Added overwrite protection.

main.go

@@ -102,8 +102,16 @@ func FileMode(secure bool) os.FileMode {
 	}
 }
 
-func SavePEM(filename string, data []byte, secure bool) error {
+func SavePEM(filename string, data []byte, secure bool, overwrite bool) error {
-	return os.WriteFile(filename, data, FileMode(secure))
+	if !overwrite {
+		if _, err := os.Stat(filename); err == nil {
+			return fmt.Errorf("file %s already exists (overwrite not allowed)", filename)
+		} else if !os.IsNotExist(err) {
+			return fmt.Errorf("could not check file %s: %v", filename, err)
+		}
+	}
+	mode := FileMode(secure)
+	return os.WriteFile(filename, data, mode)
 }
 
 // Validate checks required fields and sets defaults for CAConfig
@@ -129,6 +137,7 @@ func (c *CAConfig) Validate() error {
 func main() {
 	initCA := flag.Bool("initca", false, "Generate a new CA certificate and key")
 	configPath := flag.String("config", "ca_config.hcl", "Path to CA configuration file")
+	overwrite := flag.Bool("overwrite", false, "Allow overwriting existing files")
 	flag.Parse()
 
 	if *initCA {
@@ -142,8 +151,14 @@ func main() {
 			fmt.Println("Error generating CA:", err)
 			return
 		}
-		SavePEM("ca_cert.pem", certPEM, false)
+		if err := SavePEM("ca_cert.pem", certPEM, false, *overwrite); err != nil {
-		SavePEM("ca_key.pem", keyPEM, true)
+			fmt.Println("Error saving CA certificate:", err)
+			return
+		}
+		if err := SavePEM("ca_key.pem", keyPEM, true, *overwrite); err != nil {
+			fmt.Println("Error saving CA key:", err)
+			return
+		}
 		fmt.Println("CA certificate and key generated.")
 		return
 	}