Resolve "generate-ca command has wrong validity"
This commit is contained in:
parent
e9f79cd59a
commit
9041da7245
5 changed files with 15 additions and 36 deletions
3
.gitlab/.gitlab-webide.yml
Normal file
3
.gitlab/.gitlab-webide.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
terminal:
|
||||||
|
image: registry.gitlab.com/inetmock/ci-image
|
||||||
|
script: sleep 60
|
||||||
|
|
@ -1,24 +1,14 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
|
|
||||||
"gitlab.com/inetmock/inetmock/internal/cmd"
|
"gitlab.com/inetmock/inetmock/internal/cmd"
|
||||||
_ "gitlab.com/inetmock/inetmock/plugins/dns_mock"
|
_ "gitlab.com/inetmock/inetmock/plugins/dns_mock"
|
||||||
_ "gitlab.com/inetmock/inetmock/plugins/http_mock"
|
_ "gitlab.com/inetmock/inetmock/plugins/http_mock"
|
||||||
_ "gitlab.com/inetmock/inetmock/plugins/http_proxy"
|
_ "gitlab.com/inetmock/inetmock/plugins/http_proxy"
|
||||||
_ "gitlab.com/inetmock/inetmock/plugins/metrics_exporter"
|
_ "gitlab.com/inetmock/inetmock/plugins/metrics_exporter"
|
||||||
_ "gitlab.com/inetmock/inetmock/plugins/tls_interceptor"
|
_ "gitlab.com/inetmock/inetmock/plugins/tls_interceptor"
|
||||||
"go.uber.org/zap"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
logger, _ := zap.NewProduction()
|
|
||||||
defer func() {
|
|
||||||
if err := logger.Sync(); err != nil {
|
|
||||||
fmt.Printf(err.Error())
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
|
|
||||||
cmd.ExecuteServerCommand()
|
cmd.ExecuteServerCommand()
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,8 @@ const (
|
||||||
var (
|
var (
|
||||||
generateCaCmd *cobra.Command
|
generateCaCmd *cobra.Command
|
||||||
caCertOptions cert.GenerationOptions
|
caCertOptions cert.GenerationOptions
|
||||||
|
notBefore, notAfter time.Duration
|
||||||
|
certOutPath, curveName string
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
|
@ -48,32 +50,15 @@ func init() {
|
||||||
generateCaCmd.Flags().StringSliceVar(&caCertOptions.Locality, generateCaLocalityName, nil, "Locality information to append to certificate")
|
generateCaCmd.Flags().StringSliceVar(&caCertOptions.Locality, generateCaLocalityName, nil, "Locality information to append to certificate")
|
||||||
generateCaCmd.Flags().StringSliceVar(&caCertOptions.StreetAddress, generateCaStreetAddressName, nil, "Street address information to append to certificate")
|
generateCaCmd.Flags().StringSliceVar(&caCertOptions.StreetAddress, generateCaStreetAddressName, nil, "Street address information to append to certificate")
|
||||||
generateCaCmd.Flags().StringSliceVar(&caCertOptions.PostalCode, generateCaPostalCodeName, nil, "Postal code information to append to certificate")
|
generateCaCmd.Flags().StringSliceVar(&caCertOptions.PostalCode, generateCaPostalCodeName, nil, "Postal code information to append to certificate")
|
||||||
generateCaCmd.Flags().String(generateCACertOutPath, "", "Path where CA files should be stored")
|
generateCaCmd.Flags().StringVar(&certOutPath, generateCACertOutPath, "", "Path where CA files should be stored")
|
||||||
generateCaCmd.Flags().String(generateCACurveName, "", "Name of the curve to use, if empty ED25519 is used, other valid values are [P224, P256,P384,P521]")
|
generateCaCmd.Flags().StringVar(&curveName, generateCACurveName, "", "Name of the curve to use, if empty ED25519 is used, other valid values are [P224, P256,P384,P521]")
|
||||||
generateCaCmd.Flags().Duration(generateCANotBeforeRelative, 17520*time.Hour, "Relative time value since when in the past the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
|
generateCaCmd.Flags().DurationVar(¬Before, generateCANotBeforeRelative, 17520*time.Hour, "Relative time value since when in the past the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
|
||||||
generateCaCmd.Flags().Duration(generateCANotAfterRelative, 17520*time.Hour, "Relative time value until when in the future the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
|
generateCaCmd.Flags().DurationVar(¬After, generateCANotAfterRelative, 17520*time.Hour, "Relative time value until when in the future the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
|
||||||
}
|
}
|
||||||
|
|
||||||
func runGenerateCA(_ *cobra.Command, _ []string) {
|
func runGenerateCA(_ *cobra.Command, _ []string) {
|
||||||
var certOutPath, curveName string
|
|
||||||
var notBefore, notAfter time.Duration
|
|
||||||
var err error
|
|
||||||
|
|
||||||
logger := server.Logger().Named("generate-ca")
|
logger := server.Logger().Named("generate-ca")
|
||||||
|
|
||||||
if certOutPath, err = getStringFlag(generateCaCmd, generateCACertOutPath, logger); err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if curveName, err = getStringFlag(generateCaCmd, generateCACurveName, logger); err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if notBefore, err = getDurationFlag(generateCaCmd, generateCANotBeforeRelative, logger); err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if notAfter, err = getDurationFlag(generateCaCmd, generateCANotAfterRelative, logger); err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
logger = logger.With(
|
logger = logger.With(
|
||||||
zap.String(generateCACurveName, curveName),
|
zap.String(generateCACurveName, curveName),
|
||||||
zap.String(generateCACertOutPath, certOutPath),
|
zap.String(generateCACertOutPath, certOutPath),
|
||||||
|
|
@ -90,6 +75,7 @@ func runGenerateCA(_ *cobra.Command, _ []string) {
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
|
||||||
|
var err error
|
||||||
var caCrt *tls.Certificate
|
var caCrt *tls.Certificate
|
||||||
if caCrt, err = generator.CACert(caCertOptions); err != nil {
|
if caCrt, err = generator.CACert(caCertOptions); err != nil {
|
||||||
logger.Error(
|
logger.Error(
|
||||||
|
|
|
||||||
|
|
@ -140,8 +140,8 @@ func (g generator) CACert(options GenerationOptions) (crt *tls.Certificate, err
|
||||||
PostalCode: options.PostalCode,
|
PostalCode: options.PostalCode,
|
||||||
},
|
},
|
||||||
IsCA: true,
|
IsCA: true,
|
||||||
NotBefore: g.timeSource.UTCNow().Add(-g.options.Validity.Server.NotBeforeRelative),
|
NotBefore: g.timeSource.UTCNow().Add(-g.options.Validity.CA.NotBeforeRelative),
|
||||||
NotAfter: g.timeSource.UTCNow().Add(g.options.Validity.Server.NotAfterRelative),
|
NotAfter: g.timeSource.UTCNow().Add(g.options.Validity.CA.NotAfterRelative),
|
||||||
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
|
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
|
||||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
||||||
BasicConstraintsValid: true,
|
BasicConstraintsValid: true,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue