fix(commands): missing pkcs8 option (#5270)

Several crypto generate situations could not generate PKCS #8 ASN.1 DER format keys. Ths fixes this.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
pull/5273/head
James Elliott 2023-04-18 12:16:45 +10:00 committed by GitHub
parent 4050bb6a64
commit 033d3c0408
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 22 additions and 9 deletions

View File

@ -56,6 +56,7 @@ authelia crypto certificate ecdsa generate --help
-o, --organization strings certificate organization (default [Authelia]) -o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit --organizational-unit strings certificate organizational unit
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed --path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode -p, --postcode strings certificate postcode
--province strings certificate province --province strings certificate province
--sans strings subject alternative names --sans strings subject alternative names

View File

@ -48,6 +48,7 @@ authelia crypto certificate ecdsa request --help
--not-before string earliest date and time the certificate is considered valid in various formats (default is now) --not-before string earliest date and time the certificate is considered valid in various formats (default is now)
-o, --organization strings certificate organization (default [Authelia]) -o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit --organizational-unit strings certificate organizational unit
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode -p, --postcode strings certificate postcode
--province strings certificate province --province strings certificate province
--sans strings subject alternative names --sans strings subject alternative names

View File

@ -55,6 +55,7 @@ authelia crypto certificate ed25519 request --help
-o, --organization strings certificate organization (default [Authelia]) -o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit --organizational-unit strings certificate organizational unit
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed --path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode -p, --postcode strings certificate postcode
--province strings certificate province --province strings certificate province
--sans strings subject alternative names --sans strings subject alternative names

View File

@ -47,6 +47,7 @@ authelia crypto certificate ed25519 request --help
--not-before string earliest date and time the certificate is considered valid in various formats (default is now) --not-before string earliest date and time the certificate is considered valid in various formats (default is now)
-o, --organization strings certificate organization (default [Authelia]) -o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit --organizational-unit strings certificate organizational unit
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode -p, --postcode strings certificate postcode
--province strings certificate province --province strings certificate province
--sans strings subject alternative names --sans strings subject alternative names

View File

@ -56,6 +56,7 @@ authelia crypto certificate rsa generate --help
-o, --organization strings certificate organization (default [Authelia]) -o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit --organizational-unit strings certificate organizational unit
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed --path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode -p, --postcode strings certificate postcode
--province strings certificate province --province strings certificate province
--sans strings subject alternative names --sans strings subject alternative names

View File

@ -48,6 +48,7 @@ authelia crypto certificate rsa request --help
--not-before string earliest date and time the certificate is considered valid in various formats (default is now) --not-before string earliest date and time the certificate is considered valid in various formats (default is now)
-o, --organization strings certificate organization (default [Authelia]) -o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit --organizational-unit strings certificate organizational unit
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode -p, --postcode strings certificate postcode
--province strings certificate province --province strings certificate province
--sans strings subject alternative names --sans strings subject alternative names

View File

@ -275,18 +275,20 @@ func (ctx *CmdCtx) CryptoGenerateRunE(cmd *cobra.Command, args []string) (err er
// CryptoCertificateRequestRunE is the RunE for the authelia crypto certificate request command. // CryptoCertificateRequestRunE is the RunE for the authelia crypto certificate request command.
func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string) (err error) { func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string) (err error) {
var ( var (
template *x509.CertificateRequest
privateKey any privateKey any
csr []byte
privateKeyPath, csrPath string
pkcs8 bool
) )
if privateKey, err = ctx.cryptoGenPrivateKeyFromCmd(cmd); err != nil { if privateKey, err = ctx.cryptoGenPrivateKeyFromCmd(cmd); err != nil {
return err return err
} }
var ( if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
template *x509.CertificateRequest return err
csr []byte }
privateKeyPath, csrPath string
)
if template, err = cryptoGetCSRFromCmd(cmd); err != nil { if template, err = cryptoGetCSRFromCmd(cmd); err != nil {
return err return err
@ -329,7 +331,7 @@ func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string)
return fmt.Errorf("failed to create certificate request: %w", err) return fmt.Errorf("failed to create certificate request: %w", err)
} }
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil { if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
return err return err
} }
@ -345,8 +347,13 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
var ( var (
template, caCertificate, parent *x509.Certificate template, caCertificate, parent *x509.Certificate
publicKey, caPrivateKey, signatureKey any publicKey, caPrivateKey, signatureKey any
pkcs8 bool
) )
if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
return err
}
if publicKey = utils.PublicKeyFromPrivateKey(privateKey); publicKey == nil { if publicKey = utils.PublicKeyFromPrivateKey(privateKey); publicKey == nil {
return fmt.Errorf("failed to obtain public key from private key") return fmt.Errorf("failed to obtain public key from private key")
} }
@ -419,7 +426,7 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
return fmt.Errorf("failed to create certificate: %w", err) return fmt.Errorf("failed to create certificate: %w", err)
} }
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil { if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
return err return err
} }

View File

@ -59,10 +59,10 @@ func cmdFlagsCryptoCertificateRequest(cmd *cobra.Command) {
func cmdFlagsCryptoPairGenerate(cmd *cobra.Command) { func cmdFlagsCryptoPairGenerate(cmd *cobra.Command) {
cmd.Flags().String(cmdFlagNameFilePublicKey, "public.pem", "name of the file to export the public key data to") cmd.Flags().String(cmdFlagNameFilePublicKey, "public.pem", "name of the file to export the public key data to")
cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
} }
func cmdFlagsCryptoPrivateKey(cmd *cobra.Command) { func cmdFlagsCryptoPrivateKey(cmd *cobra.Command) {
cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
cmd.Flags().String(cmdFlagNameFilePrivateKey, "private.pem", "name of the file to export the private key data to") cmd.Flags().String(cmdFlagNameFilePrivateKey, "private.pem", "name of the file to export the private key data to")
cmd.Flags().StringP(cmdFlagNameDirectory, "d", "", "directory where the generated keys, certificates, etc will be stored") cmd.Flags().StringP(cmdFlagNameDirectory, "d", "", "directory where the generated keys, certificates, etc will be stored")
} }