From 2ae32665bbb9290a5652b48174e2018346f605e1 Mon Sep 17 00:00:00 2001 From: Phil Calvin Date: Wed, 30 Dec 2020 22:10:59 -0500 Subject: [PATCH 1/2] Add Dockerfiles for testing basic functionality This is with the end goal of getting rough compatibility with paultag/minica so we can have one true minica tool. --- Dockerfile | 22 ++++++++++++++++++++++ Dockerfile.paultag | 9 +++++++++ tests.sh | 44 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+) create mode 100644 Dockerfile create mode 100644 Dockerfile.paultag create mode 100755 tests.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..3dc5eb3 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,22 @@ +FROM debian:buster AS build + +RUN apt-get update -y && \ + apt-get install -y golang + +WORKDIR /build + +COPY . . + +RUN go build + +FROM debian:buster + +COPY --from=build /build/minica /usr/bin/minica + +RUN apt-get update -y && \ + apt-get install --no-install-recommends -y \ + curl ca-certificates openssl + +WORKDIR /test +COPY tests.sh . +RUN ./tests.sh \ No newline at end of file diff --git a/Dockerfile.paultag b/Dockerfile.paultag new file mode 100644 index 0000000..28e3135 --- /dev/null +++ b/Dockerfile.paultag @@ -0,0 +1,9 @@ +FROM debian:buster + +RUN apt-get update -y && \ + apt-get install --no-install-recommends -y \ + minica curl ca-certificates openssl + +WORKDIR /test +COPY tests.sh . +RUN ./tests.sh diff --git a/tests.sh b/tests.sh new file mode 100755 index 0000000..b62a260 --- /dev/null +++ b/tests.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set -e +echo "world" > hello + +minica localhost + +set +e +# FIXME: jsha/minica puts the keypair in a directory, copy those out for compatibility +# so the same tests work against either version. +cp localhost/cert.pem localhost.crt +cp localhost/key.pem localhost.key +cp minica.pem cacert.crt +set -e + +openssl s_server -cert localhost.crt -key localhost.key -accept 8080 -WWW & +set +e + +curl https://localhost:8080/hello +if (( $? != 60 )); then + exit "Expected request to server with untrusted CA to fail." +fi + +set -e +cp cacert.crt /usr/share/ca-certificates/ +echo "cacert.crt" >> /etc/ca-certificates.conf +update-ca-certificates +set +e + +curl https://localhost:8080/hello +if (( $? != 0 )); then + exit "Expected request to server with trusted CA to succeed." +fi + +# FIXME: -ca-key-size and -key-size are paultag/minica-only right now, but could be ported. +# set -e +# minica -ca-key-size 4096 -key-size 4096 127.0.0.1 +# openssl s_server -cert 127.0.0.1.crt -key 127.0.0.1.key -accept 8081 -WWW & +# set +e + +# curl https://127.0.0.1:8081/hello +# if (( $? != 0 )); then +# exit "Expected request to server with trusted CA to succeed." +# fi \ No newline at end of file From 36417e624610666947fd48b399291abb0e38f09c Mon Sep 17 00:00:00 2001 From: Phil Calvin Date: Wed, 30 Dec 2020 22:15:16 -0500 Subject: [PATCH 2/2] Allow domains to be specified as unflagged arguments This is for drop-in(-ish) compatibility with https://github.com/paultag/minica --- README.md | 7 +++++++ main.go | 8 ++------ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 894995c..f1206cd 100644 --- a/README.md +++ b/README.md @@ -42,3 +42,10 @@ go build # generate and sign an end-entity key and cert, storing them in ./foo.com/ $ minica --domains foo.com ``` + +For compatibility with another (unaffiliated) tool of the same name, domains +can also be specified as final arguments: + +``` +minica foo.com +``` \ No newline at end of file diff --git a/main.go b/main.go index 9734969..4aeb1fb 100644 --- a/main.go +++ b/main.go @@ -313,15 +313,11 @@ will not overwrite existing keys or certificates. flag.PrintDefaults() } flag.Parse() - if *domains == "" && *ipAddresses == "" { + if flag.NArg() == 0 && *domains == "" && *ipAddresses == "" { flag.Usage() os.Exit(1) } - if len(flag.Args()) > 0 { - fmt.Printf("Extra arguments: %s (maybe there are spaces in your domain list?)\n", flag.Args()) - os.Exit(1) - } - domainSlice := split(*domains) + domainSlice := append(split(*domains), (flag.Args())...) domainRe := regexp.MustCompile("^[A-Za-z0-9.*-]+$") for _, d := range domainSlice { if !domainRe.MatchString(d) {