From 69f49af3f63c842f24ca26e248df9a83b50089b2 Mon Sep 17 00:00:00 2001
From: Slawek Koszewski <slawek@koszewscy.waw.pl>
Date: Sun, 27 Jul 2025 11:52:07 +0200
Subject: [PATCH] Added overwrite protection.

---
 main.go | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/main.go b/main.go
index f006d67..09c31e5 100644
--- a/main.go
+++ b/main.go
@@ -102,8 +102,16 @@ func FileMode(secure bool) os.FileMode {
 	}
 }
 
-func SavePEM(filename string, data []byte, secure bool) error {
-	return os.WriteFile(filename, data, FileMode(secure))
+func SavePEM(filename string, data []byte, secure bool, overwrite bool) error {
+	if !overwrite {
+		if _, err := os.Stat(filename); err == nil {
+			return fmt.Errorf("file %s already exists (overwrite not allowed)", filename)
+		} else if !os.IsNotExist(err) {
+			return fmt.Errorf("could not check file %s: %v", filename, err)
+		}
+	}
+	mode := FileMode(secure)
+	return os.WriteFile(filename, data, mode)
 }
 
 // Validate checks required fields and sets defaults for CAConfig
@@ -129,6 +137,7 @@ func (c *CAConfig) Validate() error {
 func main() {
 	initCA := flag.Bool("initca", false, "Generate a new CA certificate and key")
 	configPath := flag.String("config", "ca_config.hcl", "Path to CA configuration file")
+	overwrite := flag.Bool("overwrite", false, "Allow overwriting existing files")
 	flag.Parse()
 
 	if *initCA {
@@ -142,8 +151,14 @@ func main() {
 			fmt.Println("Error generating CA:", err)
 			return
 		}
-		SavePEM("ca_cert.pem", certPEM, false)
-		SavePEM("ca_key.pem", keyPEM, true)
+		if err := SavePEM("ca_cert.pem", certPEM, false, *overwrite); err != nil {
+			fmt.Println("Error saving CA certificate:", err)
+			return
+		}
+		if err := SavePEM("ca_key.pem", keyPEM, true, *overwrite); err != nil {
+			fmt.Println("Error saving CA key:", err)
+			return
+		}
 		fmt.Println("CA certificate and key generated.")
 		return
 	}