ca

package
v0.0.7-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 3, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	App        *app.App
	TPM        tpm2.TrustedPlatformModule
	CAParams   *ca.CAParams
	InitParams *app.AppInitParams
	SansDNS,
	SansIPs,
	SansEmails string
)
View Source
var CertificateCmd = &cobra.Command{
	Use:   "certificate [cn] [store] [algorithm]",
	Short: "x509 certificate operations",
	Long:  `Perform x509 certificate operations`,
	Args:  cobra.MinimumNArgs(3),
	PreRunE: func(cmd *cobra.Command, args []string) error {
		if len(args) > 3 {
			cmd.Help()
			return nil
		}
		return nil
	},
	Run: func(cmd *cobra.Command, args []string) {

		cn := args[0]
		storeType := args[1]
		algorithm := args[2]

		App, err = App.Init(InitParams)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		if App.CA == nil {
			soPIN, userPIN, err := App.ParsePINs(InitParams.SOPin, InitParams.Pin)
			if err != nil {
				App.Logger.Error(err)
				cmd.PrintErrln(err)
				return
			}
			if err := App.LoadCA(soPIN, userPIN); err != nil {
				cmd.PrintErrln(err)
				return
			}
		}

		parsedStoreType, err := keystore.ParseStoreType(storeType)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		algo, err := keystore.ParseKeyAlgorithm(algorithm)
		if err != nil {
			cmd.Println(err)
			return
		}

		keyAttrs, err := keystore.Template(algo)
		if err != nil {
			cmd.Println(err)
			return
		}
		keyAttrs.CN = cn
		keyAttrs.StoreType = parsedStoreType

		certificate, err := App.CA.Certificate(keyAttrs)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		if certPEM {
			pem, err := certstore.EncodePEM(certificate.Raw)
			if err != nil {
				cmd.Println(err)
				return
			}
			cmd.Printf(string(pem))
			return
		}

		prompt.PrintBanner(app.Version)

		cmd.Println(certstore.ToString(certificate))
	},
}
View Source
var InfoCmd = &cobra.Command{
	Use:   "info",
	Short: "Display information about a Certificate Authority",
	Long: `Displays key store, certificate store, and general information
about a Certificate Authority.`,
	Run: func(cmd *cobra.Command, args []string) {

		prompt.PrintBanner(app.Version)

		App, err = App.Init(InitParams)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		if App.CAConfig == nil || len(App.CAConfig.Identity) == 0 {
			App.Logger.Fatal("Certificate Authority not configured")
		}

		if App.CA == nil {
			soPIN, userPIN, err := App.ParsePINs(InitParams.SOPin, InitParams.Pin)
			if err != nil {
				App.Logger.Error(err)
				cmd.PrintErrln(err)
				return
			}
			if err := App.LoadCA(soPIN, userPIN); err != nil {
				cmd.PrintErrln(err)
				return
			}
		}

		initialized, err := App.CA.IsInitialized()
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		cmd.Printf("Initialized: %t\n", initialized)

		identity := App.CAConfig.Identity[App.CAConfig.PlatformCA]

		for _, keyConfig := range identity.Keys {

			storeType, err := keystore.ParseStoreType(keyConfig.StoreType)
			if err != nil {
				cmd.PrintErrln(err)
				return
			}
			keyAlgorithm, err := keystore.ParseKeyAlgorithm(keyConfig.KeyAlgorithm)
			if err != nil {
				cmd.PrintErrln(err)
				return
			}

			attrs, err := App.CA.CAKeyAttributes(storeType, keyAlgorithm)
			if err != nil {
				cmd.PrintErrln(err)
				return
			}
			cmd.Println(attrs)
		}

	},
}
View Source
var InitCmd = &cobra.Command{
	Use:   "init",
	Short: "Initialize the Certificate Authority",
	Long: `Initializes the Certificate Authority by creating a Root and
Intermediates as specified in the platform configuration file.`,
	Run: func(cmd *cobra.Command, args []string) {

		prompt.PrintBanner(app.Version)

		App, err = App.Init(InitParams)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		var soPIN, userPIN keystore.Password
		if App.CA == nil {
			soPIN, userPIN, err = App.ParsePINs(InitParams.SOPin, InitParams.Pin)
			if err != nil {
				App.Logger.Error(err)
				cmd.PrintErrln(err)
				return
			}
			if err := App.LoadCA(soPIN, userPIN); err != nil {
				App.Logger.Error(err)
				cmd.PrintErrln(err)
				return
			}
		}

		if _, err := App.InitCA(soPIN, userPIN, InitParams); err != nil {
			cmd.PrintErrln(err)
			return
		}

		cmd.Println("Certificate Authority successfully initialized")
	},
}
View Source
var InstallCmd = &cobra.Command{
	Use:   "install-ca-certificates",
	Short: "Install Certificate Authority Certificates",
	Long: `Installs the Root and Intermediate Certificate Authority certificates
to the operating system trusted certificate store.`,
	Run: func(cmd *cobra.Command, args []string) {

		prompt.PrintBanner(app.Version)

		App, err = App.Init(InitParams)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		intermediateCN := App.CA.Identity().Subject.CommonName
		if err := App.CA.OSTrustStore().Install(intermediateCN); err != nil {
			cmd.PrintErrln(err)
		}

		cmd.Println("CA certificates successfully installed")
	},
}
View Source
var IssueCmd = &cobra.Command{
	Use:   "issue [cn] [store] [algorithm]",
	Short: "Issues a new x509 Certificate",
	Long:  `Issue a new x509 certificate from the Certificate Authority.`,
	Run: func(cmd *cobra.Command, args []string) {

		var subject ca.Subject

		App, err = App.Init(InitParams)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}
		if App.CA == nil {
			soPIN, userPIN, err := App.ParsePINs(InitParams.SOPin, InitParams.Pin)
			if err != nil {
				App.Logger.Error(err)
				cmd.PrintErrln(err)
				return
			}
			if err := App.LoadCA(soPIN, userPIN); err != nil {
				cmd.PrintErrln(err)
				return
			}
		}

		cn := args[0]
		store := args[1]
		algorithm := args[2]

		dnsNames := []string{}
		ips := []string{}
		emails := []string{}

		if SansDNS != "" {
			dnsNames = strings.Split(SansDNS, ",")
		}
		if SansIPs != "" {
			ips = strings.Split(SansIPs, ",")
		}
		if SansEmails != "" {
			emails = strings.Split(SansEmails, ",")
		}

		storeType, err := keystore.ParseStoreType(store)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		keyAlgo, err := keystore.ParseKeyAlgorithm(algorithm)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		attrs, err := keystore.Template(keyAlgo)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		attrs.CN = cn
		attrs.KeyAlgorithm = keyAlgo
		attrs.KeyType = keystore.KEY_TYPE_TLS
		attrs.StoreType = storeType

		subject.CommonName = cn

		request := ca.CertificateRequest{
			KeyAttributes: attrs,
			Valid:         365,
			Subject:       subject,
			SANS: &ca.SubjectAlternativeNames{
				DNS:   dnsNames,
				IPs:   ips,
				Email: emails}}

		if _, err = App.CA.IssueCertificate(request); err != nil {
			cmd.PrintErrln(err)
			return
		}

		cert, err := App.CA.PEM(attrs)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		cmd.Println(string(cert))
	},
}
View Source
var RevokeCmd = &cobra.Command{
	Use:   "revoke [cn] [store] [algorithm]",
	Short: "Revokes an issued certificate",
	Long: `Add the certificate to the CA Certificate Revocation List and delete
the certificate and any keys from the stores.`,
	Args: cobra.MinimumNArgs(1),
	Run: func(cmd *cobra.Command, args []string) {

		App, err = App.Init(InitParams)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		if App.CA == nil {
			soPIN, userPIN, err := App.ParsePINs(InitParams.SOPin, InitParams.Pin)
			if err != nil {
				App.Logger.Error(err)
				cmd.PrintErrln(err)
				return
			}
			if err := App.LoadCA(soPIN, userPIN); err != nil {
				cmd.PrintErrln(err)
				return
			}
		}

		cn := args[0]
		store := args[1]
		algorithm := args[2]

		storeType, err := keystore.ParseStoreType(store)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		keyAlgo, err := keystore.ParseKeyAlgorithm(algorithm)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		keyAttrs, err := keystore.Template(keyAlgo)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}
		keyAttrs.CN = cn
		keyAttrs.KeyAlgorithm = keyAlgo
		keyAttrs.StoreType = storeType

		certificate, err := App.CA.Certificate(keyAttrs)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		err = App.CA.Revoke(certificate, revokeDeleteKeys)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

	},
}
View Source
var UninstallCmd = &cobra.Command{
	Use:   "uninstall-ca-certificates",
	Short: "Uninstalls the Certificate Authority Certificates",
	Long: `Deletes the Root and Intermediate Certificate Authority certificates
from the operating system trusted certificate store.`,
	Run: func(cmd *cobra.Command, args []string) {

		App, err = App.Init(InitParams)
		if err != nil {
			cmd.PrintErrln(err)
			return
		}

		if App.CA == nil {
			soPIN, userPIN, err := App.ParsePINs(InitParams.SOPin, InitParams.Pin)
			if err != nil {
				App.Logger.Error(err)
				cmd.PrintErrln(err)
				return
			}
			if err := App.LoadCA(soPIN, userPIN); err != nil {
				cmd.PrintErrln(err)
				return
			}
		}

		intermediateCN := App.CA.Identity().Subject.CommonName
		if err := App.CA.OSTrustStore().Uninstall(intermediateCN); err != nil {
			cmd.PrintErrln(err)
		}

		cmd.Println("CA certificates successfully uninstalled")
	},
}

Functions

This section is empty.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL