2020-04-01 02:08:21 +00:00
package main
import (
"github.com/spf13/cobra"
"go.uber.org/zap"
2020-04-01 11:54:00 +00:00
"time"
2020-04-01 02:08:21 +00:00
)
const (
2020-04-01 11:54:00 +00:00
generateCACertOutPath = "cert-out"
generateCAKeyOutPath = "key-out"
generateCACurveName = "curve"
generateCANotBeforeRelative = "not-before"
generateCANotAfterRelative = "not-after"
2020-04-01 02:08:21 +00:00
)
func generateCACmd ( logger * zap . Logger ) * cobra . Command {
cmd := & cobra . Command {
Use : "generate-ca" ,
Short : "Generate a new CA certificate and corresponding key" ,
Long : ` ` ,
Run : runGenerateCA ( logger ) ,
}
cmd . Flags ( ) . String ( generateCACertOutPath , "" , "Path where CA cert file should be stored" )
cmd . Flags ( ) . String ( generateCAKeyOutPath , "" , "Path where CA key file should be stored" )
cmd . Flags ( ) . String ( generateCACurveName , "" , "Name of the curve to use, if empty ED25519 is used, other valid values are [P224, P256,P384,P521]" )
2020-04-01 11:54:00 +00:00
cmd . Flags ( ) . Duration ( generateCANotBeforeRelative , 17520 * time . Hour , "Relative time value since when in the past the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour." )
cmd . Flags ( ) . Duration ( generateCANotAfterRelative , 17520 * time . Hour , "Relative time value until when in the future the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour." )
2020-04-01 02:08:21 +00:00
return cmd
}
2020-04-01 11:54:00 +00:00
func getDurationFlag ( cmd * cobra . Command , flagName string , logger * zap . Logger ) ( val time . Duration , err error ) {
if val , err = cmd . Flags ( ) . GetDuration ( flagName ) ; err != nil {
logger . Error (
"failed to parse parse flag" ,
zap . String ( "flag" , flagName ) ,
zap . Error ( err ) ,
)
}
return
}
func getStringFlag ( cmd * cobra . Command , flagName string , logger * zap . Logger ) ( val string , err error ) {
if val , err = cmd . Flags ( ) . GetString ( flagName ) ; err != nil {
logger . Error (
"failed to parse parse flag" ,
zap . String ( "flag" , flagName ) ,
zap . Error ( err ) ,
)
}
return
}
2020-04-01 02:08:21 +00:00
func runGenerateCA ( logger * zap . Logger ) func ( cmd * cobra . Command , args [ ] string ) {
return func ( cmd * cobra . Command , args [ ] string ) {
var certOutPath , keyOutPath , curveName string
2020-04-01 11:54:00 +00:00
var notBefore , notAfter time . Duration
2020-04-01 02:08:21 +00:00
var err error
2020-04-01 11:54:00 +00:00
if certOutPath , err = getStringFlag ( cmd , generateCACertOutPath , logger ) ; err != nil {
2020-04-01 02:08:21 +00:00
return
}
2020-04-01 11:54:00 +00:00
if keyOutPath , err = getStringFlag ( cmd , generateCAKeyOutPath , logger ) ; err != nil {
2020-04-01 02:08:21 +00:00
return
}
2020-04-01 11:54:00 +00:00
if curveName , err = getStringFlag ( cmd , generateCACurveName , logger ) ; err != nil {
return
}
if notBefore , err = getDurationFlag ( cmd , generateCANotBeforeRelative , logger ) ; err != nil {
return
}
if notAfter , err = getDurationFlag ( cmd , generateCANotAfterRelative , logger ) ; err != nil {
2020-04-01 02:08:21 +00:00
return
}
logger := logger . With (
zap . String ( generateCACurveName , curveName ) ,
zap . String ( generateCACertOutPath , certOutPath ) ,
zap . String ( generateCAKeyOutPath , keyOutPath ) ,
)
certStore := certStore {
options : & tlsOptions {
ecdsaCurve : curveType ( curveName ) ,
2020-04-01 11:54:00 +00:00
validity : validity {
ca : certValidity {
notAfterRelative : notAfter ,
notBeforeRelative : notBefore ,
} ,
} ,
2020-04-01 02:08:21 +00:00
rootCaCert : cert {
publicKeyPath : certOutPath ,
privateKeyPath : keyOutPath ,
} ,
} ,
}
if _ , _ , err := certStore . generateCaCert ( ) ; err != nil {
logger . Error (
"failed to generate CA cert" ,
zap . Error ( err ) ,
)
} else {
logger . Info ( "Successfully generated CA cert" )
}
}
}
