fix(commands): missing pkcs8 option (#5270)

Several crypto generate situations could not generate PKCS #8 ASN.1 DER format keys. Ths fixes this.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
pull/5273/head
James Elliott 2023-04-18 12:16:45 +10:00 committed by GitHub
parent 4050bb6a64
commit 033d3c0408
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 22 additions and 9 deletions

View File

@ -56,6 +56,7 @@ authelia crypto certificate ecdsa generate --help
-o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode
--province strings certificate province
--sans strings subject alternative names

View File

@ -48,6 +48,7 @@ authelia crypto certificate ecdsa request --help
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
-o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode
--province strings certificate province
--sans strings subject alternative names

View File

@ -55,6 +55,7 @@ authelia crypto certificate ed25519 request --help
-o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode
--province strings certificate province
--sans strings subject alternative names

View File

@ -47,6 +47,7 @@ authelia crypto certificate ed25519 request --help
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
-o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode
--province strings certificate province
--sans strings subject alternative names

View File

@ -56,6 +56,7 @@ authelia crypto certificate rsa generate --help
-o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit
--path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode
--province strings certificate province
--sans strings subject alternative names

View File

@ -48,6 +48,7 @@ authelia crypto certificate rsa request --help
--not-before string earliest date and time the certificate is considered valid in various formats (default is now)
-o, --organization strings certificate organization (default [Authelia])
--organizational-unit strings certificate organizational unit
--pkcs8 force PKCS #8 ASN.1 format
-p, --postcode strings certificate postcode
--province strings certificate province
--sans strings subject alternative names

View File

@ -275,18 +275,20 @@ func (ctx *CmdCtx) CryptoGenerateRunE(cmd *cobra.Command, args []string) (err er
// CryptoCertificateRequestRunE is the RunE for the authelia crypto certificate request command.
func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string) (err error) {
var (
template *x509.CertificateRequest
privateKey any
csr []byte
privateKeyPath, csrPath string
pkcs8 bool
)
if privateKey, err = ctx.cryptoGenPrivateKeyFromCmd(cmd); err != nil {
return err
}
var (
template *x509.CertificateRequest
csr []byte
privateKeyPath, csrPath string
)
if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
return err
}
if template, err = cryptoGetCSRFromCmd(cmd); err != nil {
return err
@ -329,7 +331,7 @@ func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string)
return fmt.Errorf("failed to create certificate request: %w", err)
}
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
return err
}
@ -345,8 +347,13 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
var (
template, caCertificate, parent *x509.Certificate
publicKey, caPrivateKey, signatureKey any
pkcs8 bool
)
if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
return err
}
if publicKey = utils.PublicKeyFromPrivateKey(privateKey); publicKey == nil {
return fmt.Errorf("failed to obtain public key from private key")
}
@ -419,7 +426,7 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
return fmt.Errorf("failed to create certificate: %w", err)
}
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
return err
}

View File

@ -59,10 +59,10 @@ func cmdFlagsCryptoCertificateRequest(cmd *cobra.Command) {
func cmdFlagsCryptoPairGenerate(cmd *cobra.Command) {
cmd.Flags().String(cmdFlagNameFilePublicKey, "public.pem", "name of the file to export the public key data to")
cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
}
func cmdFlagsCryptoPrivateKey(cmd *cobra.Command) {
cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
cmd.Flags().String(cmdFlagNameFilePrivateKey, "private.pem", "name of the file to export the private key data to")
cmd.Flags().StringP(cmdFlagNameDirectory, "d", "", "directory where the generated keys, certificates, etc will be stored")
}