diff --git a/command/ca/init.go b/command/ca/init.go index ec31db5b..e93dc06c 100644 --- a/command/ca/init.go +++ b/command/ca/init.go @@ -4,11 +4,11 @@ import ( "crypto/rand" "fmt" "io" - "os" + "strings" "github.com/smallstep/cli/crypto/pki" "github.com/smallstep/cli/errs" - "github.com/smallstep/cli/utils" + "github.com/smallstep/cli/ui" "github.com/urfave/cli" ) @@ -28,13 +28,32 @@ func initAction(ctx *cli.Context) error { return err } - fmt.Fprintf(os.Stderr, "What would you like to name your new PKI? (e.g. Smallstep): ") - name, err := utils.ReadString(os.Stdin) + name, err := ui.Prompt("What would you like to name your new PKI? (e.g. Smallstep)", ui.WithValidateNotEmpty()) if err != nil { return err } - pass, err := utils.ReadPasswordGenerate("What do you want your password to be? [leave empty and we'll generate one]: ") + names, err := ui.Prompt("What DNS names or IP addresses would you like to add to your new CA? (e.g. ca.smallstep.com)", ui.WithValidateNotEmpty()) + if err != nil { + return err + } + names = strings.Replace(names, ",", " ", -1) + dnsNames := strings.Split(names, " ") + for i, name := range dnsNames { + dnsNames[i] = strings.TrimSpace(name) + } + + address, err := ui.Prompt("What address would your new CA will be listening at? (e.g. :443)", ui.WithValidateNotEmpty()) + if err != nil { + return err + } + + issuer, err := ui.Prompt("What first issuer would like to add in the new CA? (e.g. mike@smallstep.com)", ui.WithValidateNotEmpty()) + if err != nil { + return err + } + + pass, err := ui.PromptPasswordGenerate("What do you want your password to be? [leave empty and we'll generate one]") if err != nil { return err } @@ -44,6 +63,10 @@ func initAction(ctx *cli.Context) error { return err } + p.SetIssuer(issuer) + p.SetAddress(address) + p.SetDNSNames(dnsNames) + // Generate ott and ssh key pairs if err := p.GenerateKeyPairs(pass); err != nil { return err diff --git a/crypto/pki/pki.go b/crypto/pki/pki.go index 3c38f61a..113362c8 100644 --- a/crypto/pki/pki.go +++ b/crypto/pki/pki.go @@ -120,6 +120,9 @@ type PKI struct { config string ottPublicKey *jose.JSONWebKey ottPrivateKey *jose.JSONWebEncryption + issuer string + address string + dnsNames []string } // New creates a new PKI configuration. @@ -148,7 +151,11 @@ func New(public, private, config string) (*PKI, error) { return s, errors.Wrapf(err, "error getting absolute path for %s", name) } - p := new(PKI) + p := &PKI{ + issuer: "step-cli", + address: "127.0.0.1:9000", + dnsNames: []string{"127.0.0.1"}, + } if p.root, err = getPath(public, "root_ca.crt"); err != nil { return nil, err } @@ -174,6 +181,21 @@ func New(public, private, config string) (*PKI, error) { return p, nil } +// SetIssuer sets the issuer of the OTT keys. +func (p *PKI) SetIssuer(s string) { + p.issuer = s +} + +// SetAddress sets the listening address of the CA. +func (p *PKI) SetAddress(s string) { + p.address = s +} + +// SetDNSNames sets the dns names of the CA. +func (p *PKI) SetDNSNames(s []string) { + p.dnsNames = s +} + // GenerateKeyPairs generates the key pairs used by the certificate authority. func (p *PKI) GenerateKeyPairs(pass []byte) error { var err error @@ -246,12 +268,12 @@ func (p *PKI) Save() error { Root: p.root, IntermediateCert: p.intermediate, IntermediateKey: p.intermediateKey, - Address: "127.0.0.1:9000", - DNSNames: []string{"127.0.0.1"}, + Address: p.address, + DNSNames: p.dnsNames, Logger: []byte(`{"format": "text"}`), AuthorityConfig: &authority.AuthConfig{ Provisioners: []*provisioner.Provisioner{ - {Issuer: "step-cli", Type: "jwk", Key: p.ottPublicKey, EncryptedKey: key}, + {Issuer: p.issuer, Type: "jwk", Key: p.ottPublicKey, EncryptedKey: key}, }, }, TLS: &tlsutil.TLSOptions{