lab-ca/main.go

package main

import (
	"fmt"
	"os"

	"github.com/spf13/cobra"
)

var Version = "dev"

func main() {
	var configPath string
	var overwrite bool
	var subject string
	var certType string
	var validity string
	var san []string
	var name string
	var fromFile string
	var dryRun bool
	var verbose bool

	var rootCmd = &cobra.Command{
		Use:   "lab-ca",
		Short: "Certificate Authority Utility",
		Long:  "lab-ca - Certificate Authority Utility",
		Run: func(cmd *cobra.Command, args []string) {
			printMainHelp()
		},
	}

	var initcaCmd = &cobra.Command{
		Use:   "initca",
		Short: "Generate a new CA certificate and key",
		Run: func(cmd *cobra.Command, args []string) {
			InitCA(configPath, overwrite)
		},
	}

	initcaCmd.Flags().StringVar(&configPath, "config", "ca_config.hcl", "Path to CA configuration file")
	initcaCmd.Flags().BoolVar(&overwrite, "overwrite", false, "Allow overwriting existing files")

	var issueCmd = &cobra.Command{
		Use:   "issue",
		Short: "Issue a new certificate (client, server, server-only, code-signing, email)",
		Run: func(cmd *cobra.Command, args []string) {
			if fromFile != "" {
				certDefs, defaults, err := LoadCertificatesFile(fromFile)
				if err != nil {
					fmt.Printf("Error loading certificates file: %v\n", err)
					return
				}
				successes := 0
				errors := 0
				for i, def := range certDefs {
					if defaults != nil {
						if def.Type == "" {
							def.Type = defaults.Type
						}
						if def.Validity == "" {
							def.Validity = defaults.Validity
						}
						if len(def.SAN) == 0 && len(defaults.SAN) > 0 {
							def.SAN = defaults.SAN
						}
					}
					finalDef := renderCertificateDefTemplates(def, defaults)

					fmt.Printf("[%d/%d] Issuing %s... ", i+1, len(certDefs), finalDef.Name)

					if dryRun {
						fmt.Printf("(dry run)\n")
					}

					if verbose {
						fmt.Printf("\n  Name:     %s\n", finalDef.Name)
						fmt.Printf("  Subject:  %s\n", finalDef.Subject)
						fmt.Printf("  Type:     %s\n", finalDef.Type)
						fmt.Printf("  Validity: %s\n", finalDef.Validity)
						fmt.Printf("  SAN:      %v\n\n", finalDef.SAN)
					}

					basename := finalDef.Name + "." + finalDef.Type

					if dryRun {
						successes++
						continue
					}

					err := IssueCertificateWithBasename(configPath, basename, finalDef.Subject, finalDef.Type, finalDef.Validity, finalDef.SAN, overwrite, dryRun)
					if err != nil {
						fmt.Printf("ERROR: %v\n", err)
						errors++
					} else {
						if !verbose {
							fmt.Printf("done\n")
						}
						successes++
					}
				}
				fmt.Printf("Batch complete: %d succeeded, %d failed.\n", successes, errors)
				return
			}
			// Simple mode
			subjectName := subject
			if subjectName == "" {
				subjectName = name
			}
			finalDef := renderCertificateDefTemplates(CertificateDef{Name: name, Subject: subject, Type: certType, Validity: validity, SAN: san}, nil)
			if verbose {
				fmt.Printf("\nCertificate:\n")
				fmt.Printf("  Name:     %s\n", finalDef.Name)
				fmt.Printf("  Subject:  %s\n", finalDef.Subject)
				fmt.Printf("  Type:     %s\n", finalDef.Type)
				fmt.Printf("  Validity: %s\n", finalDef.Validity)
				fmt.Printf("  SAN:      %v\n", finalDef.SAN)
			}
			IssueCertificate(configPath, finalDef.Name, finalDef.Subject, finalDef.Type, finalDef.Validity, finalDef.SAN, overwrite)
		},
	}

	issueCmd.Flags().StringVar(&configPath, "config", "ca_config.hcl", "Path to CA configuration file")
	issueCmd.Flags().StringVar(&subject, "subject", "", "Subject Common Name for the certificate (optional, defaults to --name)")
	issueCmd.Flags().StringVar(&certType, "type", "server", "Certificate type: client, server, server-only, code-signing, email")
	issueCmd.Flags().StringArrayVar(&san, "san", nil,
		"Subject Alternative Name (SAN). Use multiple times for multiple values.\n"+
			"Format: dns:example.com, ip:1.2.3.4, email:user@example.com")
	issueCmd.Flags().StringVar(&validity, "validity", "1y", "Certificate validity (e.g. 2y, 6m, 30d). Overrides config file for this certificate.")
	issueCmd.Flags().BoolVar(&overwrite, "overwrite", false, "Allow overwriting existing files")
	issueCmd.Flags().StringVar(&fromFile, "from-file", "", "Path to HCL file with multiple certificate definitions (batch mode)")
	issueCmd.Flags().BoolVar(&dryRun, "dry-run", false, "Validate and show what would be created, but do not write files (batch mode)")
	issueCmd.Flags().BoolVar(&verbose, "verbose", false, "Print detailed information about each processed certificate")
	// Only require --name in simple mode
	issueCmd.Flags().StringVar(&name, "name", "", "Name for the certificate and key files (used as subject if --subject is omitted)")
	issueCmd.PreRun = func(cmd *cobra.Command, args []string) {
		if fromFile == "" {
			cmd.MarkFlagRequired("name")
		}
	}

	var versionCmd = &cobra.Command{
		Use:   "version",
		Short: "Show version information",
		Run: func(cmd *cobra.Command, args []string) {
			fmt.Printf("lab-ca version: %s\n", Version)
		},
	}
	rootCmd.AddCommand(initcaCmd)
	rootCmd.AddCommand(issueCmd)
	rootCmd.AddCommand(versionCmd)

	if err := rootCmd.Execute(); err != nil {
		os.Exit(1)
	}
}

func printMainHelp() {
	fmt.Println("lab-ca - Certificate Authority Utility")
	fmt.Println()
	fmt.Println("Usage:")
	fmt.Println("  lab-ca <command> [options]")
	fmt.Println()
	fmt.Println("Available commands:")
	fmt.Println("  initca     Generate a new CA certificate and key")
	fmt.Println("  issue      Issue a new client/server certificate")
	fmt.Println("  version     Show version information")
	fmt.Println()
	fmt.Println("Use 'lab-ca <command> --help' for more information about a command.")
}