slawek/simple-ca
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Update all commands to use --ca-dir flag instead of positional argument.
/ test-bash (push) Waiting to run
Details
/ test-python (push) Failing after 44s
Details
/ test-go (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Sławek Koszewski
2026-05-10 18:32:47 +02:00
parent 1cae1a87da
commit 87e3933f0c
2 changed files with 42 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
simple-ca.sh
+14 -5
View File
@@ -43,6 +43,7 @@ function make_ca() {
# CA defaults to the main CA if not specified, but can be overridden with --issuing-ca # CA defaults to the main CA if not specified, but can be overridden with --issuing-ca
local CA_FILE_PREFIX="ca" local CA_FILE_PREFIX="ca"
local AIA_BASE_URL="" local AIA_BASE_URL=""
local CA_DIR=""
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case "$1" in case "$1" in
@@ -74,16 +75,23 @@ function make_ca() {
AIA_BASE_URL="$2" AIA_BASE_URL="$2"
shift 2 shift 2
;; ;;
--ca-dir)
if [[ -z "$2" ]]; then
echo "ERROR: Missing value for --ca-dir." >&2
return 1
fi
CA_DIR="$2"
shift 2
;;
*) *)
break break
;; ;;
esac esac
done done
# Use the provided directory argument local CA_NAME="$1"
local CA_DIR="$1" shift 1
local CA_NAME="$2" CA_DIR="${CA_DIR:-${SIMPLE_CA_DIR:-$(pwd)}}"
shift 2
if [[ -z "$CA_DIR" || ! -d "$CA_DIR" ]]; then if [[ -z "$CA_DIR" || ! -d "$CA_DIR" ]]; then
echo "ERROR: Certificate directory $CA_DIR does not exist." echo "ERROR: Certificate directory $CA_DIR does not exist."
@@ -231,7 +239,7 @@ function make_cert() {
local CERT_SUBJECT_NAME="$2" local CERT_SUBJECT_NAME="$2"
shift 2 shift 2
CA_DIR="${CA_DIR:-$CERT_DIR}" CA_DIR="${CA_DIR:-${SIMPLE_CA_DIR:-$(pwd)}}"
local AIA_BASE_URL_FILE="$CA_DIR/aia_base_url.txt" local AIA_BASE_URL_FILE="$CA_DIR/aia_base_url.txt"
local AIA_URL="" local AIA_URL=""
@@ -371,6 +379,7 @@ function make_pfx() {
esac esac
done done
CA_DIR="${CA_DIR:-${SIMPLE_CA_DIR:-$(pwd)}}"
local ROOT_CA_CERT="ca_cert.pem" local ROOT_CA_CERT="ca_cert.pem"
local ROOT_CA_KEY="ca_key.pem" local ROOT_CA_KEY="ca_key.pem"
local CA_CERT="${CA_FILE_PREFIX:-ca}_cert.pem" local CA_CERT="${CA_FILE_PREFIX:-ca}_cert.pem"
src/simple-ca/main.go
+28 -19
View File
@@ -30,6 +30,8 @@ import (
"encoding/pem" "encoding/pem"
"errors" "errors"
"fmt" "fmt"
"github.com/spf13/cobra"
"math/big" "math/big"
"net" "net"
"os" "os"
@@ -38,7 +40,6 @@ import (
"strings" "strings"
"time" "time"
"github.com/spf13/cobra"
"software.sslmate.com/src/go-pkcs12" "software.sslmate.com/src/go-pkcs12"
) )
@@ -278,9 +279,6 @@ func makeCert(certDir, subjectName string, sans []string, caDir, issuingCA strin
if prefix == "" { if prefix == "" {
prefix = "ca" prefix = "ca"
} }
if caDir == "" {
caDir = certDir
}
if certDir == "" || !dirExists(certDir) { if certDir == "" || !dirExists(certDir) {
return fmt.Errorf("certificate directory %s does not exist", certDir) return fmt.Errorf("certificate directory %s does not exist", certDir)
} }
@@ -461,6 +459,17 @@ func makePFX(certPath, caDir, issuingCA, password string) error {
return nil return nil
} }
func resolveCADir(flagVal string) string {
if flagVal != "" {
return flagVal
}
if env := os.Getenv("SIMPLE_CA_DIR"); env != "" {
return env
}
cwd, _ := os.Getwd()
return cwd
}
func newRootCmd() *cobra.Command { func newRootCmd() *cobra.Command {
root := &cobra.Command{ root := &cobra.Command{
Use: "simple-ca", Use: "simple-ca",
@@ -477,36 +486,40 @@ func newMakeCACmd() *cobra.Command {
days int days int
issuingCA string issuingCA string
aiaBaseURL string aiaBaseURL string
caDir string
) )
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "make-ca CA_DIR CA_NAME", Use: "make-ca CA_NAME",
