1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
|
package main
import (
"flag"
"fmt"
"html"
"log"
"net/http"
"os"
"reflect"
"regexp"
"strconv"
"time"
// Server profiler
//nolint:gosec // profile server, if enabled runs on a different port
_ "net/http/pprof"
"github.com/urfave/cli"
"github.com/smallstep/certificates/authority"
"github.com/smallstep/certificates/commands"
"go.step.sm/cli-utils/command"
"go.step.sm/cli-utils/command/version"
"go.step.sm/cli-utils/step"
"go.step.sm/cli-utils/ui"
"go.step.sm/cli-utils/usage"
"go.step.sm/crypto/pemutil"
// Enabled kms interfaces.
_ "go.step.sm/crypto/kms/awskms"
_ "go.step.sm/crypto/kms/azurekms"
_ "go.step.sm/crypto/kms/cloudkms"
_ "go.step.sm/crypto/kms/pkcs11"
_ "go.step.sm/crypto/kms/softkms"
_ "go.step.sm/crypto/kms/sshagentkms"
_ "go.step.sm/crypto/kms/tpmkms"
_ "go.step.sm/crypto/kms/yubikey"
// Enabled cas interfaces.
_ "github.com/smallstep/certificates/cas/cloudcas"
_ "github.com/smallstep/certificates/cas/softcas"
_ "github.com/smallstep/certificates/cas/stepcas"
_ "github.com/smallstep/certificates/cas/vaultcas"
)
// commit and buildTime are filled in during build by the Makefile
var (
BuildTime = "N/A"
Version = "N/A"
)
func init() {
step.Set("Smallstep CA", Version, BuildTime)
authority.GlobalVersion.Version = Version
// Add support for asking passwords
pemutil.PromptPassword = func(msg string) ([]byte, error) {
return ui.PromptPassword(msg)
}
}
func exit(code int) {
ui.Reset()
os.Exit(code)
}
// appHelpTemplate contains the modified template for the main app
var appHelpTemplate = `## NAME
**{{.HelpName}}** -- {{.Usage}}
## USAGE
{{if .UsageText}}{{.UsageText}}{{else}}**{{.HelpName}}**{{if .Commands}} <command>{{end}} {{if .ArgsUsage}}{{.ArgsUsage}}{{else}}_[arguments]_{{end}}{{end}}{{if .Description}}
## DESCRIPTION
{{.Description}}{{end}}{{if .VisibleCommands}}
## COMMANDS
{{range .VisibleCategories}}{{if .Name}}{{.Name}}:{{end}}
|||
|---|---|{{range .VisibleCommands}}
| **{{join .Names ", "}}** | {{.Usage}} |{{end}}
{{end}}{{if .VisibleFlags}}{{end}}
## OPTIONS
{{range $index, $option := .VisibleFlags}}{{if $index}}
{{end}}{{$option}}
{{end}}{{end}}{{if .Copyright}}{{if len .Authors}}
## AUTHOR{{with $length := len .Authors}}{{if ne 1 $length}}S{{end}}{{end}}:
{{range $index, $author := .Authors}}{{if $index}}
{{end}}{{$author}}{{end}}{{end}}{{if .Version}}{{if not .HideVersion}}
## ONLINE
This documentation is available online at https://smallstep.com/docs/certificates
## VERSION
{{.Version}}{{end}}{{end}}
## COPYRIGHT
{{.Copyright}}
## FEEDBACK ` +
html.UnescapeString("&#"+strconv.Itoa(128525)+";") + " " +
html.UnescapeString("&#"+strconv.Itoa(127867)+";") +
`
The **step-ca** utility is not instrumented for usage statistics. It does not phone home.
But your feedback is extremely valuable. Any information you can provide regarding how you’re using **step-ca** helps.
Please send us a sentence or two, good or bad: **feedback@smallstep.com** or https://github.com/smallstep/certificates/discussions.
{{end}}
`
func main() {
// initialize step environment.
if err := step.Init(); err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
// Initialize windows terminal
ui.Init()
// Override global framework components
cli.VersionPrinter = func(c *cli.Context) {
version.Command(c)
}
cli.AppHelpTemplate = appHelpTemplate
cli.SubcommandHelpTemplate = usage.SubcommandHelpTemplate
cli.CommandHelpTemplate = usage.CommandHelpTemplate
cli.HelpPrinter = usage.HelpPrinter
cli.FlagNamePrefixer = usage.FlagNamePrefixer
cli.FlagStringer = stringifyFlag
// Configure cli app
app := cli.NewApp()
app.Name = "step-ca"
app.HelpName = "step-ca"
app.Version = step.Version()
app.Usage = "an online certificate authority for secure automated certificate management"
app.UsageText = `**step-ca** [config] [**--context**=<name>] [**--password-file**=<file>]
[**--ssh-host-password-file**=<file>] [**--ssh-user-password-file**=<file>]
[**--issuer-password-file**=<file>] [**--resolver**=<addr>] [**--help**] [**--version**]`
app.Description = `**step-ca** runs the Step Online Certificate Authority
(Step CA) using the given configuration.
See the README.md for more detailed configuration documentation.
## POSITIONAL ARGUMENTS
<config>
: File that configures the operation of the Step CA; this file is generated
when you initialize the Step CA using 'step ca init'
## EXIT CODES
This command will run indefinitely on success and return \>0 if any error occurs.
## EXAMPLES
These examples assume that you have already initialized your PKI by running
'step ca init'. If you have not completed this step please see the 'Getting Started'
section of the README.
Run the Step CA and prompt for password:
'''
$ step-ca $STEPPATH/config/ca.json
'''
Run the Step CA and read the password from a file - this is useful for
automating deployment:
'''
$ step-ca $STEPPATH/config/ca.json --password-file ./password.txt
'''
Run the Step CA for the context selected with step and a custom password file:
'''
$ step context select ssh
$ step-ca --password-file ./password.txt
'''
Run the Step CA for the context named _mybiz_ and prompt for password:
'''
$ step-ca --context=mybiz
'''
Run the Step CA for the context named _mybiz_ and an alternate ca.json file:
'''
$ step-ca --context=mybiz other-ca.json
'''
Run the Step CA for the context named _mybiz_ and read the password from a file - this is useful for
automating deployment:
'''
$ step-ca --context=mybiz --password-file ./password.txt
'''
`
app.Flags = append(app.Flags, commands.AppCommand.Flags...)
app.Flags = append(app.Flags, cli.HelpFlag)
app.Copyright = fmt.Sprintf("(c) 2018-%d Smallstep Labs, Inc.", time.Now().Year())
// All non-successful output should be written to stderr
app.Writer = os.Stdout
app.ErrWriter = os.Stderr
app.Commands = command.Retrieve()
// Start the golang debug logger if environment variable is set.
// See https://golang.org/pkg/net/http/pprof/
debugProfAddr := os.Getenv("STEP_PROF_ADDR")
if debugProfAddr != "" {
go func() {
srv := http.Server{
Addr: debugProfAddr,
ReadHeaderTimeout: 15 * time.Second,
}
log.Println(srv.ListenAndServe())
}()
}
app.Action = func(_ *cli.Context) error {
// Hack to be able to run a the top action as a subcommand
set := flag.NewFlagSet(app.Name, flag.ContinueOnError)
set.Parse(os.Args)
ctx := cli.NewContext(app, set, nil)
return commands.AppCommand.Run(ctx)
}
if err := app.Run(os.Args); err != nil {
if os.Getenv("STEPDEBUG") == "1" {
fmt.Fprintf(os.Stderr, "%+v\n", err)
} else {
fmt.Fprintln(os.Stderr, err)
}
exit(1)
}
exit(0)
}
func flagValue(f cli.Flag) reflect.Value {
fv := reflect.ValueOf(f)
for fv.Kind() == reflect.Ptr {
fv = reflect.Indirect(fv)
}
return fv
}
var placeholderString = regexp.MustCompile(`<.*?>`)
func stringifyFlag(f cli.Flag) string {
fv := flagValue(f)
usg := fv.FieldByName("Usage").String()
placeholder := placeholderString.FindString(usg)
if placeholder == "" {
switch f.(type) {
case cli.BoolFlag, cli.BoolTFlag:
default:
placeholder = "<value>"
}
}
return cli.FlagNamePrefixer(fv.FieldByName("Name").String(), placeholder) + "\t" + usg
}
|
