fix: debrand hardcoded certificates defaults (j#IS-2853)

immobiliare · Jul 20, 2022 · cc88f5a · cc88f5a
1 parent ebb3ba1
commit cc88f5a
Show file tree

Hide file tree

Showing 4 changed files with 101 additions and 41 deletions.
diff --git a/cmd/gen.go b/cmd/gen.go
@@ -31,24 +31,31 @@ var cmdGen = &cobra.Command{
 			log.Fatal().Err(err).Msg("at least a name gotta be given")
 		}
 
-		req := pki.NewRequest(names...)
-		req.CA = true
+		reqOptions := make(map[string]any)
+		reqOptions["hosts"] = names
 
-		encode, err := cmd.Flags().GetString("encode")
-		if err != nil {
-			log.Fatal().Err(err).Msg("unable to read encode flag")
+		if duration, err := cmd.Flags().GetDuration("duration"); err == nil {
+			reqOptions["duration"] = duration
 		}
 
-		algo, err := cmd.Flags().GetString("algo")
-		if err != nil {
-			log.Fatal().Err(err).Msg("algorithm flag is mandatory")
+		if ca, err := cmd.Flags().GetBool("ca"); err == nil {
+			reqOptions["ca"] = ca
+		}
+
+		for _, reqOptionKey := range []string{
+			"algo", "organization", "country", "province", "locality", "streetAddress", "postalCode",
+		} {
+			if reqOptionValue, err := cmd.Flags().GetString(reqOptionKey); err == nil {
+				reqOptions[reqOptionKey] = reqOptionValue
+			}
 		}
-		req.Algo = map[string]int{
-			"eddsa": pki.EDDSA,
-			"ecdsa": pki.ECDSA,
-			"rsa":   pki.RSA,
-		}[algo]
-		log.Info().Strs("names", req.Hosts).Dur("duration", req.Duration).Str("algo", algo).Msg("generating certificate")
+
+		req := pki.NewRequest(reqOptions)
+		log.Info().Strs("names", req.Hosts).
+			Dur("duration", req.Duration).
+			Str("algo", string(req.Algo)).
+			Msg("generating certificate")
+
 		crt, key, err := pki.New(req)
 		if err != nil {
 			log.Fatal().Err(err).Msg("unable to generate certificate")
@@ -63,6 +70,7 @@ var cmdGen = &cobra.Command{
 		}
 
 		if output != "-" {
+
 			log.Info().Msg("exporting certificate")
 			if err := pki.Export(crtBytes, filepath.Join(output, "crt.pem")); err != nil {
 				log.Fatal().Err(err).Msg("unable to export certificate")
@@ -75,11 +83,19 @@ var cmdGen = &cobra.Command{
 
 			log.Info().Str("output", output).Msg("certificate created")
 			return
+
 		} else {
+
 			var (
 				crtBuffer = pki.ExportBytes(crtBytes)
 				keyBuffer = pki.ExportBytes(keyBytes)
 			)
+
+			encode, err := cmd.Flags().GetString("encode")
+			if err != nil {
+				log.Fatal().Err(err).Msg("unable to read encode flag")
+			}
+
 			switch encode {
 			case "zip":
 				out := new(bytes.Buffer)
@@ -110,16 +126,25 @@ var cmdGen = &cobra.Command{
 				fmt.Printf("%s%s", string(crtBuffer), string(keyBuffer))
 			}
 			return
+
 		}
 	},
 }
 
 func init() {
 	cmdRoot.AddCommand(cmdGen)
+	cmdGen.Flags().StringArrayP("name", "n", []string{}, "Certificate names")
 	cmdGen.Flags().StringP("output", "o", util.ErrWrap("./")(os.Getwd()), "Output path (\"-\" for stdout)")
 	cmdGen.Flags().StringP("encode", "e", "raw", "Encode returned payload: zip, json (only for stdout generation)")
-	cmdGen.Flags().StringArrayP("name", "n", []string{}, "Certificate names")
-	cmdGen.Flags().StringP("algo", "a", "ecdsa", "Private key algorithm")
+	cmdGen.Flags().StringP("algo", "a", pki.DefaultCrtAlgo, "Private key algorithm")
+	cmdGen.Flags().String("organization", "", "Certificate Organization")
+	cmdGen.Flags().String("country", "", "Certificate Country")
+	cmdGen.Flags().String("province", "", "Certificate Province")
+	cmdGen.Flags().String("locality", "", "Certificate Locality")
+	cmdGen.Flags().String("streetAddress", "", "Certificate StreetAddress")
+	cmdGen.Flags().String("postalCode", "", "Certificate PostalCode")
+	cmdGen.Flags().Duration("duration", pki.DefaultCrtDuration, "Certificate Duration")
+	cmdGen.Flags().Bool("ca", false, "CA-enabled certificate")
 	if err := cmdGen.MarkFlagRequired("name"); err != nil {
 		log.Fatal().Err(err).Msg("unable to mark name flag as required")
 	}

diff --git a/pki/crt.go b/pki/crt.go
@@ -21,10 +21,12 @@ type Request struct {
 	PostalCode    string
 	Hosts         []string
 	CA            bool
-	Algo          int
+	Algo          string
 	Duration      time.Duration
 }
 
+const DefaultCrtDuration = time.Duration(100 * 365 * 24 * time.Hour)
+
 func Parse(path string) (*x509.Certificate, error) {
 	data, err := ioutil.ReadFile(path)
 	if err != nil {
@@ -58,19 +60,46 @@ func ParseKeyPair(crtPath, keyPath string) (*x509.Certificate, *Key, error) {
 	return crt, &Key{Value: tls.PrivateKey}, nil
 }
 
-func NewRequest(names ...string) Request {
-	return Request{
-		Organization:  "Immobiliare.it",
-		Country:       "IT",
-		Province:      "RM",
-		Locality:      "Rome",
-		StreetAddress: "Via di Santa Prassede",
-		PostalCode:    "00184",
-		Hosts:         names,
-		CA:            false,
-		Algo:          ECDSA,
-		Duration:      time.Duration(100 * 365 * 24 * time.Hour),
+func NewRequest(options map[string]any) Request {
+	req := Request{
+		Hosts:    []string{},
+		CA:       false,
+		Algo:     ECDSA,
+		Duration: DefaultCrtDuration,
+	}
+
+	if organization, ok := options["organization"]; ok {
+		req.Organization = organization.(string)
+	}
+	if country, ok := options["country"]; ok {
+		req.Country = country.(string)
+	}
+	if province, ok := options["province"]; ok {
+		req.Province = province.(string)
+	}
+	if locality, ok := options["locality"]; ok {
+		req.Locality = locality.(string)
+	}
+	if streetAddress, ok := options["streetAddress"]; ok {
+		req.StreetAddress = streetAddress.(string)
 	}
+	if postalCode, ok := options["postalCode"]; ok {
+		req.PostalCode = postalCode.(string)
+	}
+	if hosts, ok := options["hosts"]; ok {
+		req.Hosts = hosts.([]string)
+	}
+	if ca, ok := options["ca"]; ok {
+		req.CA = ca.(bool)
+	}
+	if algo, ok := options["algo"]; ok {
+		req.Algo = algo.(string)
+	}
+	if duration, ok := options["duration"]; ok {
+		req.Duration = duration.(time.Duration)
+	}
+
+	return req
 }
 
 func New(req Request) (*x509.Certificate, *Key, error) {

diff --git a/pki/key.go b/pki/key.go
@@ -14,14 +14,15 @@ import (
 
 type Key struct {
 	Value any
-	Algo  int
+	Algo  string
 }
 
 const (
-	UnsupportedAlgorithm = iota
-	EDDSA
-	ECDSA
-	RSA
+	DefaultCrtAlgo       = ECDSA
+	UnsupportedAlgorithm = ""
+	EDDSA                = "eddsa"
+	ECDSA                = "ecdsa"
+	RSA                  = "rsa"
 )
 
 func ParseKey(path string) (*Key, error) {
@@ -51,7 +52,7 @@ func ParseKey(path string) (*Key, error) {
 	return &key, nil
 }
 
-func newKey(algo int) (*Key, error) {
+func newKey(algo string) (*Key, error) {
 	var (
 		key any
 		err error

diff --git a/provider/local.go b/provider/local.go
@@ -38,23 +38,28 @@ func (p *Local) For(name string) bool {
 }
 
 func (p *Local) Get(name string, options map[string]string) (*pem.Block, *pem.Block, error) {
-	names := []string{name}
+	reqOptions := make(map[string]any)
+	for key, value := range options {
+		reqOptions[key] = value
+	}
+
+	reqOptions["hosts"] = []string{name}
 	if altNames, ok := options["alt"]; ok {
-		names = append(names, strings.Split(altNames, ",")...)
+		reqOptions["hosts"] = append(reqOptions["hosts"].([]string), strings.Split(altNames, ",")...)
 	}
 
-	req := pki.NewRequest(names...)
 	if algo, ok := options["algo"]; ok {
 		switch algo {
 		case "eddsa":
-			req.Algo = pki.EDDSA
+			reqOptions["algo"] = pki.EDDSA
 		case "ecdsa":
-			req.Algo = pki.ECDSA
+			reqOptions["algo"] = pki.ECDSA
 		case "rsa":
-			req.Algo = pki.RSA
+			reqOptions["algo"] = pki.RSA
 		}
 	}
 
+	req := pki.NewRequest(reqOptions)
 	crt, key, err := pki.New(req)
 	if err != nil {
 		return nil, nil, err