client/server certificate")
|
||||
fmt.Println(" version Show version information")
|
||||
fmt.Println()
|
||||
fmt.Println("Use 'lab-ca <command> --help' for more information about a command.")
|
||||
}
|
||||
|
||||
// Remove stray SAN parsing code below main()
|
||||
|
||||
Reference in New Issue
Block a user