Etusivu Tutki Apua
Kirjaudu sisään
cloudflare
/
cfssl
peilaus alkaen https://github.com/cloudflare/cfssl
Tarkkaile 1
Äänestä 0
Fork 0
Tiedostot Ongelmat
Puu: f6cb3e8a12
Branchit Tagit
cfssl
/
cli
/
crl
/
crl.go

crl.go 2.3 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106 
  1. // Package crl implements the crl command
    2. 

  2. package crl
    3. 

  3. 

  4. import (
    5. 

  5. 	"os"
    6. 

  6. 

  7. 	"github.com/cloudflare/cfssl/certdb/dbconf"
    8. 

  8. 	certsql "github.com/cloudflare/cfssl/certdb/sql"
    9. 

  9. 	"github.com/cloudflare/cfssl/cli"
    10. 

  10. 	"github.com/cloudflare/cfssl/crl"
    11. 

  11. 	cferr "github.com/cloudflare/cfssl/errors"
    12. 

  12. 	"github.com/cloudflare/cfssl/helpers"
    13. 

  13. 	"github.com/cloudflare/cfssl/log"
    14. 

  14. 

  15. 	"github.com/jmoiron/sqlx"
    16. 

  16. )
    17. 

  17. 

  18. var crlUsageText = `cfssl crl -- generate a new Certificate Revocation List from Database
    19. 

  19. 

  20. Usage of crl:
    21. 

  21.         cfssl crl
    22. 

  22. 

  23. Flags:
    24. 

  24. `
    25. 

  25. var crlFlags = []string{"db-config", "ca", "ca-key", "expiry"}
    26. 

  26. 

  27. func generateCRL(c cli.Config) (crlBytes []byte, err error) {
    28. 

  28. 	if c.CAFile == "" {
    29. 

  29. 		log.Error("need CA certificate (provide one with -ca)")
    30. 

  30. 		return
    31. 

  31. 	}
    32. 

  32. 

  33. 	if c.CAKeyFile == "" {
    34. 

  34. 		log.Error("need CA key (provide one with -ca-key)")
    35. 

  35. 		return
    36. 

  36. 	}
    37. 

  37. 

  38. 	var db *sqlx.DB
    39. 

  39. 	if c.DBConfigFile != "" {
    40. 

  40. 		db, err = dbconf.DBFromConfig(c.DBConfigFile)
    41. 

  41. 		if err != nil {
    42. 

  42. 			return nil, err
    43. 

  43. 		}
    44. 

  44. 	} else {
    45. 

  45. 		log.Error("no Database specified!")
    46. 

  46. 		return nil, err
    47. 

  47. 	}
    48. 

  48. 

  49. 	dbAccessor := certsql.NewAccessor(db)
    50. 

  50. 

  51. 	log.Debug("loading CA: ", c.CAFile)
    52. 

  52. 	ca, err := helpers.ReadBytes(c.CAFile)
    53. 

  53. 	if err != nil {
    54. 

  54. 		return nil, err
    55. 

  55. 	}
    56. 

  56. 	log.Debug("loading CA key: ", c.CAKeyFile)
    57. 

  57. 	cakey, err := helpers.ReadBytes(c.CAKeyFile)
    58. 

  58. 	if err != nil {
    59. 

  59. 		return nil, cferr.Wrap(cferr.CertificateError, cferr.ReadFailed, err)
    60. 

  60. 	}
    61. 

  61. 

  62. 	// Parse the PEM encoded certificate
    63. 

  63. 	issuerCert, err := helpers.ParseCertificatePEM(ca)
    64. 

  64. 	if err != nil {
    65. 

  65. 		return nil, err
    66. 

  66. 	}
    67. 

  67. 

  68. 	strPassword := os.Getenv("CFSSL_CA_PK_PASSWORD")
    69. 

  69. 	password := []byte(strPassword)
    70. 

  70. 	if strPassword == "" {
    71. 

  71. 		password = nil
    72. 

  72. 	}
    73. 

  73. 

  74. 	// Parse the key given
    75. 

  75. 	key, err := helpers.ParsePrivateKeyPEMWithPassword(cakey, password)
    76. 

  76. 	if err != nil {
    77. 

  77. 		log.Debugf("malformed private key %v", err)
    78. 

  78. 		return nil, err
    79. 

  79. 	}
    80. 

  80. 

  81. 	certs, err := dbAccessor.GetRevokedAndUnexpiredCertificates()
    82. 

  82. 	if err != nil {
    83. 

  83. 		return nil, err
    84. 

  84. 	}
    85. 

  85. 

  86. 	req, err := crl.NewCRLFromDB(certs, issuerCert, key, c.CRLExpiration)
    87. 

  87. 	if err != nil {
    88. 

  88. 		return nil, err
    89. 

  89. 	}
    90. 

  90. 

  91. 	return req, nil
    92. 

  92. }
    93. 

  93. 

  94. func crlMain(args []string, c cli.Config) (err error) {
    95. 

  95. 	req, err := generateCRL(c)
    96. 

  96. 	if err != nil {
    97. 

  97. 		return err
    98. 

  98. 	}
    99. 

  99. 

  100. 	cli.PrintCRL(req)
    101. 

  101. 	return
    102. 

  102. }
    103. 

  103. 

  104. // Command assembles the definition of Command 'crl'
    105. 

  105. var Command = &cli.Command{UsageText: crlUsageText, Flags: crlFlags, Main: crlMain}
    106. 

  106.