Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

testing/certutil/cmd: add passphrase protected key support #230

Merged
merged 1 commit into from
Sep 23, 2024
Merged

testing/certutil/cmd: add passphrase protected key support #230

merged 1 commit into from
Sep 23, 2024

Conversation

AndersonQ
Copy link
Member

What does this PR do?

Add support to generate certificates with passphrase protected keys. It adds the --pass CLI flag, when passed, it'll generate a passphrase protected key and also save the key to disk.

It also adds the --prefix CLI flag, which value will prefix the files saved to disk. If not passed, it defaults to the current timestamp

Why is it important?

  • It allows to use certutil for tests where the certificate key needs to be passphrase protected
  • the prefix facilitates to organise and move/copy/delete the files

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • ~~[ ] I have added tests that prove my fix is effective or that my feature works

How to test this PR:

  • generate certificates:
go run main.go --prefix server --pass server --ips 10.80.40.162,127.0.0.1

you should have

-rw------- 1 ainsoph ainsoph  288 Sep 20 18:25 server-ca_key.pem
-rw------- 1 ainsoph ainsoph  904 Sep 20 18:25 server-ca.pem
-rw------- 1 ainsoph ainsoph  399 Sep 20 18:25 server-localhost_enc-key.pem
-rw------- 1 ainsoph ainsoph  288 Sep 20 18:25 server-localhost_key.pem
-rw------- 1 ainsoph ainsoph    6 Sep 20 18:25 server-localhost-passphrase
-rw------- 1 ainsoph ainsoph  916 Sep 20 18:25 server-localhost.pem
  • validate the server sertificate
$openssl verify -verbose  --show_chain -CAfile ./server-ca.pem server-localhost.pem

server-localhost.pem: OK
Chain:
depth=0: L = anywhere in time and space, O = TARDIS, CN = Police Public Call Box (untrusted)
depth=1: C = Gallifrey, L = The Capitol, O = High Council of the Time Lords, OU = Time Lords, CN = High Council

Related issues

@AndersonQ AndersonQ added the Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team label Sep 20, 2024
@AndersonQ AndersonQ self-assigned this Sep 20, 2024
@AndersonQ AndersonQ requested a review from a team as a code owner September 20, 2024 16:31
@AndersonQ AndersonQ requested review from belimawr and khushijain21 and removed request for a team September 20, 2024 16:31
@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

cc @AndersonQ

@mauri870 mauri870 requested review from mauri870 and removed request for khushijain21 September 20, 2024 20:15
mauri870
mauri870 approved these changes Sep 23, 2024
View reviewed changes
Copy link
Member

@mauri870 mauri870 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, tested locally and was able to generate the keys and validate that it is password protected with openssl pkey -in server-localhost_enc-key.pem.

@AndersonQ AndersonQ merged commit 6c381fb into elastic:main Sep 23, 2024
3 of 6 checks passed
@AndersonQ AndersonQ changed the title testing/certutilcmd: add passphrase protected key support testing/certutil/cmd: add passphrase protected key support Sep 23, 2024
@AndersonQ AndersonQ mentioned this pull request Sep 23, 2024
Merged
8 tasks
@AndersonQ AndersonQ deleted the improve-certutil-cmd branch September 30, 2024 16:39
@ycombinator ycombinator mentioned this pull request Oct 3, 2024
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@mauri870 mauri870 mauri870 approved these changes

@belimawr belimawr Awaiting requested review from belimawr belimawr is a code owner automatically assigned from elastic/elastic-agent-data-plane

Assignees

@AndersonQ AndersonQ

Labels
Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AndersonQ @elasticmachine @mauri870