Short: "Create a root or issuing CA.", Short: "Create a root or issuing CA.",
Args: cobra.ExactArgs(2), Args: cobra.ExactArgs(1),
RunE: func(_ *cobra.Command, args []string) error { RunE: func(_ *cobra.Command, args []string) error {
return makeCA(args[0], args[1], days, issuingCA, aiaBaseURL) return makeCA(resolveCADir(caDir), args[0], days, issuingCA, aiaBaseURL)
}, },
} }
cmd.Flags().IntVar(&days, "days", 3650, "validity period in days") cmd.Flags().IntVar(&days, "days", 3650, "validity period in days")
cmd.Flags().StringVar(&issuingCA, "issuing-ca", "", "issuing CA file prefix (creates an issuing CA signed by the root)") cmd.Flags().StringVar(&issuingCA, "issuing-ca", "", "issuing CA file prefix (creates an issuing CA signed by the root)")
cmd.Flags().StringVar(&aiaBaseURL, "aia-base-url", "", "base URL for the AIA caIssuers extension") cmd.Flags().StringVar(&aiaBaseURL, "aia-base-url", "", "base URL for the AIA caIssuers extension")
cmd.Flags().StringVar(&caDir, "ca-dir", "", "directory for CA files")
return cmd return cmd
} }
func newMakeCertCmd() *cobra.Command { func newMakeCertCmd() *cobra.Command {
var ( var (
certDir string
caDir string caDir string
issuingCA string issuingCA string
days int days int
) )
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "make-cert CERT_DIR SUBJECT [SAN...]", Use: "make-cert SUBJECT [SAN...]",
Short: "Create a server/client certificate signed by the CA.", Short: "Create a server/client certificate signed by the CA.",
Args: cobra.MinimumNArgs(2), Args: cobra.MinimumNArgs(1),
RunE: func(_ *cobra.Command, args []string) error { RunE: func(_ *cobra.Command, args []string) error {
return makeCert(args[0], args[1], args[2:], caDir, issuingCA, days) return makeCert(certDir, args[0], args[1:], resolveCADir(caDir), issuingCA, days)
}, },
} }
cmd.Flags().StringVar(&caDir, "ca-dir", "", "CA directory (defaults to CERT_DIR)") cmd.Flags().StringVar(&certDir, "cert-dir", "", "directory to store the certificate files")
cmd.Flags().StringVar(&caDir, "ca-dir", "", "CA directory")
cmd.Flags().StringVar(&issuingCA, "issuing-ca", "", "issuing CA file prefix") cmd.Flags().StringVar(&issuingCA, "issuing-ca", "", "issuing CA file prefix")
cmd.Flags().IntVar(&days, "days", 365, "validity period in days") cmd.Flags().IntVar(&days, "days", 365, "validity period in days")
return cmd return cmd
@@ -516,23 +529,19 @@ func newMakePFXCmd() *cobra.Command {
var ( var (
caDir string caDir string
issuingCA string issuingCA string
certPath string
password string password string
) )
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "make-pfx --ca-dir DIR --path CERT_PATH [flags]", Use: "make-pfx CERT_PATH",
Short: "Create a PKCS#12 (PFX) bundle for a leaf certificate.", Short: "Create a PKCS#12 (PFX) bundle for a leaf certificate.",
Args: cobra.NoArgs, Args: cobra.ExactArgs(1),
RunE: func(_ *cobra.Command, _ []string) error { RunE: func(_ *cobra.Command, args []string) error {
return makePFX(certPath, caDir, issuingCA, password) return makePFX(args[0], resolveCADir(caDir), issuingCA, password)
}, },
} }
cmd.Flags().StringVar(&caDir, "ca-dir", "", "CA directory") cmd.Flags().StringVar(&caDir, "ca-dir", "", "CA directory")
cmd.Flags().StringVar(&issuingCA, "issuing-ca", "", "issuing CA file prefix") cmd.Flags().StringVar(&issuingCA, "issuing-ca", "", "issuing CA file prefix")
cmd.Flags().StringVar(&certPath, "path", "", "path to the leaf certificate PEM")
cmd.Flags().StringVar(&password, "password", "", "PFX password (default: changeit)") cmd.Flags().StringVar(&password, "password", "", "PFX password (default: changeit)")
_ = cmd.MarkFlagRequired("ca-dir")
_ = cmd.MarkFlagRequired("path")
return cmd return cmd
} }