fix(commands): missing pkcs8 option (#5270)
Several crypto generate situations could not generate PKCS #8 ASN.1 DER format keys. Ths fixes this. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>pull/5273/head
parent
4050bb6a64
commit
033d3c0408
|
@ -56,6 +56,7 @@ authelia crypto certificate ecdsa generate --help
|
||||||
-o, --organization strings certificate organization (default [Authelia])
|
-o, --organization strings certificate organization (default [Authelia])
|
||||||
--organizational-unit strings certificate organizational unit
|
--organizational-unit strings certificate organizational unit
|
||||||
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
|
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
|
||||||
|
--pkcs8 force PKCS #8 ASN.1 format
|
||||||
-p, --postcode strings certificate postcode
|
-p, --postcode strings certificate postcode
|
||||||
--province strings certificate province
|
--province strings certificate province
|
||||||
--sans strings subject alternative names
|
--sans strings subject alternative names
|
||||||
|
|
|
@ -48,6 +48,7 @@ authelia crypto certificate ecdsa request --help
|
||||||
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
|
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
|
||||||
-o, --organization strings certificate organization (default [Authelia])
|
-o, --organization strings certificate organization (default [Authelia])
|
||||||
--organizational-unit strings certificate organizational unit
|
--organizational-unit strings certificate organizational unit
|
||||||
|
--pkcs8 force PKCS #8 ASN.1 format
|
||||||
-p, --postcode strings certificate postcode
|
-p, --postcode strings certificate postcode
|
||||||
--province strings certificate province
|
--province strings certificate province
|
||||||
--sans strings subject alternative names
|
--sans strings subject alternative names
|
||||||
|
|
|
@ -55,6 +55,7 @@ authelia crypto certificate ed25519 request --help
|
||||||
-o, --organization strings certificate organization (default [Authelia])
|
-o, --organization strings certificate organization (default [Authelia])
|
||||||
--organizational-unit strings certificate organizational unit
|
--organizational-unit strings certificate organizational unit
|
||||||
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
|
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
|
||||||
|
--pkcs8 force PKCS #8 ASN.1 format
|
||||||
-p, --postcode strings certificate postcode
|
-p, --postcode strings certificate postcode
|
||||||
--province strings certificate province
|
--province strings certificate province
|
||||||
--sans strings subject alternative names
|
--sans strings subject alternative names
|
||||||
|
|
|
@ -47,6 +47,7 @@ authelia crypto certificate ed25519 request --help
|
||||||
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
|
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
|
||||||
-o, --organization strings certificate organization (default [Authelia])
|
-o, --organization strings certificate organization (default [Authelia])
|
||||||
--organizational-unit strings certificate organizational unit
|
--organizational-unit strings certificate organizational unit
|
||||||
|
--pkcs8 force PKCS #8 ASN.1 format
|
||||||
-p, --postcode strings certificate postcode
|
-p, --postcode strings certificate postcode
|
||||||
--province strings certificate province
|
--province strings certificate province
|
||||||
--sans strings subject alternative names
|
--sans strings subject alternative names
|
||||||
|
|
|
@ -56,6 +56,7 @@ authelia crypto certificate rsa generate --help
|
||||||
-o, --organization strings certificate organization (default [Authelia])
|
-o, --organization strings certificate organization (default [Authelia])
|
||||||
--organizational-unit strings certificate organizational unit
|
--organizational-unit strings certificate organizational unit
|
||||||
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
|
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
|
||||||
|
--pkcs8 force PKCS #8 ASN.1 format
|
||||||
-p, --postcode strings certificate postcode
|
-p, --postcode strings certificate postcode
|
||||||
--province strings certificate province
|
--province strings certificate province
|
||||||
--sans strings subject alternative names
|
--sans strings subject alternative names
|
||||||
|
|
|
@ -48,6 +48,7 @@ authelia crypto certificate rsa request --help
|
||||||
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
|
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
|
||||||
-o, --organization strings certificate organization (default [Authelia])
|
-o, --organization strings certificate organization (default [Authelia])
|
||||||
--organizational-unit strings certificate organizational unit
|
--organizational-unit strings certificate organizational unit
|
||||||
|
--pkcs8 force PKCS #8 ASN.1 format
|
||||||
-p, --postcode strings certificate postcode
|
-p, --postcode strings certificate postcode
|
||||||
--province strings certificate province
|
--province strings certificate province
|
||||||
--sans strings subject alternative names
|
--sans strings subject alternative names
|
||||||
|
|
|
@ -275,18 +275,20 @@ func (ctx *CmdCtx) CryptoGenerateRunE(cmd *cobra.Command, args []string) (err er
|
||||||
// CryptoCertificateRequestRunE is the RunE for the authelia crypto certificate request command.
|
// CryptoCertificateRequestRunE is the RunE for the authelia crypto certificate request command.
|
||||||
func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string) (err error) {
|
func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string) (err error) {
|
||||||
var (
|
var (
|
||||||
|
template *x509.CertificateRequest
|
||||||
privateKey any
|
privateKey any
|
||||||
|
csr []byte
|
||||||
|
privateKeyPath, csrPath string
|
||||||
|
pkcs8 bool
|
||||||
)
|
)
|
||||||
|
|
||||||
if privateKey, err = ctx.cryptoGenPrivateKeyFromCmd(cmd); err != nil {
|
if privateKey, err = ctx.cryptoGenPrivateKeyFromCmd(cmd); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
|
||||||
template *x509.CertificateRequest
|
return err
|
||||||
csr []byte
|
}
|
||||||
privateKeyPath, csrPath string
|
|
||||||
)
|
|
||||||
|
|
||||||
if template, err = cryptoGetCSRFromCmd(cmd); err != nil {
|
if template, err = cryptoGetCSRFromCmd(cmd); err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -329,7 +331,7 @@ func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string)
|
||||||
return fmt.Errorf("failed to create certificate request: %w", err)
|
return fmt.Errorf("failed to create certificate request: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
|
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -345,8 +347,13 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
|
||||||
var (
|
var (
|
||||||
template, caCertificate, parent *x509.Certificate
|
template, caCertificate, parent *x509.Certificate
|
||||||
publicKey, caPrivateKey, signatureKey any
|
publicKey, caPrivateKey, signatureKey any
|
||||||
|
pkcs8 bool
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
if publicKey = utils.PublicKeyFromPrivateKey(privateKey); publicKey == nil {
|
if publicKey = utils.PublicKeyFromPrivateKey(privateKey); publicKey == nil {
|
||||||
return fmt.Errorf("failed to obtain public key from private key")
|
return fmt.Errorf("failed to obtain public key from private key")
|
||||||
}
|
}
|
||||||
|
@ -419,7 +426,7 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
|
||||||
return fmt.Errorf("failed to create certificate: %w", err)
|
return fmt.Errorf("failed to create certificate: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
|
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -59,10 +59,10 @@ func cmdFlagsCryptoCertificateRequest(cmd *cobra.Command) {
|
||||||
|
|
||||||
func cmdFlagsCryptoPairGenerate(cmd *cobra.Command) {
|
func cmdFlagsCryptoPairGenerate(cmd *cobra.Command) {
|
||||||
cmd.Flags().String(cmdFlagNameFilePublicKey, "public.pem", "name of the file to export the public key data to")
|
cmd.Flags().String(cmdFlagNameFilePublicKey, "public.pem", "name of the file to export the public key data to")
|
||||||
cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func cmdFlagsCryptoPrivateKey(cmd *cobra.Command) {
|
func cmdFlagsCryptoPrivateKey(cmd *cobra.Command) {
|
||||||
|
cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
|
||||||
cmd.Flags().String(cmdFlagNameFilePrivateKey, "private.pem", "name of the file to export the private key data to")
|
cmd.Flags().String(cmdFlagNameFilePrivateKey, "private.pem", "name of the file to export the private key data to")
|
||||||
cmd.Flags().StringP(cmdFlagNameDirectory, "d", "", "directory where the generated keys, certificates, etc will be stored")
|
cmd.Flags().StringP(cmdFlagNameDirectory, "d", "", "directory where the generated keys, certificates, etc will be stored")
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue