| Tim Windelschmidt | f0ec0f6 | 2023-07-17 13:43:38 +0200 | [diff] [blame] | 1 | package main |
| 2 | |
| 3 | import ( |
| 4 | "crypto/x509" |
| 5 | "encoding/pem" |
| Tim Windelschmidt | d5f851b | 2024-04-23 14:59:37 +0200 | [diff] [blame] | 6 | "errors" |
| Tim Windelschmidt | f0ec0f6 | 2023-07-17 13:43:38 +0200 | [diff] [blame] | 7 | "log" |
| 8 | "os" |
| 9 | |
| 10 | "github.com/spf13/cobra" |
| 11 | |
| 12 | "source.monogon.dev/metropolis/cli/metroctl/core" |
| 13 | ) |
| 14 | |
| 15 | func init() { |
| 16 | certCmd.AddCommand(certExportCmd) |
| 17 | |
| 18 | rootCmd.AddCommand(certCmd) |
| 19 | } |
| 20 | |
| 21 | var certCmd = &cobra.Command{ |
| 22 | Short: "Certificate utilities", |
| 23 | Use: "cert", |
| 24 | } |
| 25 | |
| 26 | var certExportCmd = &cobra.Command{ |
| 27 | Short: "Exports certificates for use in other programs", |
| 28 | Use: "export", |
| 29 | Example: "metroctl cert export", |
| 30 | Run: func(cmd *cobra.Command, args []string) { |
| 31 | ocert, opkey, err := core.GetOwnerCredentials(flags.configPath) |
| Tim Windelschmidt | d5f851b | 2024-04-23 14:59:37 +0200 | [diff] [blame] | 32 | if errors.Is(err, core.NoCredentialsError) { |
| Tim Windelschmidt | f0ec0f6 | 2023-07-17 13:43:38 +0200 | [diff] [blame] | 33 | log.Fatalf("You have to take ownership of the cluster first: %v", err) |
| 34 | } |
| 35 | |
| 36 | pkcs8Key, err := x509.MarshalPKCS8PrivateKey(opkey) |
| 37 | if err != nil { |
| 38 | // We explicitly pass an Ed25519 private key in, so this can't happen |
| 39 | panic(err) |
| 40 | } |
| 41 | |
| 42 | if err := os.WriteFile("owner.crt", pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: ocert.Raw}), 0755); err != nil { |
| 43 | log.Fatal(err) |
| 44 | } |
| 45 | |
| 46 | if err := os.WriteFile("owner.key", pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: pkcs8Key}), 0755); err != nil { |
| 47 | log.Fatal(err) |
| 48 | } |
| 49 | log.Println("Wrote files to current dir: cert.pem, key.pem") |
| 50 | }, |
| 51 | Args: cobra.NoArgs, |
| 52 | } |