Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( App *app.App TPM tpm2.TrustedPlatformModule CAParams *ca.CAParams InitParams *app.AppInitParams SansDNS, SansIPs, SansEmails string )
View Source
var CertificateCmd = &cobra.Command{ Use: "certificate [cn] [store] [algorithm]", Short: "x509 certificate operations", Long: `Perform x509 certificate operations`, Args: cobra.MinimumNArgs(3), PreRunE: func(cmd *cobra.Command, args []string) error { if len(args) > 3 { cmd.Help() return nil } return nil }, Run: func(cmd *cobra.Command, args []string) { cn := args[0] storeType := args[1] algorithm := args[2] App, err = App.Init(InitParams) if err != nil { cmd.PrintErrln(err) return } if App.CA == nil { soPIN, userPIN, err := App.ParsePINs(InitParams.SOPin, InitParams.Pin) if err != nil { App.Logger.Error(err) cmd.PrintErrln(err) return } if err := App.LoadCA(soPIN, userPIN); err != nil { cmd.PrintErrln(err) return } } parsedStoreType, err := keystore.ParseStoreType(storeType) if err != nil { cmd.PrintErrln(err) return } algo, err := keystore.ParseKeyAlgorithm(algorithm) if err != nil { cmd.Println(err) return } keyAttrs, err := keystore.Template(algo) if err != nil { cmd.Println(err) return } keyAttrs.CN = cn keyAttrs.StoreType = parsedStoreType certificate, err := App.CA.Certificate(keyAttrs) if err != nil { cmd.PrintErrln(err) return } if certPEM { pem, err := certstore.EncodePEM(certificate.Raw) if err != nil { cmd.Println(err) return } cmd.Printf(string(pem)) return } prompt.PrintBanner(app.Version) cmd.Println(certstore.ToString(certificate)) }, }
View Source
var InfoCmd = &cobra.Command{ Use: "info", Short: "Display information about a Certificate Authority", Long: `Displays key store, certificate store, and general information about a Certificate Authority.`, Run: func(cmd *cobra.Command, args []string) { prompt.PrintBanner(app.Version) App, err = App.Init(InitParams) if err != nil { cmd.PrintErrln(err) return } if App.CAConfig == nil || len(App.CAConfig.Identity) == 0 { App.Logger.Fatal("Certificate Authority not configured") } if App.CA == nil { soPIN, userPIN, err := App.ParsePINs(InitParams.SOPin, InitParams.Pin) if err != nil { App.Logger.Error(err) cmd.PrintErrln(err) return } if err := App.LoadCA(soPIN, userPIN); err != nil { cmd.PrintErrln(err) return } } initialized, err := App.CA.IsInitialized() if err != nil { cmd.PrintErrln(err) return } cmd.Printf("Initialized: %t\n", initialized) identity := App.CAConfig.Identity[App.CAConfig.PlatformCA] for _, keyConfig := range identity.Keys { storeType, err := keystore.ParseStoreType(keyConfig.StoreType) if err != nil { cmd.PrintErrln(err) return } keyAlgorithm, err := keystore.ParseKeyAlgorithm(keyConfig.KeyAlgorithm) if err != nil { cmd.PrintErrln(err) return } attrs, err := App.CA.CAKeyAttributes(storeType, keyAlgorithm) if err != nil { cmd.PrintErrln(err) return } cmd.Println(attrs) } }, }
View Source
var InitCmd = &cobra.Command{ Use: "init", Short: "Initialize the Certificate Authority", Long: `Initializes the Certificate Authority by creating a Root and Intermediates as specified in the platform configuration file.`, Run: func(cmd *cobra.Command, args []string) { prompt.PrintBanner(app.Version) App, err = App.Init(InitParams) if err != nil { cmd.PrintErrln(err) return } var soPIN, userPIN keystore.Password if App.CA == nil { soPIN, userPIN, err = App.ParsePINs(InitParams.SOPin, InitParams.Pin) if err != nil { App.Logger.Error(err) cmd.PrintErrln(err) return } if err := App.LoadCA(soPIN, userPIN); err != nil { App.Logger.Error(err) cmd.PrintErrln(err) return } } if _, err := App.InitCA(soPIN, userPIN, InitParams); err != nil { cmd.PrintErrln(err) return } cmd.Println("Certificate Authority successfully initialized") }, }
View Source
var InstallCmd = &cobra.Command{ Use: "install-ca-certificates", Short: "Install Certificate Authority Certificates", Long: `Installs the Root and Intermediate Certificate Authority certificates to the operating system trusted certificate store.`, Run: func(cmd *cobra.Command, args []string) { prompt.PrintBanner(app.Version) App, err = App.Init(InitParams) if err != nil { cmd.PrintErrln(err) return } intermediateCN := App.CA.Identity().Subject.CommonName if err := App.CA.OSTrustStore().Install(intermediateCN); err != nil { cmd.PrintErrln(err) } cmd.Println("CA certificates successfully installed") }, }
View Source
var IssueCmd = &cobra.Command{ Use: "issue [cn] [store] [algorithm]", Short: "Issues a new x509 Certificate", Long: `Issue a new x509 certificate from the Certificate Authority.`, Run: func(cmd *cobra.Command, args []string) { var subject ca.Subject App, err = App.Init(InitParams) if err != nil { cmd.PrintErrln(err) return } if App.CA == nil { soPIN, userPIN, err := App.ParsePINs(InitParams.SOPin, InitParams.Pin) if err != nil { App.Logger.Error(err) cmd.PrintErrln(err) return } if err := App.LoadCA(soPIN, userPIN); err != nil { cmd.PrintErrln(err) return } } cn := args[0] store := args[1] algorithm := args[2] dnsNames := []string{} ips := []string{} emails := []string{} if SansDNS != "" { dnsNames = strings.Split(SansDNS, ",") } if SansIPs != "" { ips = strings.Split(SansIPs, ",") } if SansEmails != "" { emails = strings.Split(SansEmails, ",") } storeType, err := keystore.ParseStoreType(store) if err != nil { cmd.PrintErrln(err) return } keyAlgo, err := keystore.ParseKeyAlgorithm(algorithm) if err != nil { cmd.PrintErrln(err) return } attrs, err := keystore.Template(keyAlgo) if err != nil { cmd.PrintErrln(err) return } attrs.CN = cn attrs.KeyAlgorithm = keyAlgo attrs.KeyType = keystore.KEY_TYPE_TLS attrs.StoreType = storeType subject.CommonName = cn request := ca.CertificateRequest{ KeyAttributes: attrs, Valid: 365, Subject: subject, SANS: &ca.SubjectAlternativeNames{ DNS: dnsNames, IPs: ips, Email: emails}} if _, err = App.CA.IssueCertificate(request); err != nil { cmd.PrintErrln(err) return } cert, err := App.CA.PEM(attrs) if err != nil { cmd.PrintErrln(err) return } cmd.Println(string(cert)) }, }
View Source
var RevokeCmd = &cobra.Command{ Use: "revoke [cn] [store] [algorithm]", Short: "Revokes an issued certificate", Long: `Add the certificate to the CA Certificate Revocation List and delete the certificate and any keys from the stores.`, Args: cobra.MinimumNArgs(1), Run: func(cmd *cobra.Command, args []string) { App, err = App.Init(InitParams) if err != nil { cmd.PrintErrln(err) return } if App.CA == nil { soPIN, userPIN, err := App.ParsePINs(InitParams.SOPin, InitParams.Pin) if err != nil { App.Logger.Error(err) cmd.PrintErrln(err) return } if err := App.LoadCA(soPIN, userPIN); err != nil { cmd.PrintErrln(err) return } } cn := args[0] store := args[1] algorithm := args[2] storeType, err := keystore.ParseStoreType(store) if err != nil { cmd.PrintErrln(err) return } keyAlgo, err := keystore.ParseKeyAlgorithm(algorithm) if err != nil { cmd.PrintErrln(err) return } keyAttrs, err := keystore.Template(keyAlgo) if err != nil { cmd.PrintErrln(err) return } keyAttrs.CN = cn keyAttrs.KeyAlgorithm = keyAlgo keyAttrs.StoreType = storeType certificate, err := App.CA.Certificate(keyAttrs) if err != nil { cmd.PrintErrln(err) return } err = App.CA.Revoke(certificate, revokeDeleteKeys) if err != nil { cmd.PrintErrln(err) return } }, }
View Source
var UninstallCmd = &cobra.Command{ Use: "uninstall-ca-certificates", Short: "Uninstalls the Certificate Authority Certificates", Long: `Deletes the Root and Intermediate Certificate Authority certificates from the operating system trusted certificate store.`, Run: func(cmd *cobra.Command, args []string) { App, err = App.Init(InitParams) if err != nil { cmd.PrintErrln(err) return } if App.CA == nil { soPIN, userPIN, err := App.ParsePINs(InitParams.SOPin, InitParams.Pin) if err != nil { App.Logger.Error(err) cmd.PrintErrln(err) return } if err := App.LoadCA(soPIN, userPIN); err != nil { cmd.PrintErrln(err) return } } intermediateCN := App.CA.Identity().Subject.CommonName if err := App.CA.OSTrustStore().Uninstall(intermediateCN); err != nil { cmd.PrintErrln(err) } cmd.Println("CA certificates successfully uninstalled") }, }
Functions ¶
This section is empty.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.