Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( App *app.App TPM tpm2.TrustedPlatformModule CAParams *ca.CAParams InitParams *app.AppInitParams CN, KeyStore, KeyType, Algorithm, KeyName, EKCert, SansDNS, SansIPs, SansEmails string )
View Source
var InfoCmd = &cobra.Command{ Use: "info", Short: "Display information about a Certificate Authority", Long: `Displays key store, certificate store, and general information about a Certificate Authority.`, Run: func(cmd *cobra.Command, args []string) { App.Init(InitParams) if len(App.CAConfig.Identity) == 0 { App.Logger.Fatal("No Certificate Authorities configured") } for _, identity := range App.CAConfig.Identity { for _, keyConfig := range identity.Keys { fmt.Printf("---- %s ----\n", identity.Subject.CommonName) attrs, err := keystore.KeyAttributesFromConfig(keyConfig) if err != nil { App.Logger.Fatal(err) } keystore.PrintKeyAttributes(attrs) fmt.Println() } } }, }
View Source
var InitCmd = &cobra.Command{ Use: "init", Short: "Initialize the Certificate Authority", Long: `Initializes the Certificate Authority by creating a Root and Intermediates as specified in the platform configuration file.`, Run: func(cmd *cobra.Command, args []string) { App.Init(InitParams) soPIN, userPIN, err := App.ParsePINs(InitParams.SOPin, InitParams.Pin) if err != nil { App.Logger.Fatal(err) } App.InitCA(InitParams.PlatformCA, soPIN, userPIN) color.New(color.FgGreen).Printf( "Certificate Authority successfully initialized") }, }
View Source
var InstallCmd = &cobra.Command{ Use: "install-ca-certificates", Short: "Install Certificate Authority Certificates", Long: `Installs the Root and Intermediate Certificate Authority certificates to the operating system trusted certificate store.`, Run: func(cmd *cobra.Command, args []string) { App.Init(InitParams) rootCA, intermediateCA, err := ca.NewCA(CAParams) if err != nil { App.Logger.Fatal(err) } if err := rootCA.TrustStore().Install( App.CAConfig.Identity[0].Subject.CommonName); err != nil { App.Logger.Fatal(err) } intermediateCN := App.CAConfig.Identity[CAParams.SelectedCA].Subject.CommonName if err := intermediateCA.TrustStore().Install(intermediateCN); err != nil { App.Logger.Fatal(err) } fmt.Println("CA certificates successfully installed") }, }
View Source
var IssueCmd = &cobra.Command{ Use: "issue", Short: "Issues a new x509 Certificate", Long: `Issue a new x509 certificate from the Certificate Authority.`, Run: func(cmd *cobra.Command, args []string) { var subject ca.Subject App.Init(InitParams) dnsNames := []string{} ips := []string{} emails := []string{} if SansDNS != "" { dnsNames = strings.Split(SansDNS, ",") } if SansIPs != "" { ips = strings.Split(SansIPs, ",") } if SansEmails != "" { emails = strings.Split(SansEmails, ",") } storeType, err := keystore.ParseStoreType(KeyStore) if err != nil { App.Logger.Fatal(err) } keyAlgo, err := keystore.ParseKeyAlgorithm(Algorithm) if err != nil { App.Logger.Fatal(err) } fmt.Printf("Key common name: %s\n", CN) fmt.Printf("Key store: %s\n", KeyStore) fmt.Printf("Key algorithm: %s\n", Algorithm) attrs, err := keystore.Template(keyAlgo) if err != nil { App.Logger.Fatal(err) } attrs.CN = CN attrs.KeyAlgorithm = keyAlgo attrs.KeyType = keystore.KEY_TYPE_TLS attrs.StoreType = storeType subject.CommonName = CN request := ca.CertificateRequest{ KeyAttributes: attrs, Valid: 365, Subject: subject, SANS: &ca.SubjectAlternativeNames{ DNS: dnsNames, IPs: ips, Email: emails}} _, err = App.CA.IssueCertificate(request) if err != nil { App.Logger.Error(err) } cert, err := App.CA.PEM(attrs) if err != nil { App.Logger.Error(err) } fmt.Println(string(cert)) }, }
View Source
var RevokeCmd = &cobra.Command{ Use: "revoke", Short: "Revokes an issued certificate", Long: `Add the certificate to the CA Certificate Revocation List and delete the certificate and any keys from the stores.`, Run: func(cmd *cobra.Command, args []string) { App.Init(InitParams) algo, err := keystore.ParseKeyAlgorithm(Algorithm) if err != nil { App.Logger.Fatal(err) } keyAttrs, err := keystore.Template(algo) if err != nil { App.Logger.Fatal(err) } certificate, err := App.CA.Certificate(keyAttrs) if err != nil { App.Logger.Fatal(err) } err = App.CA.Revoke(certificate) if err != nil { App.Logger.Fatal(err) } color.New(color.FgGreen).Printf("Successfully revoked certificate") }, }
View Source
var ShowCmd = &cobra.Command{ Use: "show", Short: "Display an x509 certificate", Long: `Print x509 certificate details in human readable and PEM form`, Run: func(cmd *cobra.Command, args []string) { App.Init(InitParams) storeType, err := keystore.ParseStoreType(KeyStore) if err != nil { App.Logger.Fatal(err) } algo, err := keystore.ParseKeyAlgorithm(Algorithm) if err != nil { App.Logger.Fatal(err) } keyAttrs, err := keystore.Template(algo) if err != nil { App.Logger.Fatal(err) } keyAttrs.StoreType = storeType certificate, err := App.CA.Certificate(keyAttrs) if err != nil { App.Logger.Fatal(err) } pem, err := certstore.EncodePEM(certificate.Raw) if err != nil { App.Logger.Fatal(err) } certstore.PrintCertificate(certificate) fmt.Println(string(pem)) }, }
View Source
var UninstallCmd = &cobra.Command{ Use: "uninstall-ca-certificates", Short: "Uninstalls the Certificate Authority Certificates", Long: `Deletes the Root and Intermediate Certificate Authority certificates from the operating system trusted certificate store.`, Run: func(cmd *cobra.Command, args []string) { App.Init(InitParams) rootCA, intermediateCA, err := ca.NewCA(CAParams) if err != nil { App.Logger.Fatal(err) } if err := rootCA.TrustStore().Uninstall( App.CAConfig.Identity[0].Subject.CommonName); err != nil { App.Logger.Fatal(err) } intermediateCN := App.CAConfig.Identity[1].Subject.CommonName if err := intermediateCA.TrustStore().Uninstall(intermediateCN); err != nil { App.Logger.Fatal(err) } fmt.Println("CA certificates successfully uninstalled") }, }
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.