Skip to content

Commit

Permalink
Add DNSName flag to scepclient (#202)
Browse files Browse the repository at this point in the history
  • Loading branch information
macmule authored Aug 13, 2022
1 parent 3aa7a5a commit 699e8df
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 7 deletions.
5 changes: 3 additions & 2 deletions cmd/scepclient/csr.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ const (
)

type csrOptions struct {
cn, org, country, ou, locality, province, challenge string
key *rsa.PrivateKey
cn, org, country, ou, locality, province, dnsName, challenge string
key *rsa.PrivateKey
}

func loadOrMakeCSR(path string, opts *csrOptions) (*x509.CertificateRequest, error) {
Expand All @@ -44,6 +44,7 @@ func loadOrMakeCSR(path string, opts *csrOptions) (*x509.CertificateRequest, err
CertificateRequest: x509.CertificateRequest{
Subject: subject,
SignatureAlgorithm: x509.SHA256WithRSA,
DNSNames: subjOrNil(opts.dnsName),
},
}
if opts.challenge != "" {
Expand Down
13 changes: 9 additions & 4 deletions cmd/scepclient/scepclient.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ type runCfg struct {
debug bool
logfmt string
caCertMsg string
dnsName string
}

func run(cfg runCfg) error {
Expand Down Expand Up @@ -88,6 +89,7 @@ func run(cfg runCfg) error {
province: cfg.province,
challenge: cfg.challenge,
key: key,
dnsName: cfg.dnsName,
}

csr, err := loadOrMakeCSR(cfg.csrPath, opts)
Expand Down Expand Up @@ -234,10 +236,11 @@ func logCerts(logger log.Logger, certs []*x509.Certificate) {

// validateFingerprint makes sure fingerprint looks like a hash.
// We remove spaces and colons from fingerprint as it may come in various forms:
// e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
// E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
// e3b0c442 98fc1c14 9afbf4c8 996fb924 27ae41e4 649b934c a495991b 7852b855
// e3:b0:c4:42:98:fc:1c:14:9a:fb:f4:c8:99:6f:b9:24:27:ae:41:e4:64:9b:93:4c:a4:95:99:1b:78:52:b8:55
//
// e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
// E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
// e3b0c442 98fc1c14 9afbf4c8 996fb924 27ae41e4 649b934c a495991b 7852b855
// e3:b0:c4:42:98:fc:1c:14:9a:fb:f4:c8:99:6f:b9:24:27:ae:41:e4:64:9b:93:4c:a4:95:99:1b:78:52:b8:55
func validateFingerprint(fingerprint string) (hash []byte, err error) {
fingerprint = strings.NewReplacer(" ", "", ":", "").Replace(fingerprint)
hash, err = hex.DecodeString(fingerprint)
Expand Down Expand Up @@ -279,6 +282,7 @@ func main() {
flProvince = flag.String("province", "", "province for certificate")
flCountry = flag.String("country", "US", "country code in certificate")
flCACertMessage = flag.String("cacert-message", "", "message sent with GetCACert operation")
flDNSName = flag.String("dnsname", "", "DNS name to be included in the certificate (SAN)")

// in case of multiple certificate authorities, we need to figure out who the recipient of the encrypted
// data is.
Expand Down Expand Up @@ -340,6 +344,7 @@ func main() {
debug: *flDebugLogging,
logfmt: logfmt,
caCertMsg: *flCACertMessage,
dnsName: *flDNSName,
}

if err := run(cfg); err != nil {
Expand Down
1 change: 0 additions & 1 deletion scep/scep.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,6 @@ const (
// reasons:
type FailInfo string

//
const (
BadAlg FailInfo = "0"
BadMessageCheck = "1"
Expand Down

0 comments on commit 699e8df

Please sign in to comment.