istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/tools/generate_csr/main.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/tools/generate_csr/main.go (about)

     1  // Copyright Istio Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Provide a tool to generate X.509 CSR with different options.
    16  
    17  package main
    18  
    19  import (
    20  	"flag"
    21  	"fmt"
    22  	"os"
    23  
    24  	"istio.io/istio/pkg/log"
    25  	"istio.io/istio/security/pkg/pki/util"
    26  )
    27  
    28  var (
    29  	host    = flag.String("host", "", "Comma-separated hostnames and IPs to generate a certificate for.")
    30  	org     = flag.String("organization", "Juju org", "Organization for the cert.")
    31  	outCsr  = flag.String("out-csr", "csr.pem", "Output csr file.")
    32  	outPriv = flag.String("out-priv", "priv.pem", "Output private key file.")
    33  	keySize = flag.Int("key-size", 2048, "Size of the generated private key")
    34  	ec      = flag.String("ec-sig-alg", "", "Generate an elliptical curve private key with the specified algorithm")
    35  	curve   = flag.String("curve", "P256", "Specify the elliptic curve to use to generate an elliptical curve private key")
    36  )
    37  
    38  func saveCreds(csrPem []byte, privPem []byte) {
    39  	err := os.WriteFile(*outCsr, csrPem, 0o644)
    40  	if err != nil {
    41  		log.Fatalf("Could not write output certificate request: %s.", err)
    42  	}
    43  
    44  	err = os.WriteFile(*outPriv, privPem, 0o600)
    45  	if err != nil {
    46  		log.Fatalf("Could not write output private key: %s.", err)
    47  	}
    48  }
    49  
    50  func main() {
    51  	flag.Parse()
    52  
    53  	csrPem, privPem, err := util.GenCSR(util.CertOptions{
    54  		Host:       *host,
    55  		Org:        *org,
    56  		RSAKeySize: *keySize,
    57  		ECSigAlg:   util.SupportedECSignatureAlgorithms(*ec),
    58  		ECCCurve:   util.SupportedEllipticCurves(*curve),
    59  	})
    60  	if err != nil {
    61  		log.Fatalf("Failed to generate CSR: %s.", err)
    62  	}
    63  
    64  	saveCreds(csrPem, privPem)
    65  	fmt.Printf("Certificate and private files successfully saved in %s and %s\n", *outCsr, *outPriv)
    66  }