Merge branch '15-generate-ca-command-has-wrong-validity' into 'master'

Resolve "generate-ca command has wrong validity"

Closes #15

See merge request inetmock/inetmock!13
This commit is contained in:
Peter 2021-01-04 16:21:03 +00:00
commit fa5c6491b8
5 changed files with 15 additions and 36 deletions

View file

@ -0,0 +1,3 @@
terminal:
image: registry.gitlab.com/inetmock/ci-image
script: sleep 60

View file

@ -1,24 +1,14 @@
package main
import (
"fmt"
"gitlab.com/inetmock/inetmock/internal/cmd"
_ "gitlab.com/inetmock/inetmock/plugins/dns_mock"
_ "gitlab.com/inetmock/inetmock/plugins/http_mock"
_ "gitlab.com/inetmock/inetmock/plugins/http_proxy"
_ "gitlab.com/inetmock/inetmock/plugins/metrics_exporter"
_ "gitlab.com/inetmock/inetmock/plugins/tls_interceptor"
"go.uber.org/zap"
)
func main() {
logger, _ := zap.NewProduction()
defer func() {
if err := logger.Sync(); err != nil {
fmt.Printf(err.Error())
}
}()
cmd.ExecuteServerCommand()
}

View file

@ -30,6 +30,8 @@ const (
var (
generateCaCmd *cobra.Command
caCertOptions cert.GenerationOptions
notBefore, notAfter time.Duration
certOutPath, curveName string
)
func init() {
@ -48,32 +50,15 @@ func init() {
generateCaCmd.Flags().StringSliceVar(&caCertOptions.Locality, generateCaLocalityName, nil, "Locality information to append to certificate")
generateCaCmd.Flags().StringSliceVar(&caCertOptions.StreetAddress, generateCaStreetAddressName, nil, "Street address information to append to certificate")
generateCaCmd.Flags().StringSliceVar(&caCertOptions.PostalCode, generateCaPostalCodeName, nil, "Postal code information to append to certificate")
generateCaCmd.Flags().String(generateCACertOutPath, "", "Path where CA files should be stored")
generateCaCmd.Flags().String(generateCACurveName, "", "Name of the curve to use, if empty ED25519 is used, other valid values are [P224, P256,P384,P521]")
generateCaCmd.Flags().Duration(generateCANotBeforeRelative, 17520*time.Hour, "Relative time value since when in the past the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
generateCaCmd.Flags().Duration(generateCANotAfterRelative, 17520*time.Hour, "Relative time value until when in the future the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
generateCaCmd.Flags().StringVar(&certOutPath, generateCACertOutPath, "", "Path where CA files should be stored")
generateCaCmd.Flags().StringVar(&curveName, generateCACurveName, "", "Name of the curve to use, if empty ED25519 is used, other valid values are [P224, P256,P384,P521]")
generateCaCmd.Flags().DurationVar(&notBefore, generateCANotBeforeRelative, 17520*time.Hour, "Relative time value since when in the past the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
generateCaCmd.Flags().DurationVar(&notAfter, generateCANotAfterRelative, 17520*time.Hour, "Relative time value until when in the future the CA certificate should be valid. The value has a time unit, the greatest time unit is h for hour.")
}
func runGenerateCA(_ *cobra.Command, _ []string) {
var certOutPath, curveName string
var notBefore, notAfter time.Duration
var err error
logger := server.Logger().Named("generate-ca")
if certOutPath, err = getStringFlag(generateCaCmd, generateCACertOutPath, logger); err != nil {
return
}
if curveName, err = getStringFlag(generateCaCmd, generateCACurveName, logger); err != nil {
return
}
if notBefore, err = getDurationFlag(generateCaCmd, generateCANotBeforeRelative, logger); err != nil {
return
}
if notAfter, err = getDurationFlag(generateCaCmd, generateCANotAfterRelative, logger); err != nil {
return
}
logger = logger.With(
zap.String(generateCACurveName, curveName),
zap.String(generateCACertOutPath, certOutPath),
@ -90,6 +75,7 @@ func runGenerateCA(_ *cobra.Command, _ []string) {
},
})
var err error
var caCrt *tls.Certificate
if caCrt, err = generator.CACert(caCertOptions); err != nil {
logger.Error(

View file

@ -140,8 +140,8 @@ func (g generator) CACert(options GenerationOptions) (crt *tls.Certificate, err
PostalCode: options.PostalCode,
},
IsCA: true,
NotBefore: g.timeSource.UTCNow().Add(-g.options.Validity.Server.NotBeforeRelative),
NotAfter: g.timeSource.UTCNow().Add(g.options.Validity.Server.NotAfterRelative),
NotBefore: g.timeSource.UTCNow().Add(-g.options.Validity.CA.NotBeforeRelative),
NotAfter: g.timeSource.UTCNow().Add(g.options.Validity.CA.NotAfterRelative),
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,