Initial commit of RSA CLI tool, still very much WIP

.gitignore

@@ -0,0 +1 @@
+rsa

cmd/ca/ca.go

@@ -0,0 +1,113 @@
+package ca
+
+import (
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/spf13/cobra"
+)
+
+var (
+	dir            string
+	outputFilename string
+
+	// signCommonFlags refers to these
+	validFrom  string
+	validUntil string
+
+	// createCACommonFlags refers to these
+	bits             int
+	excludedDomains  []string
+	excludedIPs      []string
+	maxPathLen       int
+	permittedDomains []string
+	permittedIPs     []string
+)
+
+// Register the "keygen" subcommand.
+func Register(root *cobra.Command) {
+	caCmd := &cobra.Command{
+		Use:   "ca",
+		Short: "Certificate authority creation and operation",
+	}
+	caCmd.PersistentFlags().StringVarP(&dir, "dir", "d", "", "Directory holding CA")
+	caCmd.MarkPersistentFlagRequired("dir")
+
+	root.AddCommand(caCmd)
+
+	// init command
+	cmd := &cobra.Command{
+		Use:   "init <description>",
+		Short: "Initialise a brand-new certificate authority",
+		Args:  cobra.ExactArgs(1),
+		Run:   Init,
+	}
+	createCACommonFlags(cmd)
+	signCommonFlags(cmd)
+	caCmd.AddCommand(cmd)
+
+	// sign command
+	cmd = &cobra.Command{
+		Use:   "sign csr.pem",
+		Short: "Sign one or more CSRs",
+		Args:  cobra.ExactArgs(1),
+		Run:   Sign,
+	}
+	cmd.Flags().StringVarP(&outputFilename, "output", "o", "", "Name of output file (default stdout).")
+	signCommonFlags(cmd)
+	caCmd.AddCommand(cmd)
+
+	// intermediate command
+	cmd = &cobra.Command{
+		Use:   "intermediate <dir> <description>",
+		Short: "Using an existing CA, create a new intermediate CA",
+		Args:  cobra.ExactArgs(2),
+		Run:   Intermediate,
+	}
+	createCACommonFlags(cmd)
+	signCommonFlags(cmd)
+	caCmd.AddCommand(cmd)
+}
+
+func createCACommonFlags(cmd *cobra.Command) {
+	cmd.Flags().IntVarP(&bits, "bits", "b", 3072, "Key size in bits")
+	cmd.Flags().StringSliceVar(&excludedDomains, "exclude-domain", nil,
+		"Do not allow certs to be issued for named domain. Multiple may be specified")
+	cmd.Flags().StringSliceVar(&excludedIPs, "exclude-cidr", nil,
+		"Do not allow certs to be issued for given IP range. Multiple may be specified")
+	cmd.Flags().IntVar(&maxPathLen, "max-path-len", -1,
+		"Maximum path length (whether any further CAs may be issued)")
+	cmd.Flags().StringSliceVar(&permittedDomains, "permit-domain", nil,
+		"Allow certs to be issued only for named domain. Multiple may be specified")
+	cmd.Flags().StringSliceVar(&permittedIPs, "permit-cidr", nil,
+		"Allow certs to be issued only for given IP range. Multiple may be specified")
+}
+
+func signCommonFlags(cmd *cobra.Command) {
+	cmd.Flags().StringVar(&validFrom, "valid-from", "", "RFC3339-format timestamp for start of cert validity")
+	cmd.Flags().StringVar(&validUntil, "valid-until", "", "RFC3339-format timestamp for end of cert validity")
+}
+
+func signingDates(defaultDuration time.Duration) (from, until time.Time) {
+	var err error
+	if validFrom == "" {
+		from = time.Now().Add(-2 * time.Hour)
+	} else {
+		from, err = time.Parse(time.RFC3339, validFrom)
+		if err != nil {
+			fmt.Fprintln(os.Stderr, "--valid-from %s: not a valid RFC3339-format timestamp\n")
+			os.Exit(1)
+		}
+	}
+	if validUntil == "" {
+		until = time.Now().Add(defaultDuration)
+	} else {
+		until, err = time.Parse(time.RFC3339, validUntil)
+		if err != nil {
+			fmt.Fprintln(os.Stderr, "--valid-until %s: not a valid RFC3339-format timestamp\n")
+			os.Exit(1)
+		}
+	}
+	return
+}

cmd/ca/init.go

@@ -0,0 +1,86 @@
+package ca
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"fmt"
+	"net"
+	"os"
+	"time"
+
+	"github.com/spf13/cobra"
+	"src.lwithers.me.uk/go/rsa/pkg/ca"
+)
+
+// Init a new certificate authority from scratch.
+func Init(cmd *cobra.Command, args []string) {
+	desc := args[0]
+
+	template := createCATemplate(desc)
+	key, err := rsa.GenerateKey(rand.Reader, bits)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Failed to generate new key (%d bits): %v\n", bits, err)
+		os.Exit(1)
+	}
+
+	_, err = ca.Create(dir, template, key)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Failed to initialise new certificate authority: %v\n", err)
+		os.Exit(1)
+	}
+}
+
+func createCATemplate(desc string) *x509.Certificate {
+	from, until := signingDates(30 * 365 * 24 * time.Hour)
+
+	hasTargetRules := len(permittedDomains) > 0 || len(excludedDomains) > 0
+	var permittedIP, excludedIP []*net.IPNet
+	if len(permittedIPs) > 0 {
+		hasTargetRules = true
+		for _, ipr := range permittedIPs {
+			permittedIP = append(permittedIP, parseCIDR(ipr))
+		}
+	}
+	if len(excludedIPs) > 0 {
+		hasTargetRules = true
+		for _, ipr := range permittedIPs {
+			excludedIP = append(excludedIP, parseCIDR(ipr))
+		}
+	}
+
+	return &x509.Certificate{
+		Subject: pkix.Name{
+			CommonName: desc,
+		},
+		NotBefore: from,
+		NotAfter:  until,
+
+		BasicConstraintsValid: true,
+		IsCA:                  true,
+		MaxPathLen:            maxPathLen,
+		MaxPathLenZero:        (maxPathLen == 0),
+
+		PermittedDNSDomains:         permittedDomains,
+		ExcludedDNSDomains:          excludedDomains,
+		PermittedIPRanges:           permittedIP,
+		ExcludedIPRanges:            excludedIP,
+		PermittedDNSDomainsCritical: hasTargetRules,
+	}
+}
+
+func parseCIDR(s string) *net.IPNet {
+	ip, ipnet, err := net.ParseCIDR(s)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		os.Exit(1)
+	}
+
+	if !ip.Equal(ipnet.IP) {
+		fmt.Fprintf(os.Stderr, "%s: invalid IP range (did you mean %s?)\n", s, ipnet.String())
+		os.Exit(1)
+	}
+
+	return ipnet
+}

cmd/ca/intermediate.go

@@ -0,0 +1,37 @@
+package ca
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+	"src.lwithers.me.uk/go/rsa/pkg/ca"
+)
+
+// Intermediate uses an existing CA to create a new intermediate CA in a new
+// directory.
+func Intermediate(cmd *cobra.Command, args []string) {
+	newCADir := args[0]
+	desc := args[1]
+
+	ca, err := ca.Open(dir)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		os.Exit(1)
+	}
+
+	template := createCATemplate(desc)
+	key, err := rsa.GenerateKey(rand.Reader, bits)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Failed to generate new key (%d bits): %v\n", bits, err)
+		os.Exit(1)
+	}
+
+	_, err = ca.CreateIntermediate(newCADir, template, key)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Failed to initialise new intermediate CA: %v\n", err)
+		os.Exit(1)
+	}
+}

cmd/ca/sign.go

@@ -0,0 +1,87 @@
+package ca
+
+import (
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/spf13/cobra"
+	"src.lwithers.me.uk/go/rsa/pkg/ca"
+	"src.lwithers.me.uk/go/rsa/pkg/pemfile"
+)
+
+// Sign one or more CSRs.
+func Sign(cmd *cobra.Command, args []string) {
+	csrFilename := args[0]
+	from, until := signingDates(365 * 24 * time.Hour)
+
+	// open the CA
+	ca, err := ca.Open(dir)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		os.Exit(1)
+	}
+
+	// parse the CSR
+	csr, err := pemfile.ReadCSR(csrFilename)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		os.Exit(1)
+	}
+	pubKey, ok := csr.PublicKey.(*rsa.PublicKey)
+	if !ok {
+		fmt.Fprintf(os.Stderr, "%s: public key is not RSA\n", csrFilename)
+		os.Exit(1)
+	}
+
+	// build the certificate template
+	var (
+		keyUsage    x509.KeyUsage
+		extKeyUsage []x509.ExtKeyUsage
+	)
+	switch {
+	// TODO: CLI flags
+	case len(csr.DNSNames) == 0 && len(csr.IPAddresses) == 0:
+		extKeyUsage = append(extKeyUsage, x509.ExtKeyUsageClientAuth)
+	default:
+		extKeyUsage = append(extKeyUsage, x509.ExtKeyUsageServerAuth)
+	}
+
+	template := &x509.Certificate{
+		KeyUsage:    keyUsage,
+		ExtKeyUsage: extKeyUsage,
+		Subject:     csr.Subject,
+		NotBefore:   from,
+		NotAfter:    until,
+		DNSNames:    csr.DNSNames,
+		IPAddresses: csr.IPAddresses,
+	}
+
+	// sign the certificate
+	cert, auditDir, err := ca.Sign(template, pubKey)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		os.Exit(1)
+	}
+	raw := pem.EncodeToMemory(&pem.Block{
+		Type:  pemfile.TypeX509Certificate,
+		Bytes: cert.Raw,
+	})
+
+	// TODO: copy CSR to audit dir
+	_ = auditDir
+
+	// write CSR to output file
+	switch outputFilename {
+	case "", "-":
+		os.Stdout.Write(raw)
+	default:
+		if err := os.WriteFile(outputFilename, raw, 0600); err != nil {
+			fmt.Fprintln(os.Stderr, err)
+			os.Exit(1)
+		}
+	}
+}

cmd/csr/csr.go

@@ -0,0 +1,87 @@
+package csr
+
+import (
+	"crypto/rand"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"fmt"
+	"net"
+	"os"
+
+	"github.com/spf13/cobra"
+	"src.lwithers.me.uk/go/rsa/pkg/pemfile"
+)
+
+var (
+	outputFile string
+	hostnames  []string
+	ips        []string
+)
+
+// Register the "keygen" subcommand.
+func Register(root *cobra.Command) {
+	cmd := &cobra.Command{
+		Use:   "csr key.pem \"description (common name)\"",
+		Short: "Generate a certificate signing request",
+		Run:   CSR,
+		Args:  cobra.ExactArgs(2),
+	}
+
+	cmd.Flags().StringVarP(&outputFile, "output", "o", "", "Name of output file (defaults to stdout)")
+	cmd.Flags().StringArrayVar(&hostnames, "host", nil, "Subject alternate name (may be specified multiple times)")
+	cmd.Flags().StringArrayVar(&ips, "ip", nil, "IP address (may be specified multiple times)")
+
+	root.AddCommand(cmd)
+}
+
+// CSR will load a private key, then write out and generate a CSR.
+func CSR(cmd *cobra.Command, args []string) {
+	keyFile := args[0]
+	desc := args[1]
+
+	key, err := pemfile.ReadKey(keyFile)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		os.Exit(1)
+	}
+
+	var ipAddrs []net.IP
+	for _, ip := range ips {
+		i := net.ParseIP(ip)
+		if i == nil {
+			fmt.Fprintf(os.Stderr, "--ip argument %q is not valid\n", ip)
+			os.Exit(1)
+		}
+		ipAddrs = append(ipAddrs, i)
+	}
+
+	template := &x509.CertificateRequest{
+		Subject: pkix.Name{
+			CommonName: desc,
+		},
+		DNSNames:    hostnames,
+		IPAddresses: ipAddrs,
+	}
+	der, err := x509.CreateCertificateRequest(rand.Reader, template, key)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "failed to create certificate signing request: %v\n", err)
+		os.Exit(1)
+	}
+
+	raw := pem.EncodeToMemory(&pem.Block{
+		Type:  pemfile.TypeX509CSR,
+		Bytes: der,
+	})
+
+	switch outputFile {
+	case "", "-":
+		os.Stdout.Write(raw)
+
+	default:
+		if err := os.WriteFile(outputFile, raw, 0600); err != nil {
+			fmt.Fprintln(os.Stderr, err)
+			os.Exit(1)
+		}
+	}
+}

cmd/inspect/display_coloured.go

@@ -0,0 +1,111 @@
+package inspect
+
+import (
+	"fmt"
+	"os"
+	"strings"
+	"time"
+	"unicode/utf8"
+
+	"github.com/logrusorgru/aurora/v4"
+	"src.lwithers.me.uk/go/rsa/pkg/inspect"
+)
+
+var (
+	displayedFingerprints = map[string]int{}
+)
+
+func displayColoured(src string, info []inspect.Info) {
+	// compute max key length, for nicely aligning columns
+	var maxKey int
+	for _, item := range info {
+		for _, section := range item.Info() {
+			for _, field := range section.Fields {
+				l := utf8.RuneCountInString(field.Key)
+				if l > maxKey {
+					maxKey = l
+				}
+			}
+		}
+	}
+
+	// output options
+	var auroraHyper bool
+	switch os.Getenv("TERM") {
+	case "xterm-kitty":
+		auroraHyper = true
+	}
+	a := aurora.New(aurora.WithColors(true), aurora.WithHyperlinks(auroraHyper))
+
+	// display loop
+	for _, item := range info {
+		fmt.Printf("════════ %s:%s ════════\n",
+			a.BrightBlue(src), a.Blue(item.Location()))
+		for _, section := range item.Info() {
+			fmt.Println(aurora.Underline(section.Title))
+			for _, field := range section.Fields {
+				fmt.Printf("  %*s: ", maxKey, a.Yellow(field.Key))
+				switch v := field.Value.(type) {
+				case int:
+					fmt.Print(a.Blue(v))
+
+				case bool:
+					fmt.Print(a.Blue(v))
+
+				case time.Time:
+					var note string
+					switch {
+					case strings.Contains(field.Key, "from"):
+						if v.After(time.Now()) {
+							note = aurora.Red("not valid yet").String()
+						} else {
+							note = aurora.Green("ok").String()
+						}
+					case strings.Contains(field.Key, "until"):
+						if v.After(time.Now()) {
+							note = aurora.Green("ok").String()
+						} else {
+							note = aurora.Red("expired").String()
+						}
+					}
+
+					fmt.Printf("%s %s", v.Format(time.RFC3339), note)
+
+				case []string:
+					for i, s := range v {
+						fmt.Print(s)
+						if i < len(v)-1 {
+							fmt.Printf("\n%*s", maxKey+4, "")
+						}
+					}
+
+				case inspect.Fingerprint:
+					f := v.String()
+					fidx := displayedFingerprints[f]
+					var firstSeen bool
+					if fidx == 0 {
+						firstSeen = true
+						fidx = 1 + len(displayedFingerprints)
+						displayedFingerprints[f] = fidx
+					}
+
+					var note string
+					if firstSeen {
+						note = fmt.Sprintf("#%d %s", a.Blue(fidx),
+							a.Magenta("first occurrence"))
+					} else {
+						note = fmt.Sprintf("#%d %s", a.Blue(fidx),
+							a.Green("already seen"))
+					}
+
+					fmt.Printf("%v [%s]", f, note)
+
+				default:
+					fmt.Print(v)
+				}
+				fmt.Println("")
+			}
+		}
+		fmt.Println("")
+	}
+}

