diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..703f551 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +rsa diff --git a/cmd/ca/ca.go b/cmd/ca/ca.go new file mode 100644 index 0000000..e9f725c --- /dev/null +++ b/cmd/ca/ca.go @@ -0,0 +1,113 @@ +package ca + +import ( + "fmt" + "os" + "time" + + "github.com/spf13/cobra" +) + +var ( + dir string + outputFilename string + + // signCommonFlags refers to these + validFrom string + validUntil string + + // createCACommonFlags refers to these + bits int + excludedDomains []string + excludedIPs []string + maxPathLen int + permittedDomains []string + permittedIPs []string +) + +// Register the "keygen" subcommand. +func Register(root *cobra.Command) { + caCmd := &cobra.Command{ + Use: "ca", + Short: "Certificate authority creation and operation", + } + caCmd.PersistentFlags().StringVarP(&dir, "dir", "d", "", "Directory holding CA") + caCmd.MarkPersistentFlagRequired("dir") + + root.AddCommand(caCmd) + + // init command + cmd := &cobra.Command{ + Use: "init ", + Short: "Initialise a brand-new certificate authority", + Args: cobra.ExactArgs(1), + Run: Init, + } + createCACommonFlags(cmd) + signCommonFlags(cmd) + caCmd.AddCommand(cmd) + + // sign command + cmd = &cobra.Command{ + Use: "sign csr.pem", + Short: "Sign one or more CSRs", + Args: cobra.ExactArgs(1), + Run: Sign, + } + cmd.Flags().StringVarP(&outputFilename, "output", "o", "", "Name of output file (default stdout).") + signCommonFlags(cmd) + caCmd.AddCommand(cmd) + + // intermediate command + cmd = &cobra.Command{ + Use: "intermediate ", + Short: "Using an existing CA, create a new intermediate CA", + Args: cobra.ExactArgs(2), + Run: Intermediate, + } + createCACommonFlags(cmd) + signCommonFlags(cmd) + caCmd.AddCommand(cmd) +} + +func createCACommonFlags(cmd *cobra.Command) { + cmd.Flags().IntVarP(&bits, "bits", "b", 3072, "Key size in bits") + cmd.Flags().StringSliceVar(&excludedDomains, "exclude-domain", nil, + "Do not allow certs to be issued for named domain. Multiple may be specified") + cmd.Flags().StringSliceVar(&excludedIPs, "exclude-cidr", nil, + "Do not allow certs to be issued for given IP range. Multiple may be specified") + cmd.Flags().IntVar(&maxPathLen, "max-path-len", -1, + "Maximum path length (whether any further CAs may be issued)") + cmd.Flags().StringSliceVar(&permittedDomains, "permit-domain", nil, + "Allow certs to be issued only for named domain. Multiple may be specified") + cmd.Flags().StringSliceVar(&permittedIPs, "permit-cidr", nil, + "Allow certs to be issued only for given IP range. Multiple may be specified") +} + +func signCommonFlags(cmd *cobra.Command) { + cmd.Flags().StringVar(&validFrom, "valid-from", "", "RFC3339-format timestamp for start of cert validity") + cmd.Flags().StringVar(&validUntil, "valid-until", "", "RFC3339-format timestamp for end of cert validity") +} + +func signingDates(defaultDuration time.Duration) (from, until time.Time) { + var err error + if validFrom == "" { + from = time.Now().Add(-2 * time.Hour) + } else { + from, err = time.Parse(time.RFC3339, validFrom) + if err != nil { + fmt.Fprintln(os.Stderr, "--valid-from %s: not a valid RFC3339-format timestamp\n") + os.Exit(1) + } + } + if validUntil == "" { + until = time.Now().Add(defaultDuration) + } else { + until, err = time.Parse(time.RFC3339, validUntil) + if err != nil { + fmt.Fprintln(os.Stderr, "--valid-until %s: not a valid RFC3339-format timestamp\n") + os.Exit(1) + } + } + return +} diff --git a/cmd/ca/init.go b/cmd/ca/init.go new file mode 100644 index 0000000..50cc631 --- /dev/null +++ b/cmd/ca/init.go @@ -0,0 +1,86 @@ +package ca + +import ( + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "fmt" + "net" + "os" + "time" + + "github.com/spf13/cobra" + "src.lwithers.me.uk/go/rsa/pkg/ca" +) + +// Init a new certificate authority from scratch. +func Init(cmd *cobra.Command, args []string) { + desc := args[0] + + template := createCATemplate(desc) + key, err := rsa.GenerateKey(rand.Reader, bits) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to generate new key (%d bits): %v\n", bits, err) + os.Exit(1) + } + + _, err = ca.Create(dir, template, key) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to initialise new certificate authority: %v\n", err) + os.Exit(1) + } +} + +func createCATemplate(desc string) *x509.Certificate { + from, until := signingDates(30 * 365 * 24 * time.Hour) + + hasTargetRules := len(permittedDomains) > 0 || len(excludedDomains) > 0 + var permittedIP, excludedIP []*net.IPNet + if len(permittedIPs) > 0 { + hasTargetRules = true + for _, ipr := range permittedIPs { + permittedIP = append(permittedIP, parseCIDR(ipr)) + } + } + if len(excludedIPs) > 0 { + hasTargetRules = true + for _, ipr := range permittedIPs { + excludedIP = append(excludedIP, parseCIDR(ipr)) + } + } + + return &x509.Certificate{ + Subject: pkix.Name{ + CommonName: desc, + }, + NotBefore: from, + NotAfter: until, + + BasicConstraintsValid: true, + IsCA: true, + MaxPathLen: maxPathLen, + MaxPathLenZero: (maxPathLen == 0), + + PermittedDNSDomains: permittedDomains, + ExcludedDNSDomains: excludedDomains, + PermittedIPRanges: permittedIP, + ExcludedIPRanges: excludedIP, + PermittedDNSDomainsCritical: hasTargetRules, + } +} + +func parseCIDR(s string) *net.IPNet { + ip, ipnet, err := net.ParseCIDR(s) + if err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(1) + } + + if !ip.Equal(ipnet.IP) { + fmt.Fprintf(os.Stderr, "%s: invalid IP range (did you mean %s?)\n", s, ipnet.String()) + os.Exit(1) + } + + return ipnet +} diff --git a/cmd/ca/intermediate.go b/cmd/ca/intermediate.go new file mode 100644 index 0000000..c5d6d05 --- /dev/null +++ b/cmd/ca/intermediate.go @@ -0,0 +1,37 @@ +package ca + +import ( + "crypto/rand" + "crypto/rsa" + "fmt" + "os" + + "github.com/spf13/cobra" + "src.lwithers.me.uk/go/rsa/pkg/ca" +) + +// Intermediate uses an existing CA to create a new intermediate CA in a new +// directory. +func Intermediate(cmd *cobra.Command, args []string) { + newCADir := args[0] + desc := args[1] + + ca, err := ca.Open(dir) + if err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(1) + } + + template := createCATemplate(desc) + key, err := rsa.GenerateKey(rand.Reader, bits) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to generate new key (%d bits): %v\n", bits, err) + os.Exit(1) + } + + _, err = ca.CreateIntermediate(newCADir, template, key) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to initialise new intermediate CA: %v\n", err) + os.Exit(1) + } +} diff --git a/cmd/ca/sign.go b/cmd/ca/sign.go new file mode 100644 index 0000000..d32648a --- /dev/null +++ b/cmd/ca/sign.go @@ -0,0 +1,87 @@ +package ca + +import ( + "crypto/rsa" + "crypto/x509" + "encoding/pem" + "fmt" + "os" + "time" + + "github.com/spf13/cobra" + "src.lwithers.me.uk/go/rsa/pkg/ca" + "src.lwithers.me.uk/go/rsa/pkg/pemfile" +) + +// Sign one or more CSRs. +func Sign(cmd *cobra.Command, args []string) { + csrFilename := args[0] + from, until := signingDates(365 * 24 * time.Hour) + + // open the CA + ca, err := ca.Open(dir) + if err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(1) + } + + // parse the CSR + csr, err := pemfile.ReadCSR(csrFilename) + if err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(1) + } + pubKey, ok := csr.PublicKey.(*rsa.PublicKey) + if !ok { + fmt.Fprintf(os.Stderr, "%s: public key is not RSA\n", csrFilename) + os.Exit(1) + } + + // build the certificate template + var ( + keyUsage x509.KeyUsage + extKeyUsage []x509.ExtKeyUsage + ) + switch { + // TODO: CLI flags + case len(csr.DNSNames) == 0 && len(csr.IPAddresses) == 0: + extKeyUsage = append(extKeyUsage, x509.ExtKeyUsageClientAuth) + default: + extKeyUsage = append(extKeyUsage, x509.ExtKeyUsageServerAuth) + } + + template := &x509.Certificate{ + KeyUsage: keyUsage, + ExtKeyUsage: extKeyUsage, + Subject: csr.Subject, + NotBefore: from, + NotAfter: until, + DNSNames: csr.DNSNames, + IPAddresses: csr.IPAddresses, + } + + // sign the certificate + cert, auditDir, err := ca.Sign(template, pubKey) + if err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(1) + } + raw := pem.EncodeToMemory(&pem.Block{ + Type: pemfile.TypeX509Certificate, + Bytes: cert.Raw, + }) + + // TODO: copy CSR to audit dir + _ = auditDir + + // write CSR to output file + switch outputFilename { + case "", "-": + os.Stdout.Write(raw) + default: + if err := os.WriteFile(outputFilename, raw, 0600); err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(1) + } + } +} diff --git a/cmd/csr/csr.go b/cmd/csr/csr.go new file mode 100644 index 0000000..1eea8c2 --- /dev/null +++ b/cmd/csr/csr.go @@ -0,0 +1,87 @@ +package csr + +import ( + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "fmt" + "net" + "os" + + "github.com/spf13/cobra" + "src.lwithers.me.uk/go/rsa/pkg/pemfile" +) + +var ( + outputFile string + hostnames []string + ips []string +) + +// Register the "keygen" subcommand. +func Register(root *cobra.Command) { + cmd := &cobra.Command{ + Use: "csr key.pem \"description (common name)\"", + Short: "Generate a certificate signing request", + Run: CSR, + Args: cobra.ExactArgs(2), + } + + cmd.Flags().StringVarP(&outputFile, "output", "o", "", "Name of output file (defaults to stdout)") + cmd.Flags().StringArrayVar(&hostnames, "host", nil, "Subject alternate name (may be specified multiple times)") + cmd.Flags().StringArrayVar(&ips, "ip", nil, "IP address (may be specified multiple times)") + + root.AddCommand(cmd) +} + +// CSR will load a private key, then write out and generate a CSR. +func CSR(cmd *cobra.Command, args []string) { + keyFile := args[0] + desc := args[1] + + key, err := pemfile.ReadKey(keyFile) + if err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(1) + } + + var ipAddrs []net.IP + for _, ip := range ips { + i := net.ParseIP(ip) + if i == nil { + fmt.Fprintf(os.Stderr, "--ip argument %q is not valid\n", ip) + os.Exit(1) + } + ipAddrs = append(ipAddrs, i) + } + + template := &x509.CertificateRequest{ + Subject: pkix.Name{ + CommonName: desc, + }, + DNSNames: hostnames, + IPAddresses: ipAddrs, + } + der, err := x509.CreateCertificateRequest(rand.Reader, template, key) + if err != nil { + fmt.Fprintf(os.Stderr, "failed to create certificate signing request: %v\n", err) + os.Exit(1) + } + + raw := pem.EncodeToMemory(&pem.Block{ + Type: pemfile.TypeX509CSR, + Bytes: der, + }) + + switch outputFile { + case "", "-": + os.Stdout.Write(raw) + + default: + if err := os.WriteFile(outputFile, raw, 0600); err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(1) + } + } +} diff --git a/cmd/inspect/display_coloured.go b/cmd/inspect/display_coloured.go new file mode 100644 index 0000000..5b9022d --- /dev/null +++ b/cmd/inspect/display_coloured.go @@ -0,0 +1,111 @@ +package inspect + +import ( + "fmt" + "os" + "strings" + "time" + "unicode/utf8" + + "github.com/logrusorgru/aurora/v4" + "src.lwithers.me.uk/go/rsa/pkg/inspect" +) + +var ( + displayedFingerprints = map[string]int{} +) + +func displayColoured(src string, info []inspect.Info) { + // compute max key length, for nicely aligning columns + var maxKey int + for _, item := range info { + for _, section := range item.Info() { + for _, field := range section.Fields { + l := utf8.RuneCountInString(field.Key) + if l > maxKey { + maxKey = l + } + } + } + } + + // output options + var auroraHyper bool + switch os.Getenv("TERM") { + case "xterm-kitty": + auroraHyper = true + } + a := aurora.New(aurora.WithColors(true), aurora.WithHyperlinks(auroraHyper)) + + // display loop + for _, item := range info { + fmt.Printf("════════ %s:%s ════════\n", + a.BrightBlue(src), a.Blue(item.Location())) + for _, section := range item.Info() { + fmt.Println(aurora.Underline(section.Title)) + for _, field := range section.Fields { + fmt.Printf(" %*s: ", maxKey, a.Yellow(field.Key)) + switch v := field.Value.(type) { + case int: + fmt.Print(a.Blue(v)) + + case bool: + fmt.Print(a.Blue(v)) + + case time.Time: + var note string + switch { + case strings.Contains(field.Key, "from"): + if v.After(time.Now()) { + note = aurora.Red("not valid yet").String() + } else { + note = aurora.Green("ok").String() + } + case strings.Contains(field.Key, "until"): + if v.After(time.Now()) { + note = aurora.Green("ok").String() + } else { + note = aurora.Red("expired").String() + } + } + + fmt.Printf("%s %s", v.Format(time.RFC3339), note) + + case []string: + for i, s := range v { + fmt.Print(s) + if i < len(v)-1 { + fmt.Printf("\n%*s", maxKey+4, "") + } + } + + case inspect.Fingerprint: + f := v.String() + fidx := displayedFingerprints[f] + var firstSeen bool + if fidx == 0 { + firstSeen = true + fidx = 1 + len(displayedFingerprints) + displayedFingerprints[f] = fidx + } + + var note string + if firstSeen { + note = fmt.Sprintf("#%d %s", a.Blue(fidx), + a.Magenta("first occurrence")) + } else { + note = fmt.Sprintf("#%d %s", a.Blue(fidx), + a.Green("already seen")) + } + + fmt.Printf("%v [%s]", f, note) + + default: + fmt.Print(v) + } + fmt.Println("") + } + } + fmt.Println("") + } +} diff --git a/cmd/inspect/inspect.go b/cmd/inspect/inspect.go new file mode 100644 index 0000000..4814fca --- /dev/null +++ b/cmd/inspect/inspect.go @@ -0,0 +1,162 @@ +package inspect + +import ( + "context" + "crypto/tls" + "errors" + "net" + "net/url" + "os" + "strings" + "time" + + "github.com/mattn/go-isatty" + "github.com/spf13/cobra" + "src.lwithers.me.uk/go/rsa/pkg/inspect" +) + +var ( + outputFormat string = "text" + display func(src string, info []inspect.Info) +) + +// Register the "keygen" subcommand. +func Register(root *cobra.Command) { + cmd := &cobra.Command{ + Use: "inspect", + Short: "Inspect files and TLS servers", + RunE: Inspect, + Args: cobra.MinimumNArgs(1), + } + + if isatty.IsTerminal(1) { + outputFormat = "coloured" + } + + cmd.Flags().StringVarP(&outputFormat, "output", "o", outputFormat, + "Output format (coloured, text, json, yaml)") + + root.AddCommand(cmd) +} + +// Keygen will generate a new RSA private key and save it to a file. +func Inspect(cmd *cobra.Command, args []string) error { + switch outputFormat { + case "coloured": + display = displayColoured + case "text": + display = displayText + case "json": + display = displayJSON + case "yaml": + display = displayYAML + default: + return errors.New("invalid --output format (try: coloured, text, json or yaml)") + } + + for _, arg := range args { + switch { + case arg == "-": + inspectStdin() + + case strings.HasPrefix(arg, "https://"): + inspectHTTPS(arg) + + case strings.IndexByte(arg, ':') != 0: + _, _, err := net.SplitHostPort(arg) + if err == nil { + inspectHost(arg) + break + } + fallthrough + + default: + inspectFile(arg) + } + } + return nil +} + +func inspectStdin() { + // TODO +} + +func inspectHTTPS(addr string) { + u, err := url.Parse(addr) + if err != nil { + // TODO + } + + inspectHost(u.Host) + // TODO: need to add default port +} + +func inspectHost(addr string) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // TODO: context dial + + conn, err := tls.Dial("tcp", addr, &tls.Config{ + // we want to skip verification so we can inspect invalid certs too + InsecureSkipVerify: true, + + // we only enable RSA ciphersuites, but we do allow old ones, again + // so that we can report about bad / invalid servers + CipherSuites: []uint16{ + tls.TLS_RSA_WITH_RC4_128_SHA, + tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, + tls.TLS_RSA_WITH_AES_128_CBC_SHA, + tls.TLS_RSA_WITH_AES_256_CBC_SHA, + tls.TLS_RSA_WITH_AES_128_CBC_SHA256, + tls.TLS_RSA_WITH_AES_128_GCM_SHA256, + tls.TLS_RSA_WITH_AES_256_GCM_SHA384, + tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, + tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + tls.TLS_AES_128_GCM_SHA256, + tls.TLS_AES_256_GCM_SHA384, + tls.TLS_CHACHA20_POLY1305_SHA256, + }, + + // we enable TLSv1.0 so that we can complain about it + MinVersion: tls.VersionTLS10, + }) + if err != nil { + // TODO + } + + if err := conn.HandshakeContext(ctx); err != nil { + // TODO + } + + display(addr, inspect.ConnectionState(conn.ConnectionState())) +} + +func inspectFile(filename string) { + raw, err := os.ReadFile(filename) + if err != nil { + // TODO + } + + info := inspect.LoadPEM(raw) + if len(info) == 0 { + // TODO + } + + display(filename, info) +} + +func displayText(src string, info []inspect.Info) { +} + +func displayJSON(src string, info []inspect.Info) { +} + +func displayYAML(src string, info []inspect.Info) { +} diff --git a/cmd/keygen/keygen.go b/cmd/keygen/keygen.go new file mode 100644 index 0000000..1573565 --- /dev/null +++ b/cmd/keygen/keygen.go @@ -0,0 +1,72 @@ +package keygen + +import ( + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "encoding/pem" + "fmt" + "os" + + "github.com/spf13/cobra" + "src.lwithers.me.uk/go/rsa/pkg/pemfile" +) + +var ( + bits int + pkcs1 bool +) + +// Register the "keygen" subcommand. +func Register(root *cobra.Command) { + cmd := &cobra.Command{ + Use: "keygen", + Short: "Generate a new private key and save to file", + Run: Keygen, + Args: cobra.ExactArgs(1), + } + + cmd.Flags().IntVarP(&bits, "bits", "b", 3072, "Key size in bits") + cmd.Flags().BoolVarP(&pkcs1, "pkcs1", "", false, "Write key as PKCS#1 rather than PKCS#8") + + root.AddCommand(cmd) +} + +// Keygen will generate a new RSA private key and save it to a file. +func Keygen(cmd *cobra.Command, args []string) { + filename := args[0] + + key, err := rsa.GenerateKey(rand.Reader, bits) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to generate new key (%d bits): %v\n", bits, err) + os.Exit(1) + } + + // prepare DER-form data + var der []byte + if pkcs1 { + der = x509.MarshalPKCS1PrivateKey(key) + } else { + der, err = x509.MarshalPKCS8PrivateKey(key) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to marshal PKCS#8 private key: %v\n", err) + os.Exit(1) + } + } + + // prepare PEM-form data + typ := pemfile.TypePKCS8PrivateKey + if pkcs1 { + typ = pemfile.TypePKCS1PrivateKey + } + x509raw := pem.EncodeToMemory(&pem.Block{ + Type: typ, + Bytes: der, + }) + + // write to file + if err := os.WriteFile(filename, x509raw, 0600); err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(1) + } +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..7bad87a --- /dev/null +++ b/go.mod @@ -0,0 +1,17 @@ +module src.lwithers.me.uk/go/rsa + +go 1.20 + +require ( + github.com/logrusorgru/aurora/v4 v4.0.0 + github.com/mattn/go-isatty v0.0.17 + github.com/spf13/cobra v1.6.1 + src.lwithers.me.uk/go/rsa/pkg v1.0.0 +) + +require ( + github.com/inconshreveable/mousetrap v1.0.1 // indirect + github.com/spf13/pflag v1.0.5 // indirect + golang.org/x/sys v0.5.0 // indirect + src.lwithers.me.uk/go/writefile v1.0.1 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..385b012 --- /dev/null +++ b/go.sum @@ -0,0 +1,26 @@ +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= +github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/logrusorgru/aurora/v4 v4.0.0 h1:sRjfPpun/63iADiSvGGjgA1cAYegEWMPCJdUpJYn9JA= +github.com/logrusorgru/aurora/v4 v4.0.0/go.mod h1:lP0iIa2nrnT/qoFXcOZSrZQpJ1o6n2CUf/hyHi2Q4ZQ= +github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= +github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= +github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +src.lwithers.me.uk/go/rsa/pkg v1.0.0 h1:JDJDlml1GfJE/jyiqhXhqkInQRVs/t3MvsRXWNEWPVs= +src.lwithers.me.uk/go/rsa/pkg v1.0.0/go.mod h1:nZra8VAzQIbrQg2L6ev2BRQxvnpu7FBxfMtBrZ1ksek= +src.lwithers.me.uk/go/writefile v1.0.1 h1:bwBGtvyZfCxFIM14e1aYgJWlZuowKkwJx53OJlUPd0s= +src.lwithers.me.uk/go/writefile v1.0.1/go.mod h1:NahlmRCtB7kg4ai+zHZgxXdUs+MR8VqWG8mql35TsxA= diff --git a/main.go b/main.go new file mode 100644 index 0000000..4a7f40a --- /dev/null +++ b/main.go @@ -0,0 +1,28 @@ +package main + +import ( + "os" + + "github.com/spf13/cobra" + "src.lwithers.me.uk/go/rsa/cmd/ca" + "src.lwithers.me.uk/go/rsa/cmd/csr" + "src.lwithers.me.uk/go/rsa/cmd/inspect" + "src.lwithers.me.uk/go/rsa/cmd/keygen" +) + +func main() { + root := &cobra.Command{ + Use: "rsa", + Short: "RSA key and certificate manipulation", + } + + inspect.Register(root) + keygen.Register(root) + csr.Register(root) + ca.Register(root) + + if err := root.Execute(); err != nil { + // error will already have been displayed + os.Exit(1) + } +}