github.com/hellobchain/third_party@v0.0.0-20230331131523-deb0478a2e52/cloudflare/cfssl/cli/config.go (about) 1 package cli 2 3 import ( 4 "flag" 5 "time" 6 7 "github.com/hellobchain/third_party/cloudflare/cfssl/config" 8 "github.com/hellobchain/third_party/cloudflare/cfssl/helpers" 9 "github.com/hellobchain/third_party/cloudflare/cfssl/log" 10 "github.com/hellobchain/third_party/cloudflare/cfssl/signer/universal" 11 ) 12 13 // Config is a type to hold flag values used by cfssl commands. 14 type Config struct { 15 Hostname string 16 CertFile string 17 CSRFile string 18 CAFile string 19 CAKeyFile string 20 TLSCertFile string 21 TLSKeyFile string 22 MutualTLSCAFile string 23 MutualTLSCNRegex string 24 TLSRemoteCAs string 25 MutualTLSCertFile string 26 MutualTLSKeyFile string 27 KeyFile string 28 IntermediatesFile string 29 CABundleFile string 30 IntBundleFile string 31 Address string 32 Port int 33 Password string 34 ConfigFile string 35 CFG *config.Config 36 Profile string 37 IsCA bool 38 RenewCA bool 39 IntDir string 40 Flavor string 41 Metadata string 42 Domain string 43 IP string 44 Remote string 45 Label string 46 AuthKey string 47 ResponderFile string 48 ResponderKeyFile string 49 Status string 50 Reason string 51 RevokedAt string 52 Interval time.Duration 53 List bool 54 Family string 55 Timeout time.Duration 56 Scanner string 57 CSVFile string 58 NumWorkers int 59 MaxHosts int 60 Responses string 61 Path string 62 CRL string 63 Usage string 64 PGPPrivate string 65 PGPName string 66 Serial string 67 CNOverride string 68 AKI string 69 DBConfigFile string 70 CRLExpiration time.Duration 71 } 72 73 // registerFlags defines all cfssl command flags and associates their values with variables. 74 func registerFlags(c *Config, f *flag.FlagSet) { 75 f.StringVar(&c.Hostname, "hostname", "", "Hostname for the cert, could be a comma-separated hostname list") 76 f.StringVar(&c.CertFile, "cert", "", "Client certificate that contains the public key") 77 f.StringVar(&c.CSRFile, "csr", "", "Certificate signature request file for new public key") 78 f.StringVar(&c.CAFile, "ca", "", "CA used to sign the new certificate -- accepts '[file:]fname' or 'env:varname'") 79 f.StringVar(&c.CAKeyFile, "ca-key", "", "CA private key -- accepts '[file:]fname' or 'env:varname'") 80 f.StringVar(&c.TLSCertFile, "tls-cert", "", "Other endpoint CA to set up TLS protocol") 81 f.StringVar(&c.TLSKeyFile, "tls-key", "", "Other endpoint CA private key") 82 f.StringVar(&c.MutualTLSCAFile, "mutual-tls-ca", "", "Mutual TLS - require clients be signed by this CA ") 83 f.StringVar(&c.MutualTLSCNRegex, "mutual-tls-cn", "", "Mutual TLS - regex for whitelist of allowed client CNs") 84 f.StringVar(&c.TLSRemoteCAs, "tls-remote-ca", "", "CAs to trust for remote TLS requests") 85 f.StringVar(&c.MutualTLSCertFile, "mutual-tls-client-cert", "", "Mutual TLS - client certificate to call remote instance requiring client certs") 86 f.StringVar(&c.MutualTLSKeyFile, "mutual-tls-client-key", "", "Mutual TLS - client key to call remote instance requiring client certs") 87 f.StringVar(&c.KeyFile, "key", "", "private key for the certificate") 88 f.StringVar(&c.IntermediatesFile, "intermediates", "", "intermediate certs") 89 f.StringVar(&c.CABundleFile, "ca-bundle", "", "path to root certificate store") 90 f.StringVar(&c.IntBundleFile, "int-bundle", "", "path to intermediate certificate store") 91 f.StringVar(&c.Address, "address", "127.0.0.1", "Address to bind") 92 f.IntVar(&c.Port, "port", 8888, "Port to bind") 93 f.StringVar(&c.ConfigFile, "config", "", "path to configuration file") 94 f.StringVar(&c.Profile, "profile", "", "signing profile to use") 95 f.BoolVar(&c.IsCA, "initca", false, "initialise new CA") 96 f.BoolVar(&c.RenewCA, "renewca", false, "re-generate a CA certificate from existing CA certificate/key") 97 f.StringVar(&c.IntDir, "int-dir", "", "specify intermediates directory") 98 f.StringVar(&c.Flavor, "flavor", "ubiquitous", "Bundle Flavor: ubiquitous, optimal and force.") 99 f.StringVar(&c.Metadata, "metadata", "", "Metadata file for root certificate presence. The content of the file is a json dictionary (k,v): each key k is SHA-1 digest of a root certificate while value v is a list of key store filenames.") 100 f.StringVar(&c.Domain, "domain", "", "remote server domain name") 101 f.StringVar(&c.IP, "ip", "", "remote server ip") 102 f.StringVar(&c.Remote, "remote", "", "remote CFSSL server") 103 f.StringVar(&c.Label, "label", "", "key label to use in remote CFSSL server") 104 f.StringVar(&c.AuthKey, "authkey", "", "key to authenticate requests to remote CFSSL server") 105 f.StringVar(&c.ResponderFile, "responder", "", "Certificate for OCSP responder") 106 f.StringVar(&c.ResponderKeyFile, "responder-key", "", "private key for OCSP responder certificate") 107 f.StringVar(&c.Status, "status", "good", "Status of the certificate: good, revoked, unknown") 108 f.StringVar(&c.Reason, "reason", "0", "Reason code for revocation") 109 f.StringVar(&c.RevokedAt, "revoked-at", "now", "Date of revocation (YYYY-MM-DD)") 110 f.DurationVar(&c.Interval, "interval", 4*helpers.OneDay, "Interval between OCSP updates (default: 96h)") 111 f.BoolVar(&c.List, "list", false, "list possible scanners") 112 f.StringVar(&c.Family, "family", "", "scanner family regular expression") 113 f.StringVar(&c.Scanner, "scanner", "", "scanner regular expression") 114 f.DurationVar(&c.Timeout, "timeout", 5*time.Minute, "duration (ns, us, ms, s, m, h) to scan each host before timing out") 115 f.StringVar(&c.CSVFile, "csv", "", "file containing CSV of hosts") 116 f.IntVar(&c.NumWorkers, "num-workers", 10, "number of workers to use for scan") 117 f.IntVar(&c.MaxHosts, "max-hosts", 100, "maximum number of hosts to scan") 118 f.StringVar(&c.Responses, "responses", "", "file to load OCSP responses from") 119 f.StringVar(&c.Path, "path", "/", "Path on which the server will listen") 120 f.StringVar(&c.CRL, "crl", "", "CRL URL Override") 121 f.StringVar(&c.Password, "password", "0", "Password for accessing PKCS #12 data passed to bundler") 122 f.StringVar(&c.Usage, "usage", "", "usage of private key") 123 f.StringVar(&c.PGPPrivate, "pgp-private", "", "file to load a PGP Private key decryption") 124 f.StringVar(&c.PGPName, "pgp-name", "", "PGP public key name, can be a comma-sepearted key name list") 125 f.StringVar(&c.Serial, "serial", "", "certificate serial number") 126 f.StringVar(&c.CNOverride, "cn", "", "certificate common name (CN)") 127 f.StringVar(&c.AKI, "aki", "", "certificate issuer (authority) key identifier") 128 f.StringVar(&c.DBConfigFile, "db-config", "", "certificate db configuration file") 129 f.DurationVar(&c.CRLExpiration, "expiry", 7*helpers.OneDay, "time from now after which the CRL will expire (default: one week)") 130 f.IntVar(&log.Level, "loglevel", log.LevelInfo, "Log level (0 = DEBUG, 5 = FATAL)") 131 } 132 133 // RootFromConfig returns a universal signer Root structure that can 134 // be used to produce a signer. 135 func RootFromConfig(c *Config) universal.Root { 136 return universal.Root{ 137 Config: map[string]string{ 138 "cert-file": c.CAFile, 139 "key-file": c.CAKeyFile, 140 }, 141 ForceRemote: c.Remote != "", 142 } 143 }