cmd/inspect/inspect.go

@@ -0,0 +1,162 @@
+package inspect
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"net"
+	"net/url"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/mattn/go-isatty"
+	"github.com/spf13/cobra"
+	"src.lwithers.me.uk/go/rsa/pkg/inspect"
+)
+
+var (
+	outputFormat string = "text"
+	display      func(src string, info []inspect.Info)
+)
+
+// Register the "keygen" subcommand.
+func Register(root *cobra.Command) {
+	cmd := &cobra.Command{
+		Use:   "inspect",
+		Short: "Inspect files and TLS servers",
+		RunE:  Inspect,
+		Args:  cobra.MinimumNArgs(1),
+	}
+
+	if isatty.IsTerminal(1) {
+		outputFormat = "coloured"
+	}
+
+	cmd.Flags().StringVarP(&outputFormat, "output", "o", outputFormat,
+		"Output format (coloured, text, json, yaml)")
+
+	root.AddCommand(cmd)
+}
+
+// Keygen will generate a new RSA private key and save it to a file.
+func Inspect(cmd *cobra.Command, args []string) error {
+	switch outputFormat {
+	case "coloured":
+		display = displayColoured
+	case "text":
+		display = displayText
+	case "json":
+		display = displayJSON
+	case "yaml":
+		display = displayYAML
+	default:
+		return errors.New("invalid --output format (try: coloured, text, json or yaml)")
+	}
+
+	for _, arg := range args {
+		switch {
+		case arg == "-":
+			inspectStdin()
+
+		case strings.HasPrefix(arg, "https://"):
+			inspectHTTPS(arg)
+
+		case strings.IndexByte(arg, ':') != 0:
+			_, _, err := net.SplitHostPort(arg)
+			if err == nil {
+				inspectHost(arg)
+				break
+			}
+			fallthrough
+
+		default:
+			inspectFile(arg)
+		}
+	}
+	return nil
+}
+
+func inspectStdin() {
+	// TODO
+}
+
+func inspectHTTPS(addr string) {
+	u, err := url.Parse(addr)
+	if err != nil {
+		// TODO
+	}
+
+	inspectHost(u.Host)
+	// TODO: need to add default port
+}
+
+func inspectHost(addr string) {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
+	// TODO: context dial
+
+	conn, err := tls.Dial("tcp", addr, &tls.Config{
+		// we want to skip verification so we can inspect invalid certs too
+		InsecureSkipVerify: true,
+
+		// we only enable RSA ciphersuites, but we do allow old ones, again
+		// so that we can report about bad / invalid servers
+		CipherSuites: []uint16{
+			tls.TLS_RSA_WITH_RC4_128_SHA,
+			tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
+			tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+			tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+			tls.TLS_AES_128_GCM_SHA256,
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_CHACHA20_POLY1305_SHA256,
+		},
+
+		// we enable TLSv1.0 so that we can complain about it
+		MinVersion: tls.VersionTLS10,
+	})
+	if err != nil {
+		// TODO
+	}
+
+	if err := conn.HandshakeContext(ctx); err != nil {
+		// TODO
+	}
+
+	display(addr, inspect.ConnectionState(conn.ConnectionState()))
+}
+
+func inspectFile(filename string) {
+	raw, err := os.ReadFile(filename)
+	if err != nil {
+		// TODO
+	}
+
+	info := inspect.LoadPEM(raw)
+	if len(info) == 0 {
+		// TODO
+	}
+
+	display(filename, info)
+}
+
+func displayText(src string, info []inspect.Info) {
+}
+
+func displayJSON(src string, info []inspect.Info) {
+}
+
+func displayYAML(src string, info []inspect.Info) {
+}

