Allow configuration of PKCS11 subject name
This commit is contained in:
parent
8d7c3d2f08
commit
623e387fb0
1 changed files with 7 additions and 3 deletions
|
@ -35,8 +35,10 @@ type Config struct {
|
||||||
RootOnly bool
|
RootOnly bool
|
||||||
RootObject string
|
RootObject string
|
||||||
RootKeyObject string
|
RootKeyObject string
|
||||||
|
RootSubject string
|
||||||
CrtObject string
|
CrtObject string
|
||||||
CrtKeyObject string
|
CrtKeyObject string
|
||||||
|
CrtSubject string
|
||||||
SSHHostKeyObject string
|
SSHHostKeyObject string
|
||||||
SSHUserKeyObject string
|
SSHUserKeyObject string
|
||||||
RootFile string
|
RootFile string
|
||||||
|
@ -97,8 +99,10 @@ func main() {
|
||||||
flag.StringVar(&c.Pin, "pin", "", "PKCS #11 PIN")
|
flag.StringVar(&c.Pin, "pin", "", "PKCS #11 PIN")
|
||||||
flag.StringVar(&c.RootObject, "root-cert", "pkcs11:id=7330;object=root-cert", "PKCS #11 URI with object id and label to store the root certificate.")
|
flag.StringVar(&c.RootObject, "root-cert", "pkcs11:id=7330;object=root-cert", "PKCS #11 URI with object id and label to store the root certificate.")
|
||||||
flag.StringVar(&c.RootKeyObject, "root-key", "pkcs11:id=7330;object=root-key", "PKCS #11 URI with object id and label to store the root key.")
|
flag.StringVar(&c.RootKeyObject, "root-key", "pkcs11:id=7330;object=root-key", "PKCS #11 URI with object id and label to store the root key.")
|
||||||
|
flag.StringVar(&c.RootSubject, "root-name", "PKCS #11 Smallstep Root", "Subject and Issuer of the root certificate.")
|
||||||
flag.StringVar(&c.CrtObject, "crt-cert", "pkcs11:id=7331;object=intermediate-cert", "PKCS #11 URI with object id and label to store the intermediate certificate.")
|
flag.StringVar(&c.CrtObject, "crt-cert", "pkcs11:id=7331;object=intermediate-cert", "PKCS #11 URI with object id and label to store the intermediate certificate.")
|
||||||
flag.StringVar(&c.CrtKeyObject, "crt-key", "pkcs11:id=7331;object=intermediate-key", "PKCS #11 URI with object id and label to store the intermediate certificate.")
|
flag.StringVar(&c.CrtKeyObject, "crt-key", "pkcs11:id=7331;object=intermediate-key", "PKCS #11 URI with object id and label to store the intermediate certificate.")
|
||||||
|
flag.StringVar(&c.CrtSubject, "crt-name", "PKCS #11 Smallstep Intermediate", "Subject of the intermediate certificate.")
|
||||||
flag.StringVar(&c.SSHHostKeyObject, "ssh-host-key", "pkcs11:id=7332;object=ssh-host-key", "PKCS #11 URI with object id and label to store the key used to sign SSH host certificates.")
|
flag.StringVar(&c.SSHHostKeyObject, "ssh-host-key", "pkcs11:id=7332;object=ssh-host-key", "PKCS #11 URI with object id and label to store the key used to sign SSH host certificates.")
|
||||||
flag.StringVar(&c.SSHUserKeyObject, "ssh-user-key", "pkcs11:id=7333;object=ssh-user-key", "PKCS #11 URI with object id and label to store the key used to sign SSH user certificates.")
|
flag.StringVar(&c.SSHUserKeyObject, "ssh-user-key", "pkcs11:id=7333;object=ssh-user-key", "PKCS #11 URI with object id and label to store the key used to sign SSH user certificates.")
|
||||||
flag.BoolVar(&c.RootOnly, "root-only", false, "Store only only the root certificate and sign and intermediate.")
|
flag.BoolVar(&c.RootOnly, "root-only", false, "Store only only the root certificate and sign and intermediate.")
|
||||||
|
@ -294,8 +298,8 @@ func createPKI(k kms.KeyManager, c Config) error {
|
||||||
BasicConstraintsValid: true,
|
BasicConstraintsValid: true,
|
||||||
MaxPathLen: 1,
|
MaxPathLen: 1,
|
||||||
MaxPathLenZero: false,
|
MaxPathLenZero: false,
|
||||||
Issuer: pkix.Name{CommonName: "PKCS #11 Smallstep Root"},
|
Issuer: pkix.Name{CommonName: c.RootSubject},
|
||||||
Subject: pkix.Name{CommonName: "PKCS #11 Smallstep Root"},
|
Subject: pkix.Name{CommonName: c.RootSubject},
|
||||||
SerialNumber: mustSerialNumber(),
|
SerialNumber: mustSerialNumber(),
|
||||||
SubjectKeyId: mustSubjectKeyID(resp.PublicKey),
|
SubjectKeyId: mustSubjectKeyID(resp.PublicKey),
|
||||||
AuthorityKeyId: mustSubjectKeyID(resp.PublicKey),
|
AuthorityKeyId: mustSubjectKeyID(resp.PublicKey),
|
||||||
|
@ -373,7 +377,7 @@ func createPKI(k kms.KeyManager, c Config) error {
|
||||||
MaxPathLen: 0,
|
MaxPathLen: 0,
|
||||||
MaxPathLenZero: true,
|
MaxPathLenZero: true,
|
||||||
Issuer: root.Subject,
|
Issuer: root.Subject,
|
||||||
Subject: pkix.Name{CommonName: "YubiKey Smallstep Intermediate"},
|
Subject: pkix.Name{CommonName: c.CrtSubject},
|
||||||
SerialNumber: mustSerialNumber(),
|
SerialNumber: mustSerialNumber(),
|
||||||
SubjectKeyId: mustSubjectKeyID(publicKey),
|
SubjectKeyId: mustSubjectKeyID(publicKey),
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue