diff --git a/cmd/pcert/certificate_options.go b/cmd/pcert/certificate_options.go deleted file mode 100644 index ec79678..0000000 --- a/cmd/pcert/certificate_options.go +++ /dev/null @@ -1,15 +0,0 @@ -package main - -import ( - "crypto/rand" - "crypto/x509" - "crypto/x509/pkix" - "encoding/asn1" - "fmt" - "math/big" - "net" - "net/url" - "time" - - "github.com/spf13/pflag" -) diff --git a/cmd/pcert/create.go b/cmd/pcert/create.go index 0477e3e..d740beb 100644 --- a/cmd/pcert/create.go +++ b/cmd/pcert/create.go @@ -48,16 +48,23 @@ the key (.key).`, return err } - certPEM, keyPEM, err := pcert.CreateWithKeyOptions(cert.cert, key.opts, signPair.cert, signPair.key) + certDER, privateKey, err := pcert.CreateWithKeyOptions(cert.cert, key.opts, signPair.cert, signPair.key) if err != nil { return err } - err = os.WriteFile(key.path, keyPEM, 0o600) + keyPEM, err := pcert.EncodeKey(privateKey) + if err != nil { + return err + } + + certPEM := pcert.Encode(certDER) + + err = os.WriteFile(key.path, keyPEM, 0600) if err != nil { return fmt.Errorf("failed to write key '%s': %w", key.path, err) } - err = os.WriteFile(cert.path, certPEM, 0o640) + err = os.WriteFile(cert.path, certPEM, 0640) if err != nil { return fmt.Errorf("failed to write certificate '%s': %w", key.path, err) } diff --git a/cmd/pcert/create2.go b/cmd/pcert/create2.go index b141ba8..0633c72 100644 --- a/cmd/pcert/create2.go +++ b/cmd/pcert/create2.go @@ -25,7 +25,7 @@ type createCommand struct { SignKeyLocation string Profile []string - CertificateOptions CertificateOptions + CertificateOptions pcert.CertificateOptions KeyOptions pcert.KeyOptions } @@ -47,7 +47,7 @@ func newCreate2Cmd() *cobra.Command { KeyOutputLocation: "", SignCertificateLocation: "", SignKeyLocation: "", - CertificateOptions: CertificateOptions{}, + CertificateOptions: pcert.CertificateOptions{}, KeyOptions: pcert.KeyOptions{}, } cmd := &cobra.Command{ @@ -73,7 +73,7 @@ pcert create tls.crt createCommand.KeyOutputLocation = args[1] } - certTemplate := NewCertificate(&createCommand.CertificateOptions) + certTemplate := pcert.NewCertificate(&createCommand.CertificateOptions) for _, p := range createCommand.Profile { switch p { @@ -179,6 +179,6 @@ pcert create tls.crt cmd.Flags().StringVarP(&createCommand.SignCertificateLocation, "sign-cert", "s", createCommand.SignCertificateLocation, "Certificate used to sign. If not specified a self-signed certificate is created") cmd.Flags().StringVar(&createCommand.SignKeyLocation, "sign-key", createCommand.SignKeyLocation, "Key used to sign. If not specified but --sign-cert is specified we use the key file relative to the certificate specified with --sign-cert.") cmd.Flags().StringSliceVar(&createCommand.Profile, "profile", createCommand.Profile, "Certificates profiles to apply (server, client, ca)") - createCommand.CertificateOptions.BindFlags(cmd.Flags()) + BindCertificateOptionsFlags(cmd.Flags(), &createCommand.CertificateOptions) return cmd } diff --git a/cmd/pcert/request.go b/cmd/pcert/request.go index cad0915..bfba4d1 100644 --- a/cmd/pcert/request.go +++ b/cmd/pcert/request.go @@ -34,16 +34,23 @@ func newRequestCmd() *cobra.Command { key.path = name + keyFileSuffix } - csrPEM, keyPEM, err := pcert.RequestWithKeyOptions(csr, key.opts) + csrDER, privateKey, err := pcert.CreateRequestWithKeyOptions(csr, key.opts) if err != nil { return err } - err = os.WriteFile(key.path, keyPEM, 0o600) + keyPEM, err := pcert.EncodeKey(privateKey) + if err != nil { + return err + } + + csrPEM := pcert.EncodeCSR(csrDER) + + err = os.WriteFile(key.path, keyPEM, 0600) if err != nil { return fmt.Errorf("failed to write key '%s': %w", key.path, err) } - err = os.WriteFile(csrFile, csrPEM, 0o640) + err = os.WriteFile(csrFile, csrPEM, 0640) if err != nil { return fmt.Errorf("failed to write CSR '%s': %w", csrFile, err) } diff --git a/cmd/pcert/sign.go b/cmd/pcert/sign.go index 538ba19..508d902 100644 --- a/cmd/pcert/sign.go +++ b/cmd/pcert/sign.go @@ -45,10 +45,13 @@ func newSignCmd() *cobra.Command { return err } - certPEM, err := pcert.SignCSR(csr, cert.cert, signPair.cert, signPair.key) + certDER, err := pcert.CreateCertificateWithCSR(csr, cert.cert, signPair.cert, signPair.key) if err != nil { return err } + + certPEM := pcert.Encode(certDER) + err = os.WriteFile(cert.path, certPEM, 0o640) return err },