Introduce lifetime parameters to generate-ca cmd
- refactored flags parsing
This commit is contained in:
parent
a720b0ee41
commit
02d8b444e3
GPG key ID:
C1DB5D2E8DB512F9
1 changed files with 50 additions and 21 deletions
|
|
@ -3,12 +3,15 @@ package main
|
||||||
import (
|
import (
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
generateCACertOutPath = "cert-out"
|
generateCACertOutPath = "cert-out"
|
||||||
generateCAKeyOutPath = "key-out"
|
generateCAKeyOutPath = "key-out"
|
||||||
generateCACurveName = "curve"
|
generateCACurveName = "curve"
|
||||||
|
generateCANotBeforeRelative = "not-before"
|
||||||
|
generateCANotAfterRelative = "not-after"
|
||||||
)
|
)
|
||||||
|
|
||||||
func generateCACmd(logger *zap.Logger) *cobra.Command {
|
func generateCACmd(logger *zap.Logger) *cobra.Command {
|
||||||
|
|
@ -22,36 +25,56 @@ func generateCACmd(logger *zap.Logger) *cobra.Command {
|
||||||
cmd.Flags().String(generateCACertOutPath, "", "Path where CA cert file should be stored")
|
cmd.Flags().String(generateCACertOutPath, "", "Path where CA cert file should be stored")
|
||||||
cmd.Flags().String(generateCAKeyOutPath, "", "Path where CA key file should be stored")
|
cmd.Flags().String(generateCAKeyOutPath, "", "Path where CA key file should be stored")
|
||||||
cmd.Flags().String(generateCACurveName, "", "Name of the curve to use, if empty ED25519 is used, other valid values are [P224, P256,P384,P521]")
|
cmd.Flags().String(generateCACurveName, "", "Name of the curve to use, if empty ED25519 is used, other valid values are [P224, P256,P384,P521]")
|
||||||
|
cmd.Flags().Duration(generateCANotBeforeRelative, 17520*time.Hour, "Relative time value since when in the past the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
|
||||||
|
cmd.Flags().Duration(generateCANotAfterRelative, 17520*time.Hour, "Relative time value until when in the future the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getDurationFlag(cmd *cobra.Command, flagName string, logger *zap.Logger) (val time.Duration, err error) {
|
||||||
|
if val, err = cmd.Flags().GetDuration(flagName); err != nil {
|
||||||
|
logger.Error(
|
||||||
|
"failed to parse parse flag",
|
||||||
|
zap.String("flag", flagName),
|
||||||
|
zap.Error(err),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func getStringFlag(cmd *cobra.Command, flagName string, logger *zap.Logger) (val string, err error) {
|
||||||
|
if val, err = cmd.Flags().GetString(flagName); err != nil {
|
||||||
|
logger.Error(
|
||||||
|
"failed to parse parse flag",
|
||||||
|
zap.String("flag", flagName),
|
||||||
|
zap.Error(err),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
func runGenerateCA(logger *zap.Logger) func(cmd *cobra.Command, args []string) {
|
func runGenerateCA(logger *zap.Logger) func(cmd *cobra.Command, args []string) {
|
||||||
return func(cmd *cobra.Command, args []string) {
|
return func(cmd *cobra.Command, args []string) {
|
||||||
var certOutPath, keyOutPath, curveName string
|
var certOutPath, keyOutPath, curveName string
|
||||||
|
var notBefore, notAfter time.Duration
|
||||||
var err error
|
var err error
|
||||||
if certOutPath, err = cmd.Flags().GetString(generateCACertOutPath); err != nil {
|
|
||||||
logger.Error(
|
if certOutPath, err = getStringFlag(cmd, generateCACertOutPath, logger); err != nil {
|
||||||
"failed to parse parse flag",
|
|
||||||
zap.String("flag", generateCACertOutPath),
|
|
||||||
zap.Error(err),
|
|
||||||
)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if keyOutPath, err = cmd.Flags().GetString(generateCAKeyOutPath); err != nil {
|
|
||||||
logger.Error(
|
if keyOutPath, err = getStringFlag(cmd, generateCAKeyOutPath, logger); err != nil {
|
||||||
"failed to parse parse flag",
|
|
||||||
zap.String("flag", generateCAKeyOutPath),
|
|
||||||
zap.Error(err),
|
|
||||||
)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if curveName, err = cmd.Flags().GetString(generateCACurveName); err != nil {
|
if curveName, err = getStringFlag(cmd, generateCACurveName, logger); err != nil {
|
||||||
logger.Error(
|
return
|
||||||
"failed to parse parse flag",
|
}
|
||||||
zap.String("flag", generateCACurveName),
|
|
||||||
zap.Error(err),
|
if notBefore, err = getDurationFlag(cmd, generateCANotBeforeRelative, logger); err != nil {
|
||||||
)
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if notAfter, err = getDurationFlag(cmd, generateCANotAfterRelative, logger); err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -64,6 +87,12 @@ func runGenerateCA(logger *zap.Logger) func(cmd *cobra.Command, args []string) {
|
||||||
certStore := certStore{
|
certStore := certStore{
|
||||||
options: &tlsOptions{
|
options: &tlsOptions{
|
||||||
ecdsaCurve: curveType(curveName),
|
ecdsaCurve: curveType(curveName),
|
||||||
|
validity: validity{
|
||||||
|
ca: certValidity{
|
||||||
|
notAfterRelative: notAfter,
|
||||||
|
notBeforeRelative: notBefore,
|
||||||
|
},
|
||||||
|
},
|
||||||
rootCaCert: cert{
|
rootCaCert: cert{
|
||||||
publicKeyPath: certOutPath,
|
publicKeyPath: certOutPath,
|
||||||
privateKeyPath: keyOutPath,
|
privateKeyPath: keyOutPath,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue