From 990de8622c8b45476d129272ec2a3080635a0e45 Mon Sep 17 00:00:00 2001 From: GrĂ©goire DuchĂȘne Date: Sun, 16 Aug 2020 13:49:57 +0100 Subject: Add support for more certificate use cases This adds support for code signing certificates through a `usage' flag, which can be specified multiple times. --- README.md | 1 + main.go | 22 +++++++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 835f12c..6ba3055 100644 --- a/README.md +++ b/README.md @@ -29,5 +29,6 @@ $ gencert cert \ -cn 'My Server' \ -d $((10 * 24))h \ -dns www.example.com \ + -usage server-auth \ -out ~/out/my-site ``` diff --git a/main.go b/main.go index 455842d..90d79a7 100644 --- a/main.go +++ b/main.go @@ -78,6 +78,7 @@ var ( out string unit StringListFlag until TimeFlag + usages = StringListFlag{"server-auth"} ) func init() { @@ -96,6 +97,10 @@ func init() { certFlags.StringVar(&caName, "ca", "", "base name for the CA files") certFlags.Var(&dnsNames, "dns", "DNS name") certFlags.Var(&ips, "ip", "IP address") + certFlags.Var(&usages, "usage", `how the certificate will be used: + - code-signing + - server-auth +`) flag.Usage = func() { fmt.Fprintf(flag.CommandLine.Output(), `%s is a tool for generating certificates. @@ -119,7 +124,22 @@ func extKeyUsage() []x509.ExtKeyUsage { if os.Args[1] == "ca" { return nil } - return []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth} + s := map[string]x509.ExtKeyUsage{} + for _, e := range usages { + switch e { + case "code-signing": + s[e] = x509.ExtKeyUsageCodeSigning + case "server-auth": + s[e] = x509.ExtKeyUsageServerAuth + default: + log.Fatalln("error: unknown key usage:", e) + } + } + es := []x509.ExtKeyUsage{} + for _, e := range s { + es = append(es, e) + } + return es } func keyUsage() x509.KeyUsage { -- cgit v1.2.3-70-g09d2