Resolve "generate-ca command has wrong validity"
This commit is contained in:
parent
e9f79cd59a
commit
9041da7245
5 changed files with 15 additions and 36 deletions
3
.gitlab/.gitlab-webide.yml
Normal file
3
.gitlab/.gitlab-webide.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
terminal:
|
||||
image: registry.gitlab.com/inetmock/ci-image
|
||||
script: sleep 60
|
||||
|
|
@ -1,24 +1,14 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"gitlab.com/inetmock/inetmock/internal/cmd"
|
||||
_ "gitlab.com/inetmock/inetmock/plugins/dns_mock"
|
||||
_ "gitlab.com/inetmock/inetmock/plugins/http_mock"
|
||||
_ "gitlab.com/inetmock/inetmock/plugins/http_proxy"
|
||||
_ "gitlab.com/inetmock/inetmock/plugins/metrics_exporter"
|
||||
_ "gitlab.com/inetmock/inetmock/plugins/tls_interceptor"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
func main() {
|
||||
logger, _ := zap.NewProduction()
|
||||
defer func() {
|
||||
if err := logger.Sync(); err != nil {
|
||||
fmt.Printf(err.Error())
|
||||
}
|
||||
}()
|
||||
|
||||
cmd.ExecuteServerCommand()
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,8 +28,10 @@ const (
|
|||
)
|
||||
|
||||
var (
|
||||
generateCaCmd *cobra.Command
|
||||
caCertOptions cert.GenerationOptions
|
||||
generateCaCmd *cobra.Command
|
||||
caCertOptions cert.GenerationOptions
|
||||
notBefore, notAfter time.Duration
|
||||
certOutPath, curveName string
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
|
@ -48,32 +50,15 @@ func init() {
|
|||
generateCaCmd.Flags().StringSliceVar(&caCertOptions.Locality, generateCaLocalityName, nil, "Locality information to append to certificate")
|
||||
generateCaCmd.Flags().StringSliceVar(&caCertOptions.StreetAddress, generateCaStreetAddressName, nil, "Street address information to append to certificate")
|
||||
generateCaCmd.Flags().StringSliceVar(&caCertOptions.PostalCode, generateCaPostalCodeName, nil, "Postal code information to append to certificate")
|
||||
generateCaCmd.Flags().String(generateCACertOutPath, "", "Path where CA files should be stored")
|
||||
generateCaCmd.Flags().String(generateCACurveName, "", "Name of the curve to use, if empty ED25519 is used, other valid values are [P224, P256,P384,P521]")
|
||||
generateCaCmd.Flags().Duration(generateCANotBeforeRelative, 17520*time.Hour, "Relative time value since when in the past the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
|
||||
generateCaCmd.Flags().Duration(generateCANotAfterRelative, 17520*time.Hour, "Relative time value until when in the future the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
|
||||
generateCaCmd.Flags().StringVar(&certOutPath, generateCACertOutPath, "", "Path where CA files should be stored")
|
||||
generateCaCmd.Flags().StringVar(&curveName, generateCACurveName, "", "Name of the curve to use, if empty ED25519 is used, other valid values are [P224, P256,P384,P521]")
|
||||
generateCaCmd.Flags().DurationVar(¬Before, generateCANotBeforeRelative, 17520*time.Hour, "Relative time value since when in the past the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
|
||||
generateCaCmd.Flags().DurationVar(¬After, generateCANotAfterRelative, 17520*time.Hour, "Relative time value until when in the future the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
|
||||
}
|
||||
|
||||
func runGenerateCA(_ *cobra.Command, _ []string) {
|
||||
var certOutPath, curveName string
|
||||
var notBefore, notAfter time.Duration
|
||||
var err error
|
||||
|
||||
logger := server.Logger().Named("generate-ca")
|
||||
|
||||
if certOutPath, err = getStringFlag(generateCaCmd, generateCACertOutPath, logger); err != nil {
|
||||
return
|
||||
}
|
||||
if curveName, err = getStringFlag(generateCaCmd, generateCACurveName, logger); err != nil {
|
||||
return
|
||||
}
|
||||
if notBefore, err = getDurationFlag(generateCaCmd, generateCANotBeforeRelative, logger); err != nil {
|
||||
return
|
||||
}
|
||||
if notAfter, err = getDurationFlag(generateCaCmd, generateCANotAfterRelative, logger); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
logger = logger.With(
|
||||
zap.String(generateCACurveName, curveName),
|
||||
zap.String(generateCACertOutPath, certOutPath),
|
||||
|
|
@ -90,6 +75,7 @@ func runGenerateCA(_ *cobra.Command, _ []string) {
|
|||
},
|
||||
})
|
||||
|
||||
var err error
|
||||
var caCrt *tls.Certificate
|
||||
if caCrt, err = generator.CACert(caCertOptions); err != nil {
|
||||
logger.Error(
|
||||
|
|
|
|||
|
|
@ -140,8 +140,8 @@ func (g generator) CACert(options GenerationOptions) (crt *tls.Certificate, err
|
|||
PostalCode: options.PostalCode,
|
||||
},
|
||||
IsCA: true,
|
||||
NotBefore: g.timeSource.UTCNow().Add(-g.options.Validity.Server.NotBeforeRelative),
|
||||
NotAfter: g.timeSource.UTCNow().Add(g.options.Validity.Server.NotAfterRelative),
|
||||
NotBefore: g.timeSource.UTCNow().Add(-g.options.Validity.CA.NotBeforeRelative),
|
||||
NotAfter: g.timeSource.UTCNow().Add(g.options.Validity.CA.NotAfterRelative),
|
||||
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
||||
BasicConstraintsValid: true,
|
||||
|
|
|
|||
Loading…
Reference in a new issue