yats.git

commit 876360f046a2ffb85b1471b7a13bbea799acdfde

Author: Paolo Lulli <paolo@lulli.net>

Add configuration for CSR generation


 client/config/cli-config.go | 12 ++++
 client/main.go | 7 +++
 client/pki.go | 90 +++++++++++++++++++++++++++++++++++++++


diff --git a/client/config/cli-config.go b/client/config/cli-config.go
index 8b37c6d1b4a6e749581aae2949009243d434ec4a..9e44907dc20856bff8c6aed3cea73c6360af1b7a 100644
--- a/client/config/cli-config.go
+++ b/client/config/cli-config.go
@@ -17,12 +17,20 @@
 type ClientConfiguration struct {
 	Endpoint string `json:"endpoint"`
 	/*
-		Service  string `json:"service"`
-		Client   string `json:"client"`
+			Service  string `json:"service"`
+			Client   string `json:"client"`
+
+		   clientName string, organization string, organizationalUnit string, emailAddress string
+
 	*/
 	TlsKeyFile      string `json:"tlsKeyFile"`
 	TlsCertificate  string `json:"tlsCertificate"`
 	TlsVerifyServer string `json:"tlsVerifyServer"`
+
+	// For certificate request over PKI endpoint
+	ClientCnName       string `json:"clientCnName"`
+	ClientOrganization string `json:"clientOrganization"`
+	ClientEmail        string `json:"clientEmail"`
 }
 
 func GetClientConfig(fileName string) ClientConfiguration {




diff --git a/client/main.go b/client/main.go
index ec24c4bd83b5ec841fc9757f5200143d54e78127..c56a2adcf832d8d44d5d877379e09c543a65d39f 100644
--- a/client/main.go
+++ b/client/main.go
@@ -34,6 +34,8 @@
 	cfg := config.GetClientConfig(configPath)
 	var yatsClient = YatsClient{config: cfg}
 
+	generatePki := flag.BoolP("csr", "c", false, "Create Certificate Signing Request")
+
 	sourceOption := flag.StringP("source", "s", "", "Source Application")
 
 	isMetricOption := flag.BoolP("metric", "m", false, "Metric Mode")
@@ -65,6 +67,11 @@ 			fmt.Printf("%s", listResponse)
 		} else {
 			fmt.Println(err)
 		}
+		os.Exit(0)
+	}
+
+	if *generatePki {
+		yatsClient.CreateCsr()
 		os.Exit(0)
 	}
 




diff --git a/client/pki.go b/client/pki.go
new file mode 100644
index 0000000000000000000000000000000000000000..a0b1415e771b4c1afcba3b6227b2abe3c73a214f
--- /dev/null
+++ b/client/pki.go
@@ -0,0 +1,90 @@
+package main
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/asn1"
+	"encoding/pem"
+	"fmt"
+	"os"
+)
+
+func fileExists(fileName string) bool {
+	_, error := os.Stat(fileName)
+
+	if os.IsNotExist(error) {
+		return false
+	}
+	return true
+}
+
+func (c *YatsClient) CreateCsr() ([]byte, error) {
+	var oidEmailAddress = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1}
+
+	if fileExists(c.config.TlsKeyFile) {
+		fmt.Printf("Private key file already exists: %v\n", c.config.TlsKeyFile)
+		os.Exit(-1)
+	}
+
+	if fileExists(c.config.TlsCertificate) {
+		fmt.Printf("Certificate file already exists: %v\n", c.config.TlsKeyFile)
+		os.Exit(-1)
+	}
+
+	if ("" == c.config.ClientCnName) || ("" == c.config.ClientOrganization) || ("" == c.config.ClientCnName) {
+		fmt.Printf("Client name: [%v], organization: [%v], email address: [%v]\n", c.config.ClientCnName, c.config.ClientOrganization, c.config.ClientCnName)
+		fmt.Println("No param can be empty, exiting")
+		os.Exit(-1)
+	}
+
+	keyBytes, _ := rsa.GenerateKey(rand.Reader, 1024)
+	pemdata := pem.EncodeToMemory(
+		&pem.Block{
+			Type:  "RSA PRIVATE KEY",
+			Bytes: x509.MarshalPKCS1PrivateKey(keyBytes),
+		},
+	)
+
+	os.WriteFile(c.config.TlsKeyFile, pemdata, 0644)
+
+	subj := pkix.Name{
+		CommonName: c.config.ClientCnName,
+		/*
+			Country:            []string{"AU"},
+			Province:           []string{"Some-State"},
+			Locality:           []string{"MyCity"},
+		*/
+		Organization: []string{c.config.ClientOrganization},
+		//OrganizationalUnit: []string{organizationalUnit},
+
+		ExtraNames: []pkix.AttributeTypeAndValue{
+			{
+				Type: oidEmailAddress,
+				Value: asn1.RawValue{
+					Tag:   asn1.TagIA5String,
+					Bytes: []byte(c.config.ClientCnName),
+				},
+			},
+		},
+	}
+
+	template := x509.CertificateRequest{
+		Subject:            subj,
+		SignatureAlgorithm: x509.SHA256WithRSA,
+	}
+
+	csrBytes, _ := x509.CreateCertificateRequest(rand.Reader, &template, keyBytes)
+	pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE REQUEST", Bytes: csrBytes})
+
+	pemcsrdata := pem.EncodeToMemory(
+		&pem.Block{
+			Type:  "CERTIFICATE REQUEST",
+			Bytes: csrBytes,
+		},
+	)
+
+	os.WriteFile("csr.pem", pemcsrdata, 0644)
+	return pemcsrdata, nil
+}