package cert import ( "b612.me/apps/b612/utils" "b612.me/stario" "b612.me/starlog" "crypto" "crypto/x509" "fmt" "github.com/spf13/cobra" "math/big" "os" "path/filepath" "time" ) var country, province, city, org, orgUnit, name string var dnsName []string var start, end time.Time var startStr, endStr string var savefolder string var promptMode bool var isCa bool var maxPathLenZero bool var maxPathLen int var caKey string var caCert string var csr string var caKeyPwd string var passwd string var enPasswd string var keyUsage int var extKeyUsage []int var Cmd = &cobra.Command{ Use: "cert", Short: "证书生成与解析", Long: "证书生成与解析", } var CmdCsr = &cobra.Command{ Use: "csr", Short: "生成证书请求", Long: "生成证书请求", Run: func(cmd *cobra.Command, args []string) { var err error if promptMode { if country == "" { country = stario.MessageBox("请输入国家:", "").MustString() } if province == "" { province = stario.MessageBox("请输入省份:", "").MustString() } if city == "" { city = stario.MessageBox("请输入城市:", "").MustString() } if org == "" { org = stario.MessageBox("请输入组织:", "").MustString() } if orgUnit == "" { orgUnit = stario.MessageBox("请输入组织单位:", "").MustString() } if name == "" { name = stario.MessageBox("请输入通用名称:", "").MustString() } if dnsName == nil { dnsName = stario.MessageBox("请输入dns名称,用逗号分割:", "").MustSliceString(",") } } key, err := LoadPriv(caKey, caKeyPwd) if err != nil { starlog.Errorln("加载Key错误", err) os.Exit(1) } csr := outputCsr(GenerateCsr(country, province, city, org, orgUnit, name, dnsName), key) err = os.WriteFile(savefolder+"/"+name+".csr", csr, 0644) if err != nil { starlog.Errorln("保存csr文件错误", err) os.Exit(1) } starlog.Infoln("保存csr文件成功", savefolder+"/"+name+".csr") }, } var CmdGen = &cobra.Command{ Use: "gen", Short: "生成证书", Long: "生成证书", Run: func(cmd *cobra.Command, args []string) { if caKey == "" { starlog.Errorln("CA私钥不能为空") os.Exit(1) } if caCert == "" { starlog.Errorln("CA证书不能为空") os.Exit(1) } if csr == "" { starlog.Errorln("证书请求不能为空") os.Exit(1) } var caKeyRaw crypto.PrivateKey var caCertRaw *x509.Certificate var err error if !isCa { caKeyRaw, caCertRaw, err = LoadCA(caKey, caCert, caKeyPwd) if err != nil { starlog.Errorln("加载CA错误", err) os.Exit(1) } } else { caKeyRaw, err = LoadPriv(caKey, caKeyPwd) if err != nil { starlog.Errorln("加载CA错误", err) os.Exit(1) } } csrRaw, err := LoadCsr(csr) if err != nil { starlog.Errorln("加载证书请求错误", err) os.Exit(1) } start, err = time.Parse(time.RFC3339, startStr) if err != nil { starlog.Errorln("开始时间格式错误,格式:2006-01-02T15:04:05Z07:00", err) os.Exit(1) } end, err = time.Parse(time.RFC3339, endStr) if err != nil { starlog.Errorln("结束时间格式错误,格式:2006-01-02T15:04:05Z07:00", err) os.Exit(1) } pubKeyRaw := csrRaw.PublicKey certReq := &x509.Certificate{ SerialNumber: big.NewInt(time.Now().UnixNano()), Subject: csrRaw.Subject, IsCA: isCa, NotBefore: start, NotAfter: end, MaxPathLen: maxPathLen, MaxPathLenZero: maxPathLenZero, DNSNames: csrRaw.DNSNames, IPAddresses: csrRaw.IPAddresses, } if !isCa { if keyUsage == 0 { certReq.KeyUsage = x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment } if len(extKeyUsage) == 0 { certReq.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth} } } else { if len(extKeyUsage) == 0 { certReq.ExtKeyUsage = []x509.ExtKeyUsage{ x509.ExtKeyUsageAny, x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageCodeSigning, x509.ExtKeyUsageEmailProtection, x509.ExtKeyUsageIPSECEndSystem, x509.ExtKeyUsageIPSECTunnel, x509.ExtKeyUsageIPSECUser, x509.ExtKeyUsageTimeStamping, x509.ExtKeyUsageOCSPSigning, x509.ExtKeyUsageMicrosoftServerGatedCrypto, x509.ExtKeyUsageNetscapeServerGatedCrypto, x509.ExtKeyUsageMicrosoftCommercialCodeSigning, x509.ExtKeyUsageMicrosoftKernelCodeSigning, } } if keyUsage == 0 { certReq.KeyUsage = x509.KeyUsageCertSign | x509.KeyUsageCRLSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement | x509.KeyUsageDigitalSignature } } if keyUsage != 0 { certReq.KeyUsage = x509.KeyUsage(keyUsage) } if len(extKeyUsage) > 0 { certReq.ExtKeyUsage = make([]x509.ExtKeyUsage, len(extKeyUsage)) for i, v := range extKeyUsage { certReq.ExtKeyUsage[i] = x509.ExtKeyUsage(v) } } certReq.Subject.SerialNumber = fmt.Sprint(time.Now().UnixNano()) if isCa { caCertRaw = certReq } cert, err := MakeCert(caKeyRaw, caCertRaw, certReq, pubKeyRaw) if err != nil { starlog.Errorln("生成证书错误", err) os.Exit(1) } err = os.WriteFile(savefolder+"/"+csrRaw.Subject.CommonName+".crt", cert, 0644) if err != nil { starlog.Errorln("保存证书错误", err) os.Exit(1) } starlog.Infoln("保存证书成功", savefolder+"/"+csrRaw.Subject.CommonName+".crt") }, } var CmdFastGen = &cobra.Command{ Use: "fastgen", Short: "快速生成证书", Long: "快速生成证书", Run: func(cmd *cobra.Command, args []string) { if promptMode { if fastgen.Country == "" { fastgen.Country = stario.MessageBox("请输入国家:", "").MustString() } if fastgen.Province == "" { fastgen.Province = stario.MessageBox("请输入省份:", "").MustString() } if fastgen.City == "" { fastgen.City = stario.MessageBox("请输入城市:", "").MustString() } if fastgen.Organization == "" { fastgen.Organization = stario.MessageBox("请输入组织:", "").MustString() } if fastgen.OrganizationUnit == "" { fastgen.OrganizationUnit = stario.MessageBox("请输入组织单位:", "").MustString() } if fastgen.CommonName == "" { fastgen.CommonName = stario.MessageBox("请输入通用名称:", "").MustString() } if fastgen.Dns == nil { fastgen.Dns = stario.MessageBox("请输入dns名称,用逗号分割:", "").MustSliceString(",") } if fastgen.Type == "" { fastgen.Type = stario.MessageBox("请输入证书类型(RSA/ECDSA):", "RSA").MustString() } if fastgen.Bits <= 0 { fastgen.Bits = stario.MessageBox("请输入证书位数:", "2048").MustInt() } if startStr == "" { startStr = stario.MessageBox("请输入证书开始时间,格式:2006-01-02T15:04:05Z07:00:", time.Now().Format(time.RFC3339)).MustString() } if endStr == "" { endStr = stario.MessageBox("请输入证书结束时间,格式:2006-01-02T15:04:05Z07:00:", time.Now().AddDate(1, 0, 0).Format(time.RFC3339)).MustString() } } var err error fastgen.StartDate, err = time.Parse(time.RFC3339, startStr) if err != nil { starlog.Errorln("开始时间格式错误,格式:2006-01-02T15:04:05Z07:00", err) os.Exit(1) } fastgen.EndDate, err = time.Parse(time.RFC3339, endStr) if err != nil { starlog.Errorln("结束时间格式错误,格式:2006-01-02T15:04:05Z07:00", err) os.Exit(1) } if caCert != "" && caKey != "" { fastgen.CAPriv, fastgen.CA, err = LoadCA(caKey, caCert, caKeyPwd) if err != nil { starlog.Errorln("加载CA错误", err) os.Exit(1) } } if fastgen.CAPriv == nil { fastgen.CA, fastgen.CAPriv = utils.ToolCert("") } byteCrt, byteKey, err := utils.GenerateCert(fastgen) if err != nil { starlog.Errorln("生成证书错误", err) os.Exit(1) } name := fastgen.CommonName if name == "" { name = "cert" } err = os.WriteFile(filepath.Join(savefolder, name+".crt"), byteCrt, 0644) if err != nil { starlog.Errorln("保存证书错误", err) os.Exit(1) } starlog.Infoln("保存证书成功", filepath.Join(savefolder, name+".crt")) err = os.WriteFile(filepath.Join(savefolder, name+".key"), byteKey, 0644) if err != nil { starlog.Errorln("保存私钥错误", err) os.Exit(1) } starlog.Infoln("保存私钥成功", filepath.Join(savefolder, name+".key")) }, } var CmdParse = &cobra.Command{ Use: "parse", Short: "解析证书", Long: "解析证书", Run: func(cmd *cobra.Command, args []string) { if len(args) == 0 { starlog.Errorln("请输入证书文件") os.Exit(1) } for _, v := range args { data, err := os.ReadFile(v) if err != nil { starlog.Errorln("读取证书错误", err) continue } ParseCert(data, passwd) fmt.Println("\n-------" + v + "解析完毕---------\n") } }, } var fastgen utils.GenerateCertParams func init() { Cmd.AddCommand(CmdCsr) CmdCsr.Flags().BoolVarP(&promptMode, "prompt", "P", false, "是否交互模式") CmdCsr.Flags().StringVarP(&country, "country", "c", "", "国家") CmdCsr.Flags().StringVarP(&province, "province", "p", "", "省份") CmdCsr.Flags().StringVarP(&city, "city", "t", "", "城市") CmdCsr.Flags().StringVarP(&org, "org", "o", "", "组织") CmdCsr.Flags().StringVarP(&orgUnit, "orgUnit", "u", "", "组织单位") CmdCsr.Flags().StringVarP(&name, "name", "n", "", "通用名称") CmdCsr.Flags().StringSliceVarP(&dnsName, "dnsName", "d", nil, "dns名称") CmdCsr.Flags().StringVarP(&savefolder, "savefolder", "s", "./", "保存文件夹") CmdCsr.Flags().StringVarP(&caKey, "secret-key", "k", "", "加密私钥") CmdCsr.Flags().StringVarP(&caKeyPwd, "secret-key-passwd", "K", "", "加密私钥的密码") //CmdCsr.Flags().BoolVarP(&isCa, "isCa", "A", false, "是否是CA") //CmdCsr.Flags().StringVarP(&startStr, "start", "S", time.Now().Format(time.RFC3339), "开始时间,格式:2006-01-02T15:04:05Z07:00") //CmdCsr.Flags().StringVarP(&endStr, "end", "E", time.Now().AddDate(1, 0, 0).Format(time.RFC3339), "结束时间,格式:2006-01-02T15:04:05Z07:00") //CmdCsr.Flags().BoolVarP(&maxPathLenZero, "maxPathLenZero", "z", false, "允许最大路径长度为0") //CmdCsr.Flags().IntVarP(&maxPathLen, "maxPathLen", "m", 0, "最大路径长度") CmdGen.Flags().IntVarP(&keyUsage, "keyUsage", "u", 0, "证书使用类型,默认数字0,0表示数字签名和密钥加密,1表示证书签名,2表示CRL签名,4表示密钥协商,8表示数据加密") CmdGen.Flags().IntSliceVarP(&extKeyUsage, "extKeyUsage", "e", []int{0, 1}, "扩展证书使用类型,默认数字0和1,0表示服务器认证,1表示客户端认证,2表示代码签名,3表示电子邮件保护,4表示IPSEC终端系统,5表示IPSEC隧道,6表示IPSEC用户,7表示时间戳,8表示OCSP签名,9表示Microsoft服务器网关加密,10表示Netscape服务器网关加密,11表示Microsoft商业代码签名,12表示Microsoft内核代码签名") CmdGen.Flags().StringVarP(&caKey, "caKey", "k", "", "CA私钥") CmdGen.Flags().StringVarP(&caCert, "caCert", "C", "", "CA证书") CmdGen.Flags().StringVarP(&csr, "csr", "r", "", "证书请求") CmdGen.Flags().StringVarP(&savefolder, "savefolder", "s", "./", "保存文件夹") CmdGen.Flags().StringVarP(&caKeyPwd, "caKeyPwd", "p", "", "CA私钥密码") CmdGen.Flags().BoolVarP(&isCa, "isCa", "A", false, "是否是CA") CmdGen.Flags().StringVarP(&startStr, "start", "S", time.Now().Format(time.RFC3339), "开始时间,格式:2006-01-02T15:04:05Z07:00") CmdGen.Flags().StringVarP(&endStr, "end", "E", time.Now().AddDate(1, 0, 0).Format(time.RFC3339), "结束时间,格式:2006-01-02T15:04:05Z07:00") CmdGen.Flags().BoolVarP(&maxPathLenZero, "maxPathLenZero", "z", false, "允许最大路径长度为0") CmdGen.Flags().IntVarP(&maxPathLen, "maxPathLen", "m", 0, "最大路径长度") Cmd.AddCommand(CmdGen) CmdParse.Flags().StringVarP(&passwd, "passwd", "p", "", "pfx解密密码") Cmd.AddCommand(CmdParse) CmdPkcs8.Flags().StringVarP(&passwd, "passwd", "p", "", "解密密码") CmdPkcs8.Flags().StringVarP(&savefolder, "savefolder", "s", ".", "保存文件夹") CmdPkcs8.Flags().StringVarP(&enPasswd, "en-passwd", "P", "", "加密密码") Cmd.AddCommand(CmdPkcs8) CmdPkcs1.Flags().StringVarP(&passwd, "passwd", "p", "", "解密密码") CmdPkcs1.Flags().StringVarP(&savefolder, "savefolder", "s", ".", "保存文件夹") CmdPkcs1.Flags().StringVarP(&enPasswd, "en-passwd", "P", "", "加密密码") Cmd.AddCommand(CmdPkcs1) CmdPkcs12.Flags().StringVarP(&passwd, "passwd", "p", "", "pfx解密密码") CmdPkcs12.Flags().StringVarP(&enPasswd, "pfx-passwd", "P", "", "pfx加密密码") CmdPkcs12.Flags().StringVarP(&savefolder, "savefolder", "s", ".", "保存文件夹") Cmd.AddCommand(CmdPkcs12) CmdBasic.Flags().StringVarP(&passwd, "passwd", "p", "", "解密密码") CmdBasic.Flags().StringVarP(&savefolder, "savefolder", "s", ".", "保存文件夹") CmdBasic.Flags().StringVarP(&enPasswd, "en-passwd", "P", "", "加密密码") Cmd.AddCommand(CmdBasic) CmdOpenssh.Flags().StringVarP(&passwd, "passwd", "p", "", "解密密码") CmdOpenssh.Flags().StringVarP(&savefolder, "savefolder", "s", ".", "保存文件夹") CmdOpenssh.Flags().StringVarP(&enPasswd, "en-passwd", "P", "", "加密密码") Cmd.AddCommand(CmdOpenssh) CmdFastGen.Flags().BoolVarP(&promptMode, "prompt", "P", false, "是否交互模式") CmdFastGen.Flags().StringVarP(&fastgen.Country, "country", "c", "", "国家") CmdFastGen.Flags().StringVarP(&fastgen.Province, "province", "p", "", "省份") CmdFastGen.Flags().StringVar(&fastgen.City, "city", "", "城市") CmdFastGen.Flags().StringVarP(&fastgen.Organization, "org", "o", "", "组织") CmdFastGen.Flags().StringVarP(&fastgen.OrganizationUnit, "orgUnit", "u", "", "组织单位") CmdFastGen.Flags().StringVarP(&fastgen.CommonName, "name", "n", "", "通用名称") CmdFastGen.Flags().StringSliceVarP(&fastgen.Dns, "dnsName", "d", nil, "dns名称") CmdFastGen.Flags().StringVarP(&savefolder, "savefolder", "s", "./", "保存文件夹") CmdFastGen.Flags().IntVarP(&fastgen.KeyUsage, "keyUsage", "U", 0, "证书使用类型,默认数字0,0表示数字签名和密钥加密,1表示证书签名,2表示CRL签名,4表示密钥协商,8表示数据加密") CmdFastGen.Flags().IntSliceVarP(&fastgen.ExtendedKeyUsage, "extKeyUsage", "e", []int{0, 1}, "扩展证书使用类型,默认数字0和1,0表示服务器认证,1表示客户端认证,2表示代码签名,3表示电子邮件保护,4表示IPSEC终端系统,5表示IPSEC隧道,6表示IPSEC用户,7表示时间戳,8表示OCSP签名,9表示Microsoft服务器网关加密,10表示Netscape服务器网关加密,11表示Microsoft商业代码签名,12表示Microsoft内核代码签名") CmdFastGen.Flags().BoolVarP(&fastgen.IsCA, "isCa", "A", false, "是否是CA") CmdFastGen.Flags().StringVarP(&startStr, "start", "S", time.Now().Format(time.RFC3339), "开始时间,格式:2006-01-02T15:04:05Z07:00") CmdFastGen.Flags().StringVarP(&endStr, "end", "E", time.Now().AddDate(1, 0, 0).Format(time.RFC3339), "结束时间,格式:2006-01-02T15:04:05Z07:00") CmdFastGen.Flags().BoolVarP(&fastgen.MaxPathLengthZero, "maxPathLenZero", "z", false, "允许最大路径长度为0") CmdFastGen.Flags().IntVarP(&fastgen.MaxPathLength, "maxPathLen", "m", 0, "最大路径长度") CmdFastGen.Flags().StringVarP(&caKey, "caKey", "K", "", "CA私钥,可以留空") CmdFastGen.Flags().StringVarP(&caCert, "caCert", "C", "", "CA证书,可以留空") CmdFastGen.Flags().StringVar(&caKeyPwd, "caKeyPwd", "", "CA私钥密码") CmdFastGen.Flags().StringVarP(&fastgen.Type, "type", "t", "RSA", "证书类型,支持RSA和ECDSA") CmdFastGen.Flags().IntVarP(&fastgen.Bits, "bits", "b", 2048, "证书位数,默认2048") Cmd.AddCommand(CmdFastGen) } var CmdPkcs8 = &cobra.Command{ Use: "pkcs8", Short: "pkcs8转换", Long: "pkcs8转换", Run: func(cmd *cobra.Command, args []string) { if len(args) == 0 { starlog.Errorln("请输入证书文件") os.Exit(1) } for _, v := range args { data, err := os.ReadFile(v) if err != nil { starlog.Errorln("读取证书错误", err) continue } err = Pkcs8(data, passwd, enPasswd, filepath.Base(v), savefolder) if err != nil { starlog.Errorln("pkcs8转换错误", err) continue } fmt.Println("\n-------" + v + "转换完毕---------\n") } }, } var CmdPkcs1 = &cobra.Command{ Use: "pkcs1", Short: "pkcs1转换", Long: "pkcs1转换", Run: func(cmd *cobra.Command, args []string) { if len(args) == 0 { starlog.Errorln("请输入证书文件") os.Exit(1) } for _, v := range args { data, err := os.ReadFile(v) if err != nil { starlog.Errorln("读取证书错误", err) continue } err = Pkcs1(data, passwd, enPasswd, filepath.Base(v), savefolder) if err != nil { starlog.Errorln("pkcs1转换错误", err) continue } fmt.Println("\n-------" + v + "转换完毕---------\n") } }, } var CmdPkcs12 = &cobra.Command{ Use: "pkcs12", Short: "pkcs12转换", Long: "pkcs12转换", Run: func(cmd *cobra.Command, args []string) { if len(args) == 0 { starlog.Errorln("请输入证书文件") os.Exit(1) } var keys []any var certs []x509.Certificate for _, v := range args { data, err := os.ReadFile(v) if err != nil { starlog.Errorln("读取证书错误", err) continue } key, cert, err := GetCert(data, passwd) if err != nil { starlog.Errorln("证书读取错误", err) os.Exit(1) } keys = append(keys, key...) certs = append(certs, cert...) } err := Pkcs12(keys, certs, enPasswd, filepath.Base(args[0]), savefolder) if err != nil { starlog.Errorln("pkcs12转换错误", err) os.Exit(1) } fmt.Println("\n-------pfk转换完毕---------\n") }, } var CmdBasic = &cobra.Command{ Use: "basic", Short: "证书转换为基本类型", Long: "证书转换为基本类型", Run: func(cmd *cobra.Command, args []string) { if len(args) == 0 { starlog.Errorln("请输入证书文件") os.Exit(1) } for _, v := range args { data, err := os.ReadFile(v) if err != nil { starlog.Errorln("读取证书错误", err) continue } err = Tran(data, passwd, filepath.Base(v), savefolder) if err != nil { starlog.Errorln("证书转换错误", err) continue } fmt.Println("\n-------" + v + "转换完毕---------\n") } }, } var CmdOpenssh = &cobra.Command{ Use: "openssh", Short: "openssh转换", Long: "openssh转换", Run: func(cmd *cobra.Command, args []string) { if len(args) == 0 { starlog.Errorln("请输入证书文件") os.Exit(1) } for _, v := range args { data, err := os.ReadFile(v) if err != nil { starlog.Errorln("读取证书错误", err) continue } err = Openssh(data, passwd, enPasswd, filepath.Base(v), savefolder) if err != nil { starlog.Errorln("openssh转换错误", err) continue } fmt.Println("\n-------" + v + "转换完毕---------\n") } }, }