2019-11-18 09:00:37 +03:00
|
|
|
package main
|
|
|
|
|
|
2019-12-17 04:16:50 +03:00
|
|
|
// Copyright (c) Microsoft Corporation.
|
|
|
|
|
// Licensed under the Apache License 2.0.
|
|
|
|
|
|
2019-11-18 09:00:37 +03:00
|
|
|
import (
|
|
|
|
|
"bytes"
|
2019-12-28 18:00:00 +03:00
|
|
|
"crypto/rsa"
|
2019-11-18 09:00:37 +03:00
|
|
|
"crypto/x509"
|
|
|
|
|
"encoding/pem"
|
2019-11-18 09:55:32 +03:00
|
|
|
"flag"
|
2019-12-28 18:00:00 +03:00
|
|
|
"fmt"
|
2019-11-18 09:00:37 +03:00
|
|
|
"io/ioutil"
|
2019-12-28 18:00:00 +03:00
|
|
|
"os"
|
2019-12-09 08:02:34 +03:00
|
|
|
|
2021-02-26 20:53:16 +03:00
|
|
|
utiltls "github.com/Azure/ARO-RP/pkg/util/tls"
|
2019-11-18 09:00:37 +03:00
|
|
|
)
|
|
|
|
|
|
2019-11-18 09:55:32 +03:00
|
|
|
var (
|
2019-12-28 18:00:00 +03:00
|
|
|
client = flag.Bool("client", false, "generate client certificate")
|
|
|
|
|
ca = flag.Bool("ca", false, "generate ca certificate")
|
|
|
|
|
keyFile = flag.String("keyFile", "", `file containing signing key in der format (default "" - self-signed)`)
|
|
|
|
|
certFile = flag.String("certFile", "", `file containing signing certificate in der format (default "" - self-signed)`)
|
2019-11-18 09:55:32 +03:00
|
|
|
)
|
|
|
|
|
|
2019-11-18 09:00:37 +03:00
|
|
|
func run(name string) error {
|
2019-12-28 18:00:00 +03:00
|
|
|
var signingKey *rsa.PrivateKey
|
|
|
|
|
var signingCert *x509.Certificate
|
|
|
|
|
|
|
|
|
|
if *keyFile != "" {
|
|
|
|
|
b, err := ioutil.ReadFile(*keyFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
signingKey, err = x509.ParsePKCS1PrivateKey(b)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if *certFile != "" {
|
|
|
|
|
b, err := ioutil.ReadFile(*certFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
signingCert, err = x509.ParseCertificate(b)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-26 20:53:16 +03:00
|
|
|
key, cert, err := utiltls.GenerateKeyAndCertificate(name, signingKey, signingCert, *ca, *client)
|
2019-11-18 09:00:37 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// key in der format
|
|
|
|
|
err = ioutil.WriteFile(name+".key", x509.MarshalPKCS1PrivateKey(key), 0600)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// cert in der format
|
2019-12-09 08:02:34 +03:00
|
|
|
err = ioutil.WriteFile(name+".crt", cert[0].Raw, 0666)
|
2019-11-18 09:00:37 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
buf := &bytes.Buffer{}
|
|
|
|
|
b, err := x509.MarshalPKCS8PrivateKey(key)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = pem.Encode(buf, &pem.Block{Type: "PRIVATE KEY", Bytes: b})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-09 08:02:34 +03:00
|
|
|
err = pem.Encode(buf, &pem.Block{Type: "CERTIFICATE", Bytes: cert[0].Raw})
|
2019-11-18 09:00:37 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// key and cert in PKCS#8 PEM format for Azure Key Vault.
|
|
|
|
|
return ioutil.WriteFile(name+".pem", buf.Bytes(), 0600)
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-28 18:00:00 +03:00
|
|
|
func usage() {
|
|
|
|
|
fmt.Fprintf(flag.CommandLine.Output(), "usage: %s commonName\n", os.Args[0])
|
|
|
|
|
flag.PrintDefaults()
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-18 09:00:37 +03:00
|
|
|
func main() {
|
2019-12-28 18:00:00 +03:00
|
|
|
flag.Usage = usage
|
2019-11-18 09:55:32 +03:00
|
|
|
flag.Parse()
|
|
|
|
|
|
2019-12-28 18:00:00 +03:00
|
|
|
if len(flag.Args()) != 1 {
|
|
|
|
|
flag.Usage()
|
|
|
|
|
os.Exit(2)
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-18 09:55:32 +03:00
|
|
|
if err := run(flag.Arg(0)); err != nil {
|
2019-11-18 09:00:37 +03:00
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
}
|
