fix(commands): missing pkcs8 option (#5270)
Several crypto generate situations could not generate PKCS #8 ASN.1 DER format keys. Ths fixes this. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>pull/5273/head
parent
4050bb6a64
commit
033d3c0408
|
@ -56,6 +56,7 @@ authelia crypto certificate ecdsa generate --help
|
|||
-o, --organization strings certificate organization (default [Authelia])
|
||||
--organizational-unit strings certificate organizational unit
|
||||
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
|
||||
--pkcs8 force PKCS #8 ASN.1 format
|
||||
-p, --postcode strings certificate postcode
|
||||
--province strings certificate province
|
||||
--sans strings subject alternative names
|
||||
|
|
|
@ -48,6 +48,7 @@ authelia crypto certificate ecdsa request --help
|
|||
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
|
||||
-o, --organization strings certificate organization (default [Authelia])
|
||||
--organizational-unit strings certificate organizational unit
|
||||
--pkcs8 force PKCS #8 ASN.1 format
|
||||
-p, --postcode strings certificate postcode
|
||||
--province strings certificate province
|
||||
--sans strings subject alternative names
|
||||
|
|
|
@ -55,6 +55,7 @@ authelia crypto certificate ed25519 request --help
|
|||
-o, --organization strings certificate organization (default [Authelia])
|
||||
--organizational-unit strings certificate organizational unit
|
||||
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
|
||||
--pkcs8 force PKCS #8 ASN.1 format
|
||||
-p, --postcode strings certificate postcode
|
||||
--province strings certificate province
|
||||
--sans strings subject alternative names
|
||||
|
|
|
@ -47,6 +47,7 @@ authelia crypto certificate ed25519 request --help
|
|||
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
|
||||
-o, --organization strings certificate organization (default [Authelia])
|
||||
--organizational-unit strings certificate organizational unit
|
||||
--pkcs8 force PKCS #8 ASN.1 format
|
||||
-p, --postcode strings certificate postcode
|
||||
--province strings certificate province
|
||||
--sans strings subject alternative names
|
||||
|
|
|
@ -56,6 +56,7 @@ authelia crypto certificate rsa generate --help
|
|||
-o, --organization strings certificate organization (default [Authelia])
|
||||
--organizational-unit strings certificate organizational unit
|
||||
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
|
||||
--pkcs8 force PKCS #8 ASN.1 format
|
||||
-p, --postcode strings certificate postcode
|
||||
--province strings certificate province
|
||||
--sans strings subject alternative names
|
||||
|
|
|
@ -48,6 +48,7 @@ authelia crypto certificate rsa request --help
|
|||
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
|
||||
-o, --organization strings certificate organization (default [Authelia])
|
||||
--organizational-unit strings certificate organizational unit
|
||||
--pkcs8 force PKCS #8 ASN.1 format
|
||||
-p, --postcode strings certificate postcode
|
||||
--province strings certificate province
|
||||
--sans strings subject alternative names
|
||||
|
|
|
@ -275,18 +275,20 @@ func (ctx *CmdCtx) CryptoGenerateRunE(cmd *cobra.Command, args []string) (err er
|
|||
// CryptoCertificateRequestRunE is the RunE for the authelia crypto certificate request command.
|
||||
func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string) (err error) {
|
||||
var (
|
||||
template *x509.CertificateRequest
|
||||
privateKey any
|
||||
csr []byte
|
||||
privateKeyPath, csrPath string
|
||||
pkcs8 bool
|
||||
)
|
||||
|
||||
if privateKey, err = ctx.cryptoGenPrivateKeyFromCmd(cmd); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var (
|
||||
template *x509.CertificateRequest
|
||||
csr []byte
|
||||
privateKeyPath, csrPath string
|
||||
)
|
||||
if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if template, err = cryptoGetCSRFromCmd(cmd); err != nil {
|
||||
return err
|
||||
|
@ -329,7 +331,7 @@ func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string)
|
|||
return fmt.Errorf("failed to create certificate request: %w", err)
|
||||
}
|
||||
|
||||
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
|
||||
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
@ -345,8 +347,13 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
|
|||
var (
|
||||
template, caCertificate, parent *x509.Certificate
|
||||
publicKey, caPrivateKey, signatureKey any
|
||||
pkcs8 bool
|
||||
)
|
||||
|
||||
if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if publicKey = utils.PublicKeyFromPrivateKey(privateKey); publicKey == nil {
|
||||
return fmt.Errorf("failed to obtain public key from private key")
|
||||
}
|
||||
|
@ -419,7 +426,7 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
|
|||
return fmt.Errorf("failed to create certificate: %w", err)
|
||||
}
|
||||
|
||||
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
|
||||
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
|
@ -59,10 +59,10 @@ func cmdFlagsCryptoCertificateRequest(cmd *cobra.Command) {
|
|||
|
||||
func cmdFlagsCryptoPairGenerate(cmd *cobra.Command) {
|
||||
cmd.Flags().String(cmdFlagNameFilePublicKey, "public.pem", "name of the file to export the public key data to")
|
||||
cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
|
||||
}
|
||||
|
||||
func cmdFlagsCryptoPrivateKey(cmd *cobra.Command) {
|
||||
cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
|
||||
cmd.Flags().String(cmdFlagNameFilePrivateKey, "private.pem", "name of the file to export the private key data to")
|
||||
cmd.Flags().StringP(cmdFlagNameDirectory, "d", "", "directory where the generated keys, certificates, etc will be stored")
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue