1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
use clap::Parser;
use hancock::*;
use std::path::Path;
mod cli;
use crate::cli::*;
fn main() {
let cli = dbg!(Cli::parse());
match cli.command {
Commands::Init(args) => init(args),
Commands::Issue(args) => issue(args),
}
}
fn init(args: Init) {
let base_dir = path::base_dir(&args.base_dir);
let key_type = match args.key_type.to_uppercase().as_str() {
"RSA" => KeyType::Rsa(args.key_length),
"ECDSA" => KeyType::Ecdsa,
_ => panic!("key_type not ECDSA or RSA after validation. This should never happen"),
};
let pkey_path = path::ca_pkey(&base_dir, key_type);
let pkey = match Path::new(&pkey_path).exists() {
true => pkey::read_pkey(&pkey_path, args.password),
false => {
let pkey = pkey::generate_pkey(key_type);
pkey::save_pkey(&pkey_path, &pkey, args.password);
pkey
}
};
let cert_path = path::ca_crt(&base_dir, key_type);
if !Path::new(&cert_path).exists() {
let cert = root::generate_root_cert(
args.lifetime,
&args.common_name,
&args.country,
&args.state,
&args.locality,
&args.organization,
&args.organizational_unit,
&pkey,
);
cert::save_cert(&cert_path, &cert);
}
}
fn issue(args: Issue) {
let base_dir = path::base_dir(&args.base_dir);
let key_type = match args.key_type.to_uppercase().as_str() {
"RSA" => KeyType::Rsa(args.key_length),
"ECDSA" => KeyType::Ecdsa,
_ => panic!("key_type not ECDSA or RSA after validation. This should never happen"),
};
let ca_pkey_path = path::ca_pkey(&base_dir, key_type);
let ca_pkey = match Path::new(&ca_pkey_path).exists() {
true => pkey::read_pkey(&ca_pkey_path, args.password),
false => {
let pkey = pkey::generate_pkey(key_type);
pkey::save_pkey(&ca_pkey_path, &pkey, args.password);
pkey
}
};
let ca_cert_path = path::ca_crt(&base_dir, key_type);
let ca_cert = cert::read_cert(&ca_cert_path);
let pkey_path = path::cert_pkey(&base_dir, &args.common_name, key_type);
let pkey = match Path::new(&pkey_path).exists() {
true => pkey::read_pkey(&pkey_path, None),
false => {
let pkey = pkey::generate_pkey(key_type);
pkey::save_pkey(&pkey_path, &pkey, None);
pkey
}
};
let x509_req_path = path::cert_csr(&base_dir, &args.common_name, key_type);
let x509_req = match Path::new(&x509_req_path).exists() {
true => req::read_req(&x509_req_path),
false => {
let req = req::generate_req(
&Some(args.common_name.clone()),
&args.country,
&args.state,
&args.locality,
&args.organization,
&args.organizational_unit,
&pkey,
);
req::save_req(&x509_req_path, &req);
req
}
};
let cert = cert::generate_cert(args.lifetime, &x509_req, &ca_cert, &ca_pkey);
cert::save_cert(
&path::cert_crt(&base_dir, &args.common_name, key_type),
&cert,
);
}
|
