@@ -34,6 +34,49 @@ func main() {
3434 app .Usage = "Simple Certificate Authority"
3535 app .Version = version
3636 app .Commands = []* cli.Command {
37+ {
38+ Name : "crl" ,
39+ Usage : "Create/Update a certificate revogation list (CRL)" ,
40+ Flags : []cli.Flag {
41+ & cli.StringFlag {
42+ Name : "ca-cert" ,
43+ Usage : "Certificate authority certificate file `NAME`" ,
44+ Required : true ,
45+ },
46+ & cli.StringFlag {
47+ Name : "ca-key" ,
48+ Usage : "Certificare authority private key file `NAME`" ,
49+ },
50+ & cli.StringFlag {
51+ Name : "ca-password" ,
52+ Usage : "private key password" ,
53+ },
54+ & cli.IntFlag {
55+ Name : "validity" ,
56+ Usage : "Validity time in `days` (0 to copy certificate authority validity)" ,
57+ Value : 7 ,
58+ Action : func (ctx * cli.Context , validity int ) error {
59+ if validity < 1 {
60+ return fmt .Errorf ("validity must be a positive number" )
61+ }
62+ return nil
63+ },
64+ },
65+ & cli.StringSliceFlag {
66+ Name : "cert" ,
67+ Usage : "Certificate to be included on CRL" ,
68+ },
69+ & cli.StringFlag {
70+ Name : "in" ,
71+ Usage : "Certificate revogation list input file `NAME`" ,
72+ },
73+ & cli.StringFlag {
74+ Name : "out" ,
75+ Usage : "Certificate revogation list output file `NAME`" ,
76+ },
77+ },
78+ Action : createCRL ,
79+ },
3780 {
3881 Name : "csr" ,
3982 Usage : "Create a certificate request" ,
@@ -90,39 +133,6 @@ func main() {
90133 },
91134 Action : createCSR ,
92135 },
93- {
94- Name : "crl" ,
95- Usage : "Create/Update a certificate revogation list (CRL)" ,
96- Flags : []cli.Flag {
97- & cli.StringFlag {
98- Name : "ca-cert" ,
99- Usage : "Certificate authority certificate file `NAME`" ,
100- Required : true ,
101- },
102- & cli.StringFlag {
103- Name : "ca-key" ,
104- Usage : "Certificare authority private key file `NAME`" ,
105- },
106- & cli.StringFlag {
107- Name : "ca-password" ,
108- Usage : "private key password" ,
109- },
110- & cli.IntFlag {
111- Name : "validity" ,
112- Usage : "Validity time in `days` (0 to copy certificate authority validity)" ,
113- Value : 7 ,
114- },
115- & cli.StringSliceFlag {
116- Name : "cert" ,
117- Usage : "Certificate to be included on CRL" ,
118- },
119- & cli.StringFlag {
120- Name : "out" ,
121- Usage : "Certificate revogation list output file `NAME`" ,
122- },
123- },
124- Action : createCRL ,
125- },
126136 {
127137 Name : "key" ,
128138 Usage : "Private key support" ,
@@ -258,11 +268,23 @@ func main() {
258268 Name : "max-path-len" ,
259269 Usage : "Maximum number of subordinate CAs" ,
260270 Value : 0 ,
271+ Action : func (ctx * cli.Context , maxPathLen int ) error {
272+ if maxPathLen < 0 {
273+ return fmt .Errorf ("path length must be equal or greater than 0" )
274+ }
275+ return nil
276+ },
261277 },
262278 & cli.IntFlag {
263279 Name : "validity" ,
264280 Usage : "Validity time in `YEARS`" ,
265281 Value : 5 ,
282+ Action : func (ctx * cli.Context , validity int ) error {
283+ if validity < 1 {
284+ return fmt .Errorf ("validity must be a positive number" )
285+ }
286+ return nil
287+ },
266288 },
267289 & cli.StringFlag {
268290 Name : "out" ,
@@ -304,6 +326,12 @@ func main() {
304326 Name : "validity" ,
305327 Usage : "Validity time in `YEARS`" ,
306328 Value : 2 ,
329+ Action : func (ctx * cli.Context , validity int ) error {
330+ if validity < 1 {
331+ return fmt .Errorf ("validity must be a positive number" )
332+ }
333+ return nil
334+ },
307335 },
308336 & cli.StringFlag {
309337 Name : "out" ,
@@ -345,6 +373,12 @@ func main() {
345373 Name : "validity" ,
346374 Usage : "Validity time in `YEARS`" ,
347375 Value : 2 ,
376+ Action : func (ctx * cli.Context , validity int ) error {
377+ if validity < 1 {
378+ return fmt .Errorf ("validity must be a positive number" )
379+ }
380+ return nil
381+ },
348382 },
349383 & cli.StringFlag {
350384 Name : "out" ,
@@ -386,6 +420,12 @@ func main() {
386420 Name : "validity" ,
387421 Usage : "Validity time in `YEARS`" ,
388422 Value : 2 ,
423+ Action : func (ctx * cli.Context , validity int ) error {
424+ if validity < 1 {
425+ return fmt .Errorf ("validity must be a positive number" )
426+ }
427+ return nil
428+ },
389429 },
390430 & cli.StringFlag {
391431 Name : "out" ,
@@ -555,15 +595,13 @@ func createCSR(c *cli.Context) error {
555595func createCRL (c * cli.Context ) error {
556596 caCertName := c .String ("ca-cert" )
557597 validity := c .Int ("validity" )
558- if validity < 0 {
559- return fmt .Errorf ("validity must be a positive number" )
560- }
561598 caKeyName := c .String ("ca-key" )
562599 if caKeyName == "" {
563600 caKeyName = strings .TrimSuffix (caCertName , filepath .Ext (caCertName )) + ".key"
564601 }
565602 caPassword := c .String ("ca-password" )
566603 certNames := c .StringSlice ("cert" )
604+ inFileName := c .String ("in" )
567605 outFileName := c .String ("out" )
568606
569607 pemBytes , err := os .ReadFile (caCertName )
@@ -609,8 +647,8 @@ func createCRL(c *cli.Context) error {
609647
610648 var revokedCertificates []pkix.RevokedCertificate
611649
612- if _ , err := os . Stat ( outFileName ); ! os . IsNotExist ( err ) {
613- crlBytes , err := os .ReadFile (outFileName )
650+ if inFileName != "" {
651+ crlBytes , err := os .ReadFile (inFileName )
614652 if err != nil {
615653 return fmt .Errorf ("failed to load original crl: %w" , err )
616654 }
@@ -736,9 +774,6 @@ func encodePkcs(c *cli.Context) error {
736774
737775func signCA (c * cli.Context ) error {
738776 maxPathLen := c .Int ("max-path-len" )
739- if maxPathLen < 0 {
740- return fmt .Errorf ("path length must be equal or greater than 0" )
741- }
742777
743778 configure := func (template * x509.Certificate ) error {
744779 template .IsCA = true
@@ -813,9 +848,6 @@ func signRequest(c *cli.Context, allowSelfSign bool, configure func(*x509.Certif
813848 }
814849 caPassword := c .String ("ca-password" )
815850 validity := c .Int ("validity" )
816- if validity < 1 {
817- return fmt .Errorf ("validity must be a positive number" )
818- }
819851 crls := c .StringSlice ("crl" )
820852 outFileName := c .String ("out" )
821853
0 commit comments