kurrent-io
diff --git a/Diff for: ‎.github/workflows/ci.yml
+45 b/Diff for: ‎.github/workflows/ci.yml
+45
diff --git a/Diff for: ‎.gitignore
+28 b/Diff for: ‎.gitignore
+28
diff --git a/Diff for: ‎.goreleaser.yml
+33 b/Diff for: ‎.goreleaser.yml
+33
diff --git a/Diff for: ‎LICENSE
+28 b/Diff for: ‎LICENSE
+28
diff --git a/Diff for: ‎README.md
+46 b/Diff for: ‎README.md
+46
diff --git a/Diff for: ‎certificates/certificates.go
+60 b/Diff for: ‎certificates/certificates.go
+60
diff --git a/Diff for: ‎certificates/common.go
+27 b/Diff for: ‎certificates/common.go
+27
@@ -0,0 +1,45 @@
+name: Build
+
+on:
+  pull_request:
+  push:
+    branches:
+    - master
+    tags:
+    - "*"
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.14
+    - name: Calculate Version
+      shell: bash
+      run: |
+        cd /tmp
+        go get github.com/mdomke/git-semver
+        cd -
+        version=$(~/go/bin/git-semver)
+        echo "::set-env name=VERSION::${version}"
+    - name: Build and Publish
+      uses: goreleaser/goreleaser-action@v2
+      if: ${{ startsWith(github.ref, 'refs/tags/') }}
+      with:
+        version: latest
+        args: release --rm-dist
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - name: Build and Publish (Dry Run)
+      uses: goreleaser/goreleaser-action@v2
+      if: ${{ !startsWith(github.ref, 'refs/tags/') }}
+      with:
+        version: latest
+        args: release --skip-publish --rm-dist --snapshot
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,28 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
+
+.idea/
+binaries/
+ca/
@@ -0,0 +1,33 @@
+before:
+  hooks:
+    - go mod download
+    - go generate ./...
+dist: binaries
+builds:
+  - goos:
+    - darwin
+    - linux
+    - windows
+    ldflags:
+    - -s -w -X "main.version={{.Env.VERSION}}"
+archives:
+  -
+    id: "es-gencert-cli"
+    builds: ['es-gencert-cli']
+    format: tar.gz
+    format_overrides:
+      - goos: windows
+        format: zip
+    name_template: "{{.ProjectName}}_{{.Version}}_{{.Os}}-{{.Arch}}"
+    replacements:
+      darwin: Darwin
+      linux: Linux
+      windows: Windows
+      386: i386
+      amd64: x86_64
+changelog:
+  sort: asc
+  filters:
+    exclude:
+    - '^docs:'
+    - '^test:'
@@ -0,0 +1,28 @@
+Event Store Certificate Generation CLI License
+
+Copyright (c) 2020, Event Store Ltd. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice, this
+list of conditions and the following disclaimer in the documentation and/or
+other materials provided with the distribution.
+
+Neither the name of Event Store LLP nor the names of its contributors may be
+used to endorse or promote products derived from this software without specific
+prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
@@ -0,0 +1,46 @@
+# Event Store Certificate Generation CLI
+
+The command line interface to ease the generation of a certificate authority and node certificates for Event Store Db 20.6.x and above.
+
+## Getting Started
+
+### Releases
+The latest release for the ESGenCert CLI can be found under the [github releases page](https://github.com/EventStore/es-gencert-cli/releases).
+We releases binaries for Windows/ Linux and MacOS.
+
+### Usage
+
+Basic usage for es-gencert-cli:
+```
+./es-gencert-cli [options] <command> [args]
+```
+
+Getting help for a specific command
+```
+./es-gencert-cli -help <command>
+```
+e.g.
+```
+./es-gencert-cli -help create-ca
+
+Usage: create_ca [options]
+  Generate a root/CA TLS certificate to be used with EventStoreDB
+Options:
+  -days                       The validity period of the certificate in days (default: 5 years)
+  -out                        The output directory (default: ./ca)
+```
+
+### Examples
+Generating a certificate authority
+```
+.\es-gencert-cli create-ca -out .\es-ca
+```
+
+Generating a certificate for an Event Store Db node
+```
+.\es-gencert-cli-cli.exe create-node -ca-certificate .\es-ca\ca.crt -ca-key .\es-ca\ca.key -out .\node1 -ip-addresses 127.0.0.1,172.20.240.1 -dns-names eventstore-node1.localhost.com
+```
+
+## Development
+
+Building or working on `es-gencert-cli` requires a Go environment, version 1.14 or higher.
@@ -0,0 +1,60 @@
+package certificates
+
+import (
+	"log"
+	"os"
+	"strings"
+
+	"github.com/mitchellh/cli"
+)
+
+type Certificates struct {
+	Ui cli.Ui
+}
+
+func (command *Certificates) Run(args []string) int {
+	ui := &cli.BasicUi{
+		Reader:      os.Stdin,
+		Writer:      os.Stdout,
+		ErrorWriter: os.Stderr,
+	}
+	c := cli.NewCLI("Event Store CLI certificates", "")
+	c.Args = args
+	c.Commands = map[string]cli.CommandFactory{
+		"create-ca": func() (cli.Command, error) {
+			return &CreateCA{
+				Ui: &cli.ColoredUi{
+					Ui:          ui,
+					OutputColor: cli.UiColorBlue,
+				},
+			}, nil
+		},
+		"create-node": func() (cli.Command, error) {
+			return &CreateNode{
+				Ui: &cli.ColoredUi{
+					Ui:          ui,
+					OutputColor: cli.UiColorBlue,
+				},
+			}, nil
+		},
+	}
+	exitStatus, err := c.Run()
+	if err != nil {
+		log.Println(err)
+	}
+	return exitStatus
+}
+
+func (c *Certificates) Help() string {
+	helpText := `
+usage: certificates [--help] <command> [<args>]
+
+Available commands:
+`
+	helpText += c.Synopsis()
+	return strings.TrimSpace(helpText)
+}
+
+func (c *Certificates) Synopsis() string {
+	return "certificates (create_ca, create_node)"
+}
@@ -0,0 +1,27 @@
+package certificates
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"math/big"
+)
+
+const defaultKeySize = 2048
+
+func generateSerialNumber(bits uint) (*big.Int, error) {
+	maxValue := new(big.Int).Lsh(big.NewInt(1), bits)
+	randValue, err := rand.Int(rand.Reader, maxValue)
+	if err != nil {
+		return nil, err
+	}
+	return randValue, nil
+}
+
+func generateKeyIDFromRSAPublicKey(N *big.Int, e int) []byte {
+	//according to RFC 3280, the Subject key ID must be derived from the public key
+	x := new(big.Int).Lsh(N, 32)
+	x.Add(x, big.NewInt(int64(e)))
+	h := sha256.New()
+	h.Write(x.Bytes())
+	return h.Sum(nil)
+}