slawek/lab-ca
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Renamed struct types.

Browse Source
This commit is contained in:
Sławek Koszewski
2025-07-27 14:44:06 +02:00
parent 82142d70de
commit 859f3606b1
1 changed files with 40 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
ca.go
View File

@@ -16,46 +16,45 @@ import (
hclparse "github.com/hashicorp/hcl/v2/hclparse" hclparse "github.com/hashicorp/hcl/v2/hclparse"
) )
type PathsConfig struct { type Paths struct {
Certificates string `hcl:"certificates"` Certificates string `hcl:"certificates"`
PrivateKeys string `hcl:"private_keys"` PrivateKeys string `hcl:"private_keys"`
} }
type CAConfig struct { type CA struct {
Label string `hcl:",label"` Label string `hcl:",label"`
Name string `hcl:"name"` Name string `hcl:"name"`
Country string `hcl:"country"` Country string `hcl:"country"`
Organization string `hcl:"organization"` Organization string `hcl:"organization"`
SerialType string `hcl:"serial_type"` SerialType string `hcl:"serial_type"`
Paths PathsConfig `hcl:"paths,block"` Paths Paths `hcl:"paths,block"`
} }
type ConfigFile struct { type Configuration struct {
CAs []CAConfig `hcl:"ca,block"` CA CA `hcl:"ca,block"`
} }
func LoadCAConfig(path string) (*CAConfig, error) { func LoadCA(path string) (*CA, error) {
parser := hclparse.NewParser() parser := hclparse.NewParser()
file, diags := parser.ParseHCLFile(path) file, diags := parser.ParseHCLFile(path)
if diags.HasErrors() { if diags.HasErrors() {
return nil, fmt.Errorf("failed to parse HCL: %s", diags.Error()) return nil, fmt.Errorf("failed to parse HCL: %s", diags.Error())
} }
var configFile ConfigFile var config Configuration
diags = gohcl.DecodeBody(file.Body, nil, &configFile) diags = gohcl.DecodeBody(file.Body, nil, &config)
if diags.HasErrors() { if diags.HasErrors() {
return nil, fmt.Errorf("failed to decode HCL: %s", diags.Error()) return nil, fmt.Errorf("failed to decode HCL: %s", diags.Error())
} }
if len(configFile.CAs) == 0 { if (CA{}) == config.CA {
return nil, fmt.Errorf("no 'ca' block found in config file") return nil, fmt.Errorf("no 'ca' block found in config file")
} }
ca := &configFile.CAs[0] if err := config.CA.Validate(); err != nil {
if err := ca.Validate(); err != nil {
return nil, err return nil, err
} }
return ca, nil return &config.CA, nil
} }
func GenerateCA(config *CAConfig) ([]byte, []byte, error) { func GenerateCA(ca *CA) ([]byte, []byte, error) {
priv, err := rsa.GenerateKey(rand.Reader, 4096) priv, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
@@ -68,9 +67,9 @@ func GenerateCA(config *CAConfig) ([]byte, []byte, error) {
tmpl := x509.Certificate{ tmpl := x509.Certificate{
SerialNumber: serialNumber, SerialNumber: serialNumber,
Subject: pkix.Name{ Subject: pkix.Name{
Country: []string{config.Country}, Country: []string{ca.Country},
Organization: []string{config.Organization}, Organization: []string{ca.Organization},
CommonName: config.Name, CommonName: ca.Name,
}, },
NotBefore: time.Now(), NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0), NotAfter: time.Now().AddDate(10, 0, 0),
@@ -103,7 +102,7 @@ func SavePEM(filename string, data []byte, secure bool, overwrite bool) error {
} }
} }
func (p *PathsConfig) Validate() error { func (p *Paths) Validate() error {
if p.Certificates == "" { if p.Certificates == "" {
return fmt.Errorf("paths.certificates is required") return fmt.Errorf("paths.certificates is required")
} }
@@ -113,7 +112,7 @@ func (p *PathsConfig) Validate() error {
return nil return nil
} }
func (c *CAConfig) Validate() error { func (c *CA) Validate() error {
if c.Name == "" { if c.Name == "" {
