diff options
| author | Grégoire Duchêne <gduchene@awhk.org> | 2020-08-16 13:49:57 +0100 |
|---|---|---|
| committer | Grégoire Duchêne <gduchene@awhk.org> | 2020-08-16 13:49:57 +0100 |
| commit | 990de8622c8b45476d129272ec2a3080635a0e45 (patch) | |
| tree | 5ba716b8b4fd75ccf20b8e02518cfd72f1900374 | |
| parent | 7fee28764127f855966fcb315922b415de8ecf75 (diff) | |
Add support for more certificate use cases
This adds support for code signing certificates through a `usage' flag,
which can be specified multiple times.
| -rw-r--r-- | README.md | 1 | ||||
| -rw-r--r-- | main.go | 22 |
2 files changed, 22 insertions, 1 deletions
@@ -29,5 +29,6 @@ $ gencert cert \ -cn 'My Server' \ -d $((10 * 24))h \ -dns www.example.com \ + -usage server-auth \ -out ~/out/my-site ``` @@ -78,6 +78,7 @@ var ( out string unit StringListFlag until TimeFlag + usages = StringListFlag{"server-auth"} ) func init() { @@ -96,6 +97,10 @@ func init() { certFlags.StringVar(&caName, "ca", "", "base name for the CA files") certFlags.Var(&dnsNames, "dns", "DNS name") certFlags.Var(&ips, "ip", "IP address") + certFlags.Var(&usages, "usage", `how the certificate will be used: + - code-signing + - server-auth +`) flag.Usage = func() { fmt.Fprintf(flag.CommandLine.Output(), `%s is a tool for generating certificates. @@ -119,7 +124,22 @@ func extKeyUsage() []x509.ExtKeyUsage { if os.Args[1] == "ca" { return nil } - return []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth} + s := map[string]x509.ExtKeyUsage{} + for _, e := range usages { + switch e { + case "code-signing": + s[e] = x509.ExtKeyUsageCodeSigning + case "server-auth": + s[e] = x509.ExtKeyUsageServerAuth + default: + log.Fatalln("error: unknown key usage:", e) + } + } + es := []x509.ExtKeyUsage{} + for _, e := range s { + es = append(es, e) + } + return es } func keyUsage() x509.KeyUsage { |