fix(commands): missing pkcs8 option (#5270)

Several crypto generate situations could not generate PKCS #8 ASN.1 DER format keys. Ths fixes this. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-18 12:16:45 +10:00 · 2023-04-18 12:16:45 +10:00 · 033d3c0408
parent 4050bb6a64
commit 033d3c0408
8 changed files with 22 additions and 9 deletions
--- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_generate.md
+++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_generate.md
@ -56,6 +56,7 @@ authelia crypto certificate ecdsa generate --help
  -o, --organization strings            certificate organization (default [Authelia])
      --organizational-unit strings     certificate organizational unit
      --path.ca string                  source directory of the certificate authority files, if not provided the certificate will be self-signed
+      --pkcs8                           force PKCS #8 ASN.1 format
  -p, --postcode strings                certificate postcode
      --province strings                certificate province
      --sans strings                    subject alternative names
--- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_request.md
+++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_request.md
@ -48,6 +48,7 @@ authelia crypto certificate ecdsa request --help
      --not-before string             earliest date and time the certificate is considered valid in various formats (default is now)
  -o, --organization strings          certificate organization (default [Authelia])
      --organizational-unit strings   certificate organizational unit
+      --pkcs8                         force PKCS #8 ASN.1 format
  -p, --postcode strings              certificate postcode
      --province strings              certificate province
      --sans strings                  subject alternative names
--- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_generate.md
+++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_generate.md
@ -55,6 +55,7 @@ authelia crypto certificate ed25519 request --help
  -o, --organization strings            certificate organization (default [Authelia])
      --organizational-unit strings     certificate organizational unit
      --path.ca string                  source directory of the certificate authority files, if not provided the certificate will be self-signed
+      --pkcs8                           force PKCS #8 ASN.1 format
  -p, --postcode strings                certificate postcode
      --province strings                certificate province
      --sans strings                    subject alternative names
--- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_request.md
+++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_request.md
@ -47,6 +47,7 @@ authelia crypto certificate ed25519 request --help
      --not-before string             earliest date and time the certificate is considered valid in various formats (default is now)
  -o, --organization strings          certificate organization (default [Authelia])
      --organizational-unit strings   certificate organizational unit
+      --pkcs8                         force PKCS #8 ASN.1 format
  -p, --postcode strings              certificate postcode
      --province strings              certificate province
      --sans strings                  subject alternative names
--- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_generate.md
+++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_generate.md
@ -56,6 +56,7 @@ authelia crypto certificate rsa generate --help
  -o, --organization strings            certificate organization (default [Authelia])
      --organizational-unit strings     certificate organizational unit
      --path.ca string                  source directory of the certificate authority files, if not provided the certificate will be self-signed
+      --pkcs8                           force PKCS #8 ASN.1 format
  -p, --postcode strings                certificate postcode
      --province strings                certificate province
      --sans strings                    subject alternative names
--- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_request.md
+++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_request.md
@ -48,6 +48,7 @@ authelia crypto certificate rsa request --help
      --not-before string             earliest date and time the certificate is considered valid in various formats (default is now)
  -o, --organization strings          certificate organization (default [Authelia])
      --organizational-unit strings   certificate organizational unit
+      --pkcs8                         force PKCS #8 ASN.1 format
  -p, --postcode strings              certificate postcode
      --province strings              certificate province
      --sans strings                  subject alternative names
--- a/internal/commands/crypto.go
+++ b/internal/commands/crypto.go
@ -275,18 +275,20 @@ func (ctx *CmdCtx) CryptoGenerateRunE(cmd *cobra.Command, args []string) (err er
 // CryptoCertificateRequestRunE is the RunE for the authelia crypto certificate request command.
 func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string) (err error) {
 	var (
-		privateKey any
+		template                *x509.CertificateRequest
+		privateKey              any
+		csr                     []byte
+		privateKeyPath, csrPath string
+		pkcs8                   bool
 	)

 	if privateKey, err = ctx.cryptoGenPrivateKeyFromCmd(cmd); err != nil {
 		return err
 	}

-	var (
-		template                *x509.CertificateRequest
-		csr                     []byte
-		privateKeyPath, csrPath string
-	)
+	if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
+		return err
+	}

 	if template, err = cryptoGetCSRFromCmd(cmd); err != nil {
 		return err
@ -329,7 +331,7 @@ func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string)
 		return fmt.Errorf("failed to create certificate request: %w", err)
 	}

-	if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
+	if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
 		return err
 	}

@ -345,8 +347,13 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
 	var (
 		template, caCertificate, parent       *x509.Certificate
 		publicKey, caPrivateKey, signatureKey any
+		pkcs8                                 bool
 	)

+	if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
+		return err
+	}
+
 	if publicKey = utils.PublicKeyFromPrivateKey(privateKey); publicKey == nil {
 		return fmt.Errorf("failed to obtain public key from private key")
 	}
@ -419,7 +426,7 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
 		return fmt.Errorf("failed to create certificate: %w", err)
 	}

-	if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
+	if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
 		return err
 	}

--- a/internal/commands/crypto_helper.go
+++ b/internal/commands/crypto_helper.go
@ -59,10 +59,10 @@ func cmdFlagsCryptoCertificateRequest(cmd *cobra.Command) {

 func cmdFlagsCryptoPairGenerate(cmd *cobra.Command) {
 	cmd.Flags().String(cmdFlagNameFilePublicKey, "public.pem", "name of the file to export the public key data to")
-	cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
 }

 func cmdFlagsCryptoPrivateKey(cmd *cobra.Command) {
+	cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
 	cmd.Flags().String(cmdFlagNameFilePrivateKey, "private.pem", "name of the file to export the private key data to")
 	cmd.Flags().StringP(cmdFlagNameDirectory, "d", "", "directory where the generated keys, certificates, etc will be stored")
 }