return fmt.Errorf("CA 'name' is required") return fmt.Errorf("CA 'name' is required")
} }
@@ -136,34 +135,36 @@ func (c *CAConfig) Validate() error {
} }
func InitCA(configPath string, overwrite bool) { func InitCA(configPath string, overwrite bool) {
config, err := LoadCAConfig(configPath) ca, err := LoadCA(configPath)
if err != nil { if err != nil {
fmt.Println("Error loading config:", err) fmt.Println("Error loading config:", err)
return return
} }
// Create directories for certificates and private keys if they don't exist // Create certificates directory with 0755, private keys with 0700
dirs := []string{config.Paths.Certificates, config.Paths.PrivateKeys} if ca.Paths.Certificates != "" {
for _, dir := range dirs { if err := os.MkdirAll(ca.Paths.Certificates, 0755); err != nil {
if dir == "" { fmt.Printf("Error creating certificates directory '%s': %v\n", ca.Paths.Certificates, err)
continue return
} }
if err := os.MkdirAll(dir, 0700); err != nil { }
fmt.Printf("Error creating directory '%s': %v\n", dir, err) if ca.Paths.PrivateKeys != "" {
if err := os.MkdirAll(ca.Paths.PrivateKeys, 0700); err != nil {
fmt.Printf("Error creating private keys directory '%s': %v\n", ca.Paths.PrivateKeys, err)
return return
} }
} }
certPEM, keyPEM, err := GenerateCA(config) certPEM, keyPEM, err := GenerateCA(ca)
if err != nil { if err != nil {
fmt.Println("Error generating CA:", err) fmt.Println("Error generating CA:", err)
return return
} }
if err := SavePEM(filepath.Join(config.Paths.Certificates, "ca_cert.pem"), certPEM, false, overwrite); err != nil { if err := SavePEM(filepath.Join(ca.Paths.Certificates, "ca_cert.pem"), certPEM, false, overwrite); err != nil {
fmt.Println("Error saving CA certificate:", err) fmt.Println("Error saving CA certificate:", err)
return return
} }
if err := SavePEM(filepath.Join(config.Paths.PrivateKeys, "ca_key.pem"), keyPEM, true, overwrite); err != nil { if err := SavePEM(filepath.Join(ca.Paths.PrivateKeys, "ca_key.pem"), keyPEM, true, overwrite); err != nil {
fmt.Println("Error saving CA key:", err) fmt.Println("Error saving CA key:", err)
return return
} }
@@ -171,14 +172,14 @@ func InitCA(configPath string, overwrite bool) {
} }
func IssueCertificate(configPath, subject string, overwrite bool) { func IssueCertificate(configPath, subject string, overwrite bool) {
config, err := LoadCAConfig(configPath) ca, err := LoadCA(configPath)
if err != nil { if err != nil {
fmt.Println("Error loading config:", err) fmt.Println("Error loading config:", err)
return return
} }
caCertPath := filepath.Join(config.Paths.Certificates, "ca_cert.pem") caCertPath := filepath.Join(ca.Paths.Certificates, "ca_cert.pem")
caKeyPath := filepath.Join(config.Paths.PrivateKeys, "ca_key.pem") caKeyPath := filepath.Join(ca.Paths.PrivateKeys, "ca_key.pem")
caCertPEM, err := os.ReadFile(caCertPath) caCertPEM, err := os.ReadFile(caCertPath)
if err != nil { if err != nil {
@@ -241,8 +242,8 @@ func IssueCertificate(configPath, subject string, overwrite bool) {
certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER}) certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})
keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
certFile := filepath.Join(config.Paths.Certificates, subject+".crt.pem") certFile := filepath.Join(ca.Paths.Certificates, subject+".crt.pem")
keyFile := filepath.Join(config.Paths.PrivateKeys, subject+".key.pem") keyFile := filepath.Join(ca.Paths.PrivateKeys, subject+".key.pem")
if err := SavePEM(certFile, certPEM, false, overwrite); err != nil { if err := SavePEM(certFile, certPEM, false, overwrite); err != nil {
fmt.Println("Error saving certificate:", err) fmt.Println("Error saving certificate:", err)
return return