fix(commands): missing pkcs8 option (#5270)

Several crypto generate situations could not generate PKCS #8 ASN.1 DER format keys. Ths fixes this.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>

docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_generate.md

@@ -56,6 +56,7 @@ authelia crypto certificate ecdsa generate --help
   -o, --organization strings            certificate organization (default [Authelia])
       --organizational-unit strings     certificate organizational unit
       --path.ca string                  source directory of the certificate authority files, if not provided the certificate will be self-signed
+      --pkcs8                           force PKCS #8 ASN.1 format
   -p, --postcode strings                certificate postcode
       --province strings                certificate province
       --sans strings                    subject alternative names

docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_request.md

@@ -48,6 +48,7 @@ authelia crypto certificate ecdsa request --help
       --not-before string             earliest date and time the certificate is considered valid in various formats (default is now)
   -o, --organization strings          certificate organization (default [Authelia])
       --organizational-unit strings   certificate organizational unit
+      --pkcs8                         force PKCS #8 ASN.1 format
   -p, --postcode strings              certificate postcode
       --province strings              certificate province
       --sans strings                  subject alternative names

docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_generate.md

@@ -55,6 +55,7 @@ authelia crypto certificate ed25519 request --help
   -o, --organization strings            certificate organization (default [Authelia])
       --organizational-unit strings     certificate organizational unit
       --path.ca string                  source directory of the certificate authority files, if not provided the certificate will be self-signed
+      --pkcs8                           force PKCS #8 ASN.1 format
   -p, --postcode strings                certificate postcode
       --province strings                certificate province
       --sans strings                    subject alternative names

docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_request.md

@@ -47,6 +47,7 @@ authelia crypto certificate ed25519 request --help
       --not-before string             earliest date and time the certificate is considered valid in various formats (default is now)
   -o, --organization strings          certificate organization (default [Authelia])
       --organizational-unit strings   certificate organizational unit
+      --pkcs8                         force PKCS #8 ASN.1 format
   -p, --postcode strings              certificate postcode
       --province strings              certificate province
       --sans strings                  subject alternative names

docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_generate.md

@@ -56,6 +56,7 @@ authelia crypto certificate rsa generate --help
   -o, --organization strings            certificate organization (default [Authelia])
       --organizational-unit strings     certificate organizational unit
       --path.ca string                  source directory of the certificate authority files, if not provided the certificate will be self-signed
+      --pkcs8                           force PKCS #8 ASN.1 format
   -p, --postcode strings                certificate postcode
       --province strings                certificate province
       --sans strings                    subject alternative names

docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_request.md

@@ -48,6 +48,7 @@ authelia crypto certificate rsa request --help
       --not-before string             earliest date and time the certificate is considered valid in various formats (default is now)
   -o, --organization strings          certificate organization (default [Authelia])
       --organizational-unit strings   certificate organizational unit
+      --pkcs8                         force PKCS #8 ASN.1 format
   -p, --postcode strings              certificate postcode
       --province strings              certificate province
       --sans strings                  subject alternative names

internal/commands/crypto.go

@@ -275,18 +275,20 @@ func (ctx *CmdCtx) CryptoGenerateRunE(cmd *cobra.Command, args []string) (err er
 // CryptoCertificateRequestRunE is the RunE for the authelia crypto certificate request command.
 func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string) (err error) {
 	var (
-		privateKey any
+		template                *x509.CertificateRequest
+		privateKey              any
+		csr                     []byte
+		privateKeyPath, csrPath string
+		pkcs8                   bool
 	)
 
 	if privateKey, err = ctx.cryptoGenPrivateKeyFromCmd(cmd); err != nil {
 		return err
 	}
 
-	var (
+	if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
-		template                *x509.CertificateRequest
+		return err
-		csr                     []byte
+	}
-		privateKeyPath, csrPath string
-	)
 
 	if template, err = cryptoGetCSRFromCmd(cmd); err != nil {
 		return err
@@ -329,7 +331,7 @@ func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string)
 		return fmt.Errorf("failed to create certificate request: %w", err)
 	}
 
-	if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
+	if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
 		return err
 	}
 
@@ -345,8 +347,13 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
 	var (
 		template, caCertificate, parent       *x509.Certificate
 		publicKey, caPrivateKey, signatureKey any
+		pkcs8                                 bool
 	)
 
+	if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
+		return err
+	}
+
 	if publicKey = utils.PublicKeyFromPrivateKey(privateKey); publicKey == nil {
 		return fmt.Errorf("failed to obtain public key from private key")
 	}
@@ -419,7 +426,7 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
 		return fmt.Errorf("failed to create certificate: %w", err)
 	}
 
-	if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
+	if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
 		return err
 	}
 

internal/commands/crypto_helper.go

@@ -59,10 +59,10 @@ func cmdFlagsCryptoCertificateRequest(cmd *cobra.Command) {
 
 func cmdFlagsCryptoPairGenerate(cmd *cobra.Command) {
 	cmd.Flags().String(cmdFlagNameFilePublicKey, "public.pem", "name of the file to export the public key data to")
-	cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
 }
 
 func cmdFlagsCryptoPrivateKey(cmd *cobra.Command) {
+	cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
 	cmd.Flags().String(cmdFlagNameFilePrivateKey, "private.pem", "name of the file to export the private key data to")
 	cmd.Flags().StringP(cmdFlagNameDirectory, "d", "", "directory where the generated keys, certificates, etc will be stored")
 }