2022-06-27 08:27:57 +00:00
|
|
|
package commands
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/ecdsa"
|
|
|
|
"crypto/ed25519"
|
|
|
|
"crypto/rsa"
|
|
|
|
"crypto/x509"
|
|
|
|
"fmt"
|
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/spf13/cobra"
|
|
|
|
|
|
|
|
"github.com/authelia/authelia/v4/internal/utils"
|
|
|
|
)
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
func newCryptoCmd(ctx *CmdCtx) (cmd *cobra.Command) {
|
2022-06-27 08:27:57 +00:00
|
|
|
cmd = &cobra.Command{
|
2022-10-17 10:51:59 +00:00
|
|
|
Use: cmdUseCrypto,
|
2022-06-27 08:27:57 +00:00
|
|
|
Short: cmdAutheliaCryptoShort,
|
|
|
|
Long: cmdAutheliaCryptoLong,
|
|
|
|
Example: cmdAutheliaCryptoExample,
|
|
|
|
Args: cobra.NoArgs,
|
2022-09-01 02:24:47 +00:00
|
|
|
|
|
|
|
DisableAutoGenTag: true,
|
2022-06-27 08:27:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
cmd.AddCommand(
|
2022-12-22 00:21:29 +00:00
|
|
|
newCryptoRandCmd(ctx),
|
|
|
|
newCryptoCertificateCmd(ctx),
|
|
|
|
newCryptoHashCmd(ctx),
|
|
|
|
newCryptoPairCmd(ctx),
|
2022-06-27 08:27:57 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
return cmd
|
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
func newCryptoRandCmd(ctx *CmdCtx) (cmd *cobra.Command) {
|
2022-10-17 10:51:59 +00:00
|
|
|
cmd = &cobra.Command{
|
|
|
|
Use: cmdUseRand,
|
|
|
|
Short: cmdAutheliaCryptoRandShort,
|
|
|
|
Long: cmdAutheliaCryptoRandLong,
|
|
|
|
Example: cmdAutheliaCryptoRandExample,
|
|
|
|
Args: cobra.NoArgs,
|
2022-12-22 00:21:29 +00:00
|
|
|
RunE: ctx.CryptoRandRunE,
|
2022-10-17 10:51:59 +00:00
|
|
|
|
|
|
|
DisableAutoGenTag: true,
|
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
cmd.Flags().StringP(cmdFlagNameCharSet, "x", cmdFlagValueCharSet, cmdFlagUsageCharset)
|
2022-11-04 00:32:49 +00:00
|
|
|
cmd.Flags().String(cmdFlagNameCharacters, "", cmdFlagUsageCharacters)
|
|
|
|
cmd.Flags().IntP(cmdFlagNameLength, "n", 72, cmdFlagUsageLength)
|
2022-10-17 10:51:59 +00:00
|
|
|
|
|
|
|
return cmd
|
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
func newCryptoCertificateCmd(ctx *CmdCtx) (cmd *cobra.Command) {
|
2022-06-27 08:27:57 +00:00
|
|
|
cmd = &cobra.Command{
|
|
|
|
Use: cmdUseCertificate,
|
|
|
|
Short: cmdAutheliaCryptoCertificateShort,
|
|
|
|
Long: cmdAutheliaCryptoCertificateLong,
|
|
|
|
Example: cmdAutheliaCryptoCertificateExample,
|
|
|
|
Args: cobra.NoArgs,
|
2022-09-01 02:24:47 +00:00
|
|
|
|
|
|
|
DisableAutoGenTag: true,
|
2022-06-27 08:27:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
cmd.AddCommand(
|
2022-12-22 00:21:29 +00:00
|
|
|
newCryptoCertificateSubCmd(ctx, cmdUseRSA),
|
|
|
|
newCryptoCertificateSubCmd(ctx, cmdUseECDSA),
|
|
|
|
newCryptoCertificateSubCmd(ctx, cmdUseEd25519),
|
2022-06-27 08:27:57 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
return cmd
|
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
func newCryptoCertificateSubCmd(ctx *CmdCtx, use string) (cmd *cobra.Command) {
|
2022-10-17 10:51:59 +00:00
|
|
|
useFmt := fmtCryptoCertificateUse(use)
|
2022-06-27 08:27:57 +00:00
|
|
|
|
|
|
|
cmd = &cobra.Command{
|
|
|
|
Use: use,
|
|
|
|
Short: fmt.Sprintf(fmtCmdAutheliaCryptoCertificateSubShort, useFmt),
|
|
|
|
Long: fmt.Sprintf(fmtCmdAutheliaCryptoCertificateSubLong, useFmt, useFmt),
|
2022-10-17 10:51:59 +00:00
|
|
|
Example: fmt.Sprintf(fmtCmdAutheliaCryptoCertificateSubExample, use),
|
2022-06-27 08:27:57 +00:00
|
|
|
Args: cobra.NoArgs,
|
2022-09-01 02:24:47 +00:00
|
|
|
|
|
|
|
DisableAutoGenTag: true,
|
2022-06-27 08:27:57 +00:00
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
cmd.AddCommand(newCryptoGenerateCmd(ctx, cmdUseCertificate, use), newCryptoCertificateRequestCmd(ctx, use))
|
2022-06-27 08:27:57 +00:00
|
|
|
|
|
|
|
return cmd
|
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
func newCryptoCertificateRequestCmd(ctx *CmdCtx, algorithm string) (cmd *cobra.Command) {
|
2022-06-27 08:27:57 +00:00
|
|
|
cmd = &cobra.Command{
|
|
|
|
Use: cmdUseRequest,
|
|
|
|
Args: cobra.NoArgs,
|
2022-12-22 00:21:29 +00:00
|
|
|
RunE: ctx.CryptoCertificateRequestRunE,
|
2022-09-01 02:24:47 +00:00
|
|
|
|
|
|
|
DisableAutoGenTag: true,
|
2022-06-27 08:27:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
cmdFlagsCryptoPrivateKey(cmd)
|
|
|
|
cmdFlagsCryptoCertificateCommon(cmd)
|
|
|
|
cmdFlagsCryptoCertificateRequest(cmd)
|
|
|
|
|
2022-10-17 10:51:59 +00:00
|
|
|
algorithmFmt := fmtCryptoCertificateUse(algorithm)
|
2022-06-27 08:27:57 +00:00
|
|
|
|
|
|
|
cmd.Short = fmt.Sprintf(fmtCmdAutheliaCryptoCertificateGenerateRequestShort, algorithmFmt, cryptoCertCSROut)
|
|
|
|
cmd.Long = fmt.Sprintf(fmtCmdAutheliaCryptoCertificateGenerateRequestLong, algorithmFmt, cryptoCertCSROut, algorithmFmt, cryptoCertCSROut)
|
|
|
|
|
|
|
|
switch algorithm {
|
|
|
|
case cmdUseRSA:
|
|
|
|
cmd.Example = cmdAutheliaCryptoCertificateRSARequestExample
|
|
|
|
|
|
|
|
cmdFlagsCryptoPrivateKeyRSA(cmd)
|
|
|
|
case cmdUseECDSA:
|
|
|
|
cmd.Example = cmdAutheliaCryptoCertificateECDSARequestExample
|
|
|
|
|
|
|
|
cmdFlagsCryptoPrivateKeyECDSA(cmd)
|
|
|
|
case cmdUseEd25519:
|
|
|
|
cmd.Example = cmdAutheliaCryptoCertificateEd25519RequestExample
|
|
|
|
|
|
|
|
cmdFlagsCryptoPrivateKeyEd25519(cmd)
|
|
|
|
}
|
|
|
|
|
|
|
|
return cmd
|
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
func newCryptoPairCmd(ctx *CmdCtx) (cmd *cobra.Command) {
|
2022-06-27 08:27:57 +00:00
|
|
|
cmd = &cobra.Command{
|
|
|
|
Use: cmdUsePair,
|
|
|
|
Short: cmdAutheliaCryptoPairShort,
|
|
|
|
Long: cmdAutheliaCryptoPairLong,
|
|
|
|
Example: cmdAutheliaCryptoPairExample,
|
|
|
|
Args: cobra.NoArgs,
|
2022-09-01 02:24:47 +00:00
|
|
|
|
|
|
|
DisableAutoGenTag: true,
|
2022-06-27 08:27:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
cmd.AddCommand(
|
2022-12-22 00:21:29 +00:00
|
|
|
newCryptoPairSubCmd(ctx, cmdUseRSA),
|
|
|
|
newCryptoPairSubCmd(ctx, cmdUseECDSA),
|
|
|
|
newCryptoPairSubCmd(ctx, cmdUseEd25519),
|
2022-06-27 08:27:57 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
return cmd
|
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
func newCryptoPairSubCmd(ctx *CmdCtx, use string) (cmd *cobra.Command) {
|
2022-06-27 08:27:57 +00:00
|
|
|
var (
|
|
|
|
example, useFmt string
|
|
|
|
)
|
|
|
|
|
2022-10-17 10:51:59 +00:00
|
|
|
useFmt = fmtCryptoCertificateUse(use)
|
2022-06-27 08:27:57 +00:00
|
|
|
|
|
|
|
switch use {
|
|
|
|
case cmdUseRSA:
|
|
|
|
example = cmdAutheliaCryptoPairRSAExample
|
|
|
|
case cmdUseECDSA:
|
|
|
|
example = cmdAutheliaCryptoPairECDSAExample
|
|
|
|
case cmdUseEd25519:
|
|
|
|
example = cmdAutheliaCryptoPairEd25519Example
|
|
|
|
}
|
|
|
|
|
|
|
|
cmd = &cobra.Command{
|
|
|
|
Use: use,
|
|
|
|
Short: fmt.Sprintf(cmdAutheliaCryptoPairSubShort, useFmt),
|
|
|
|
Long: fmt.Sprintf(cmdAutheliaCryptoPairSubLong, useFmt, useFmt),
|
|
|
|
Example: example,
|
|
|
|
Args: cobra.NoArgs,
|
2022-12-22 00:21:29 +00:00
|
|
|
RunE: ctx.CryptoGenerateRunE,
|
2022-09-01 02:24:47 +00:00
|
|
|
|
|
|
|
DisableAutoGenTag: true,
|
2022-06-27 08:27:57 +00:00
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
cmd.AddCommand(newCryptoGenerateCmd(ctx, cmdUsePair, use))
|
2022-06-27 08:27:57 +00:00
|
|
|
|
|
|
|
return cmd
|
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
func newCryptoGenerateCmd(ctx *CmdCtx, category, algorithm string) (cmd *cobra.Command) {
|
2022-06-27 08:27:57 +00:00
|
|
|
cmd = &cobra.Command{
|
|
|
|
Use: cmdUseGenerate,
|
|
|
|
Args: cobra.NoArgs,
|
2022-12-22 00:21:29 +00:00
|
|
|
RunE: ctx.CryptoGenerateRunE,
|
2022-09-01 02:24:47 +00:00
|
|
|
|
|
|
|
DisableAutoGenTag: true,
|
2022-06-27 08:27:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
cmdFlagsCryptoPrivateKey(cmd)
|
|
|
|
|
2022-10-17 10:51:59 +00:00
|
|
|
algorithmFmt := fmtCryptoCertificateUse(algorithm)
|
2022-06-27 08:27:57 +00:00
|
|
|
|
|
|
|
switch category {
|
|
|
|
case cmdUseCertificate:
|
|
|
|
cmdFlagsCryptoCertificateCommon(cmd)
|
|
|
|
cmdFlagsCryptoCertificateGenerate(cmd)
|
|
|
|
|
|
|
|
cmd.Short = fmt.Sprintf(fmtCmdAutheliaCryptoCertificateGenerateRequestShort, algorithmFmt, cryptoCertPubCertOut)
|
|
|
|
cmd.Long = fmt.Sprintf(fmtCmdAutheliaCryptoCertificateGenerateRequestLong, algorithmFmt, cryptoCertPubCertOut, algorithmFmt, cryptoCertPubCertOut)
|
|
|
|
|
|
|
|
switch algorithm {
|
|
|
|
case cmdUseRSA:
|
|
|
|
cmd.Example = cmdAutheliaCryptoCertificateRSAGenerateExample
|
|
|
|
|
|
|
|
cmdFlagsCryptoPrivateKeyRSA(cmd)
|
|
|
|
case cmdUseECDSA:
|
|
|
|
cmd.Example = cmdAutheliaCryptoCertificateECDSAGenerateExample
|
|
|
|
|
|
|
|
cmdFlagsCryptoPrivateKeyECDSA(cmd)
|
|
|
|
case cmdUseEd25519:
|
|
|
|
cmd.Example = cmdAutheliaCryptoCertificateEd25519GenerateExample
|
|
|
|
|
|
|
|
cmdFlagsCryptoPrivateKeyEd25519(cmd)
|
|
|
|
}
|
|
|
|
case cmdUsePair:
|
|
|
|
cmdFlagsCryptoPairGenerate(cmd)
|
|
|
|
|
|
|
|
cmd.Short = fmt.Sprintf(fmtCmdAutheliaCryptoPairGenerateShort, algorithmFmt)
|
|
|
|
cmd.Long = fmt.Sprintf(fmtCmdAutheliaCryptoPairGenerateLong, algorithmFmt, algorithmFmt)
|
|
|
|
|
|
|
|
switch algorithm {
|
|
|
|
case cmdUseRSA:
|
|
|
|
cmd.Example = cmdAutheliaCryptoPairRSAGenerateExample
|
|
|
|
|
|
|
|
cmdFlagsCryptoPrivateKeyRSA(cmd)
|
|
|
|
case cmdUseECDSA:
|
|
|
|
cmd.Example = cmdAutheliaCryptoPairECDSAGenerateExample
|
|
|
|
|
|
|
|
cmdFlagsCryptoPrivateKeyECDSA(cmd)
|
|
|
|
case cmdUseEd25519:
|
|
|
|
cmd.Example = cmdAutheliaCryptoPairEd25519GenerateExample
|
|
|
|
|
|
|
|
cmdFlagsCryptoPrivateKeyEd25519(cmd)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return cmd
|
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
// CryptoRandRunE is the RunE for the authelia crypto rand command.
|
|
|
|
func (ctx *CmdCtx) CryptoRandRunE(cmd *cobra.Command, args []string) (err error) {
|
|
|
|
var (
|
|
|
|
random string
|
|
|
|
)
|
|
|
|
|
|
|
|
if random, err = flagsGetRandomCharacters(cmd.Flags(), cmdFlagNameLength, cmdFlagNameCharSet, cmdFlagNameCharacters); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
fmt.Printf("Random Value: %s\n", random)
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// CryptoGenerateRunE is the RunE for the authelia crypto [pair|certificate] [rsa|ecdsa|ed25519] commands.
|
|
|
|
func (ctx *CmdCtx) CryptoGenerateRunE(cmd *cobra.Command, args []string) (err error) {
|
2022-06-27 08:27:57 +00:00
|
|
|
var (
|
2022-10-05 05:05:23 +00:00
|
|
|
privateKey any
|
2022-06-27 08:27:57 +00:00
|
|
|
)
|
|
|
|
|
2023-01-07 00:19:41 +00:00
|
|
|
if privateKey, err = ctx.cryptoGenPrivateKeyFromCmd(cmd); err != nil {
|
2022-06-27 08:27:57 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if cmd.Parent().Parent().Use == cmdUseCertificate {
|
2022-12-22 00:21:29 +00:00
|
|
|
return ctx.CryptoCertificateGenerateRunE(cmd, args, privateKey)
|
2022-06-27 08:27:57 +00:00
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
return ctx.CryptoPairGenerateRunE(cmd, args, privateKey)
|
2022-06-27 08:27:57 +00:00
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
// CryptoCertificateRequestRunE is the RunE for the authelia crypto certificate request command.
|
|
|
|
func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string) (err error) {
|
2022-06-27 08:27:57 +00:00
|
|
|
var (
|
2022-10-05 05:05:23 +00:00
|
|
|
privateKey any
|
2022-06-27 08:27:57 +00:00
|
|
|
)
|
|
|
|
|
2023-01-07 00:19:41 +00:00
|
|
|
if privateKey, err = ctx.cryptoGenPrivateKeyFromCmd(cmd); err != nil {
|
2022-06-27 08:27:57 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
template *x509.CertificateRequest
|
|
|
|
csr []byte
|
|
|
|
privateKeyPath, csrPath string
|
|
|
|
)
|
|
|
|
|
|
|
|
if template, err = cryptoGetCSRFromCmd(cmd); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
b := strings.Builder{}
|
|
|
|
|
|
|
|
b.WriteString("Generating Certificate Request\n\n")
|
|
|
|
|
|
|
|
b.WriteString("Subject:\n")
|
|
|
|
b.WriteString(fmt.Sprintf("\tCommon Name: %s, Organization: %s, Organizational Unit: %s\n", template.Subject.CommonName, template.Subject.Organization, template.Subject.OrganizationalUnit))
|
|
|
|
b.WriteString(fmt.Sprintf("\tCountry: %v, Province: %v, Street Address: %v, Postal Code: %v, Locality: %v\n\n", template.Subject.Country, template.Subject.Province, template.Subject.StreetAddress, template.Subject.PostalCode, template.Subject.Locality))
|
|
|
|
|
|
|
|
b.WriteString("Properties:\n")
|
|
|
|
|
|
|
|
b.WriteString(fmt.Sprintf("\tSignature Algorithm: %s, Public Key Algorithm: %s", template.SignatureAlgorithm, template.PublicKeyAlgorithm))
|
|
|
|
|
|
|
|
switch k := privateKey.(type) {
|
|
|
|
case *rsa.PrivateKey:
|
|
|
|
b.WriteString(fmt.Sprintf(", Bits: %d", k.N.BitLen()))
|
|
|
|
case *ecdsa.PrivateKey:
|
|
|
|
b.WriteString(fmt.Sprintf(", Elliptic Curve: %s", k.Curve.Params().Name))
|
|
|
|
}
|
|
|
|
|
|
|
|
b.WriteString(fmt.Sprintf("\n\tSubject Alternative Names: %s\n\n", strings.Join(cryptoSANsToString(template.DNSNames, template.IPAddresses), ", ")))
|
|
|
|
|
2023-02-11 03:11:40 +00:00
|
|
|
if _, privateKeyPath, csrPath, err = cryptoGetWritePathsFromCmd(cmd); err != nil {
|
2022-06-27 08:27:57 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
b.WriteString("Output Paths:\n")
|
|
|
|
b.WriteString(fmt.Sprintf("\tPrivate Key: %s\n", privateKeyPath))
|
|
|
|
b.WriteString(fmt.Sprintf("\tCertificate Request: %s\n\n", csrPath))
|
|
|
|
|
|
|
|
fmt.Print(b.String())
|
|
|
|
|
|
|
|
b.Reset()
|
|
|
|
|
2023-01-07 00:19:41 +00:00
|
|
|
if csr, err = x509.CreateCertificateRequest(ctx.providers.Random, template, privateKey); err != nil {
|
2022-06-27 08:27:57 +00:00
|
|
|
return fmt.Errorf("failed to create certificate request: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-02-11 03:11:40 +00:00
|
|
|
if err = utils.WriteCertificateBytesToPEM(csrPath, true, csr); err != nil {
|
2022-06-27 08:27:57 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
// CryptoCertificateGenerateRunE is the RunE for the authelia crypto certificate [rsa|ecdsa|ed25519] commands.
|
|
|
|
func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string, privateKey any) (err error) {
|
2022-06-27 08:27:57 +00:00
|
|
|
var (
|
|
|
|
template, caCertificate, parent *x509.Certificate
|
2022-10-05 05:05:23 +00:00
|
|
|
publicKey, caPrivateKey, signatureKey any
|
2022-06-27 08:27:57 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
if publicKey = utils.PublicKeyFromPrivateKey(privateKey); publicKey == nil {
|
|
|
|
return fmt.Errorf("failed to obtain public key from private key")
|
|
|
|
}
|
|
|
|
|
|
|
|
if caPrivateKey, caCertificate, err = cryptoGetCAFromCmd(cmd); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
signatureKey = privateKey
|
|
|
|
|
|
|
|
if caPrivateKey != nil {
|
|
|
|
signatureKey = caPrivateKey
|
|
|
|
}
|
|
|
|
|
2023-01-07 00:19:41 +00:00
|
|
|
if template, err = ctx.cryptoGetCertificateFromCmd(cmd); err != nil {
|
2022-06-27 08:27:57 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
b := strings.Builder{}
|
|
|
|
|
|
|
|
b.WriteString("Generating Certificate\n\n")
|
|
|
|
|
|
|
|
b.WriteString(fmt.Sprintf("\tSerial: %x\n\n", template.SerialNumber))
|
|
|
|
|
|
|
|
switch caCertificate {
|
|
|
|
case nil:
|
|
|
|
parent = template
|
|
|
|
|
|
|
|
b.WriteString("Signed By:\n\tSelf-Signed\n")
|
|
|
|
default:
|
|
|
|
parent = caCertificate
|
|
|
|
|
|
|
|
b.WriteString(fmt.Sprintf("Signed By:\n\t%s\n", caCertificate.Subject.CommonName))
|
|
|
|
b.WriteString(fmt.Sprintf("\tSerial: %x, Expires: %s\n", caCertificate.SerialNumber, caCertificate.NotAfter.Format(time.RFC3339)))
|
|
|
|
}
|
|
|
|
|
|
|
|
b.WriteString("\nSubject:\n")
|
|
|
|
b.WriteString(fmt.Sprintf("\tCommon Name: %s, Organization: %s, Organizational Unit: %s\n", template.Subject.CommonName, template.Subject.Organization, template.Subject.OrganizationalUnit))
|
|
|
|
b.WriteString(fmt.Sprintf("\tCountry: %v, Province: %v, Street Address: %v, Postal Code: %v, Locality: %v\n\n", template.Subject.Country, template.Subject.Province, template.Subject.StreetAddress, template.Subject.PostalCode, template.Subject.Locality))
|
|
|
|
|
|
|
|
b.WriteString("Properties:\n")
|
|
|
|
b.WriteString(fmt.Sprintf("\tNot Before: %s, Not After: %s\n", template.NotBefore.Format(time.RFC3339), template.NotAfter.Format(time.RFC3339)))
|
|
|
|
|
|
|
|
b.WriteString(fmt.Sprintf("\tCA: %v, CSR: %v, Signature Algorithm: %s, Public Key Algorithm: %s", template.IsCA, false, template.SignatureAlgorithm, template.PublicKeyAlgorithm))
|
|
|
|
|
|
|
|
switch k := privateKey.(type) {
|
|
|
|
case *rsa.PrivateKey:
|
|
|
|
b.WriteString(fmt.Sprintf(", Bits: %d", k.N.BitLen()))
|
|
|
|
case *ecdsa.PrivateKey:
|
|
|
|
b.WriteString(fmt.Sprintf(", Elliptic Curve: %s", k.Curve.Params().Name))
|
|
|
|
}
|
|
|
|
|
|
|
|
b.WriteString(fmt.Sprintf("\n\tSubject Alternative Names: %s\n\n", strings.Join(cryptoSANsToString(template.DNSNames, template.IPAddresses), ", ")))
|
|
|
|
|
|
|
|
var (
|
2023-02-11 03:11:40 +00:00
|
|
|
dir, privateKeyPath, certificatePath, certificateBundlePath string
|
|
|
|
|
|
|
|
bundle bool
|
|
|
|
certificate []byte
|
2022-06-27 08:27:57 +00:00
|
|
|
)
|
|
|
|
|
2023-02-11 03:11:40 +00:00
|
|
|
if dir, privateKeyPath, certificatePath, err = cryptoGetWritePathsFromCmd(cmd); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if bundle, certificateBundlePath, err = cryptoGetCertificateBundleFromCmd(cmd, dir, caCertificate); err != nil {
|
2022-06-27 08:27:57 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
b.WriteString("Output Paths:\n")
|
|
|
|
b.WriteString(fmt.Sprintf("\tPrivate Key: %s\n", privateKeyPath))
|
2023-02-11 03:11:40 +00:00
|
|
|
b.WriteString(fmt.Sprintf("\tCertificate: %s\n", certificatePath))
|
2022-06-27 08:27:57 +00:00
|
|
|
|
2023-01-07 00:19:41 +00:00
|
|
|
if certificate, err = x509.CreateCertificate(ctx.providers.Random, template, parent, publicKey, signatureKey); err != nil {
|
2022-06-27 08:27:57 +00:00
|
|
|
return fmt.Errorf("failed to create certificate: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-02-11 03:11:40 +00:00
|
|
|
if err = utils.WriteCertificateBytesToPEM(certificatePath, false, certificate); err != nil {
|
2022-06-27 08:27:57 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-02-11 03:11:40 +00:00
|
|
|
if bundle {
|
|
|
|
b.WriteString(fmt.Sprintf("\tCertificate (bundle): %s\n", certificateBundlePath))
|
|
|
|
|
|
|
|
if err = utils.WriteCertificateBytesToPEM(certificateBundlePath, false, certificate, caCertificate.Raw); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
b.WriteString("\n")
|
|
|
|
|
|
|
|
fmt.Print(b.String())
|
|
|
|
|
|
|
|
b.Reset()
|
|
|
|
|
2022-06-27 08:27:57 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-12-22 00:21:29 +00:00
|
|
|
// CryptoPairGenerateRunE is the RunE for the authelia crypto pair [rsa|ecdsa|ed25519] commands.
|
|
|
|
func (ctx *CmdCtx) CryptoPairGenerateRunE(cmd *cobra.Command, _ []string, privateKey any) (err error) {
|
2022-06-27 08:27:57 +00:00
|
|
|
var (
|
|
|
|
privateKeyPath, publicKeyPath string
|
|
|
|
pkcs8 bool
|
|
|
|
)
|
|
|
|
|
|
|
|
if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-02-11 03:11:40 +00:00
|
|
|
if _, privateKeyPath, publicKeyPath, err = cryptoGetWritePathsFromCmd(cmd); err != nil {
|
2022-06-27 08:27:57 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
b := strings.Builder{}
|
|
|
|
|
|
|
|
b.WriteString("Generating key pair\n\n")
|
|
|
|
|
|
|
|
switch k := privateKey.(type) {
|
|
|
|
case *rsa.PrivateKey:
|
|
|
|
b.WriteString(fmt.Sprintf("\tAlgorithm: RSA-%d %d bits\n\n", k.Size(), k.N.BitLen()))
|
|
|
|
case *ecdsa.PrivateKey:
|
|
|
|
b.WriteString(fmt.Sprintf("\tAlgorithm: ECDSA Curve %s\n\n", k.Curve.Params().Name))
|
|
|
|
case ed25519.PrivateKey:
|
|
|
|
b.WriteString("\tAlgorithm: Ed25519\n\n")
|
|
|
|
}
|
|
|
|
|
|
|
|
b.WriteString("Output Paths:\n")
|
|
|
|
b.WriteString(fmt.Sprintf("\tPrivate Key: %s\n", privateKeyPath))
|
|
|
|
b.WriteString(fmt.Sprintf("\tPublic Key: %s\n\n", publicKeyPath))
|
|
|
|
|
|
|
|
fmt.Print(b.String())
|
|
|
|
|
|
|
|
b.Reset()
|
|
|
|
|
|
|
|
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2022-10-05 05:05:23 +00:00
|
|
|
var publicKey any
|
2022-06-27 08:27:57 +00:00
|
|
|
|
|
|
|
if publicKey = utils.PublicKeyFromPrivateKey(privateKey); publicKey == nil {
|
|
|
|
return fmt.Errorf("failed to obtain public key from private key")
|
|
|
|
}
|
|
|
|
|
|
|
|
if err = utils.WriteKeyToPEM(publicKey, publicKeyPath, pkcs8); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|