cmd/keygen/keygen.go

@@ -0,0 +1,72 @@
+package keygen
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+	"src.lwithers.me.uk/go/rsa/pkg/pemfile"
+)
+
+var (
+	bits  int
+	pkcs1 bool
+)
+
+// Register the "keygen" subcommand.
+func Register(root *cobra.Command) {
+	cmd := &cobra.Command{
+		Use:   "keygen",
+		Short: "Generate a new private key and save to file",
+		Run:   Keygen,
+		Args:  cobra.ExactArgs(1),
+	}
+
+	cmd.Flags().IntVarP(&bits, "bits", "b", 3072, "Key size in bits")
+	cmd.Flags().BoolVarP(&pkcs1, "pkcs1", "", false, "Write key as PKCS#1 rather than PKCS#8")
+
+	root.AddCommand(cmd)
+}
+
+// Keygen will generate a new RSA private key and save it to a file.
+func Keygen(cmd *cobra.Command, args []string) {
+	filename := args[0]
+
+	key, err := rsa.GenerateKey(rand.Reader, bits)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Failed to generate new key (%d bits): %v\n", bits, err)
+		os.Exit(1)
+	}
+
+	// prepare DER-form data
+	var der []byte
+	if pkcs1 {
+		der = x509.MarshalPKCS1PrivateKey(key)
+	} else {
+		der, err = x509.MarshalPKCS8PrivateKey(key)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Failed to marshal PKCS#8 private key: %v\n", err)
+			os.Exit(1)
+		}
+	}
+
+	// prepare PEM-form data
+	typ := pemfile.TypePKCS8PrivateKey
+	if pkcs1 {
+		typ = pemfile.TypePKCS1PrivateKey
+	}
+	x509raw := pem.EncodeToMemory(&pem.Block{
+		Type:  typ,
+		Bytes: der,
+	})
+
+	// write to file
+	if err := os.WriteFile(filename, x509raw, 0600); err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		os.Exit(1)
+	}
+}

go.mod

@@ -0,0 +1,17 @@
+module src.lwithers.me.uk/go/rsa
+
+go 1.20
+
+require (
+	github.com/logrusorgru/aurora/v4 v4.0.0
+	github.com/mattn/go-isatty v0.0.17
+	github.com/spf13/cobra v1.6.1
+	src.lwithers.me.uk/go/rsa/pkg v1.0.0
+)
+
+require (
+	github.com/inconshreveable/mousetrap v1.0.1 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/sys v0.5.0 // indirect
+	src.lwithers.me.uk/go/writefile v1.0.1 // indirect
+)

go.sum

@@ -0,0 +1,26 @@
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
+github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/logrusorgru/aurora/v4 v4.0.0 h1:sRjfPpun/63iADiSvGGjgA1cAYegEWMPCJdUpJYn9JA=
+github.com/logrusorgru/aurora/v4 v4.0.0/go.mod h1:lP0iIa2nrnT/qoFXcOZSrZQpJ1o6n2CUf/hyHi2Q4ZQ=
+github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
+github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
+github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+src.lwithers.me.uk/go/rsa/pkg v1.0.0 h1:JDJDlml1GfJE/jyiqhXhqkInQRVs/t3MvsRXWNEWPVs=
+src.lwithers.me.uk/go/rsa/pkg v1.0.0/go.mod h1:nZra8VAzQIbrQg2L6ev2BRQxvnpu7FBxfMtBrZ1ksek=
+src.lwithers.me.uk/go/writefile v1.0.1 h1:bwBGtvyZfCxFIM14e1aYgJWlZuowKkwJx53OJlUPd0s=
+src.lwithers.me.uk/go/writefile v1.0.1/go.mod h1:NahlmRCtB7kg4ai+zHZgxXdUs+MR8VqWG8mql35TsxA=

main.go

@@ -0,0 +1,28 @@
+package main
+
+import (
+	"os"
+
+	"github.com/spf13/cobra"
+	"src.lwithers.me.uk/go/rsa/cmd/ca"
+	"src.lwithers.me.uk/go/rsa/cmd/csr"
+	"src.lwithers.me.uk/go/rsa/cmd/inspect"
+	"src.lwithers.me.uk/go/rsa/cmd/keygen"
+)
+
+func main() {
+	root := &cobra.Command{
+		Use:   "rsa",
+		Short: "RSA key and certificate manipulation",
+	}
+
+	inspect.Register(root)
+	keygen.Register(root)
+	csr.Register(root)
+	ca.Register(root)
+
+	if err := root.Execute(); err != nil {
+		// error will already have been displayed
+		os.Exit(1)
+	}
+}