forked from solderpunk/gemcert
Allow for the use of multiple domains
This commit is contained in:
parent
de1e20febc
commit
d00762cbe6
34
main.go
34
main.go
|
@ -17,6 +17,7 @@ import (
|
|||
"log"
|
||||
"math/big"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
|
@ -38,7 +39,7 @@ func main() {
|
|||
flag.BoolVar(&server, "server", false, "generate a server certificate.")
|
||||
flag.BoolVar(&ed25519, "ed25519", false, "use ed25519 instead of ECDSA.")
|
||||
flag.BoolVar(&nowild, "nowild", false, "do not include a wildcard entry in SAN.")
|
||||
flag.StringVar(&domain, "domain", "example.com", "server domain.")
|
||||
flag.StringVar(&domain, "domain", "example.com", "server domain or a space separated list of domains.")
|
||||
flag.StringVar(&cn, "cn", "gemini", "client certificate CN.")
|
||||
flag.IntVar(&years, "years", 0, "years of validity.")
|
||||
flag.IntVar(&months, "months", 0, "months of validity.")
|
||||
|
@ -85,18 +86,39 @@ func main() {
|
|||
}
|
||||
|
||||
func getServerCertTemplate(domain string, wildcard bool, notBefore time.Time, notAfter time.Time) x509.Certificate {
|
||||
domainList := strings.Fields(domain)
|
||||
template := getCommonCertTemplate(notBefore, notAfter)
|
||||
template.Subject = pkix.Name{
|
||||
CommonName: domain,
|
||||
CommonName: domainList[0],
|
||||
}
|
||||
template.DNSNames = append(template.DNSNames, domain)
|
||||
if wildcard {
|
||||
wildcard := "*." + domain
|
||||
template.DNSNames = append(template.DNSNames, wildcard)
|
||||
|
||||
for _, d := range domainList {
|
||||
appendDNSName(&template, d)
|
||||
|
||||
if wildcard {
|
||||
appendDNSName(&template, "*." + d)
|
||||
}
|
||||
}
|
||||
|
||||
return template
|
||||
}
|
||||
|
||||
func appendDNSName(template *x509.Certificate, name string) {
|
||||
if (!contains(template.DNSNames, name)) {
|
||||
template.DNSNames = append(template.DNSNames, name)
|
||||
}
|
||||
}
|
||||
|
||||
func contains(list []string, str string) bool {
|
||||
for _, s := range list {
|
||||
if s == str {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
func getClientCertTemplate(cn string, notBefore time.Time, notAfter time.Time) x509.Certificate {
|
||||
template := getCommonCertTemplate(notBefore, notAfter)
|
||||
template.Subject = pkix.Name{
|
||||
|
|
Loading…
Reference in New Issue