Initial commit with license and copywrite in place.

.gitignore

@@ -0,0 +1,4 @@
+/build/
+ssltool
+*.crt
+*_gen.sh

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) [2023] [Dex Wood]
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,23 @@
+all: build strip
+build: ssltool_linux_amd64 ssltool_linux_arm64 ssltool_linux_arm ssltool_mac_amd64 ssltool_mac_arm64 ssltool_mac_amd64
+ssltool_linux_amd64:
+	CGO_ENABLED=0 go build -o build/ssltool_linux_amd64
+ssltool_windows_amd64.exe:
+	CGO_ENABLED=0 GOOS=windows go build -o build/ssltool_win_amd64.exe
+ssltool_mac_amd64:
+	CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o build/ssltool_mac_amd64
+ssltool_mac_arm64:
+	CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o build/ssltool_mac_arm64
+ssltool_linux_arm:
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -o build/ssltool_linux_arm
+ssltool_linux_arm64:
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o build/ssltool_linux_arm64
+
+strip:
+	find build -name "*" -exec strip {} \;
+
+zip:
+	cd build
+	zip -r build/ssltool.zip build/*
+
+prod: build strip zip

VERSION

@@ -0,0 +1 @@
+0.0.1

build.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+NAME="ssltool"
+VERSION=`cat VERSION`
+CGO_ENABLED=0 go build -o build/${NAME}_linux_amd64_${VERSION}
+CGO_ENABLED=0 GOOS=windows go build -o build/${NAME}_win_amd64_${VERSION}.exe
+CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o build/${NAME}_mac_amd64_${VERSION}
+CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o build/${NAME}_mac_arm64_${VERSION}
+CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -o build/${NAME}_linux_arm_${VERSION}
+CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o build/${NAME}_linux_arm64_${VERSION}
+
+#find build -name "*" -exec strip {} \;

cmd/details.go

@@ -0,0 +1,62 @@
+/*
+Copyright © 2023 Dex Wood
+*/
+package cmd
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"ssltool/pkg/details"
+
+	"github.com/spf13/cobra"
+)
+
+// detailsCmd represents the details command
+var detailsCmd = &cobra.Command{
+	Use:   "details",
+	Short: "Retrieve certificates details.",
+	Long:  `Retrieve details about certificates returned from a host.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		retrieveDetails, err := details.RetrieveCertDetails(fmt.Sprintf("%s:%d", hostname, port), insecure)
+		if err != nil {
+			fmt.Println(err.Error())
+			os.Exit(1)
+		}
+		for _, certDetails := range retrieveDetails {
+			fmt.Printf("Issuer: %s\n  Expiration Date: %v\n", certDetails.Issuer, certDetails.NotAfter.Format("2006-01-02"))
+			if len(certDetails.DNSNames) > 0 {
+				fmt.Println("  DNS Names:")
+				for _, name := range certDetails.DNSNames {
+					fmt.Printf("  - %s\n", name)
+				}
+			}
+			if cert {
+				details.DisplayPemCertificate(certDetails)
+			}
+			fmt.Println()
+		}
+	},
+}
+
+var hostname = ""
+var port = 443
+
+var insecure = false
+
+var cert = false
+var detailsExample = `ssltool details --host www.example.com
+ssltool details --host www.example.com --cert`
+
+func init() {
+	rootCmd.AddCommand(detailsCmd)
+	detailsCmd.Example = detailsExample
+	detailsCmd.Flags().StringVar(&hostname, "host", "", "hostname to check certificate.")
+	detailsCmd.Flags().IntVar(&port, "port", 443, "port")
+	detailsCmd.Flags().BoolVarP(&insecure, "insecure", "i", false, "Don't verify certificates.")
+	detailsCmd.Flags().BoolVarP(&cert, "cert", "c", false, "Print certificate in pem format.")
+	err := detailsCmd.MarkFlagRequired("host")
+	if err != nil {
+		log.Fatalln("Couldn't require the hostname argument.")
+	}
+}

cmd/gen.go

@@ -0,0 +1,151 @@
+/*
+Copyright © 2023 Dex Wood
+*/
+package cmd
+
+import (
+	"bufio"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509/pkix"
+	"fmt"
+	"github.com/spf13/cobra"
+	"golang.org/x/crypto/ssh/terminal"
+	"io/fs"
+	"log"
+	"os"
+	"ssltool/pkg/gen"
+	"strings"
+	"syscall"
+)
+
+var encryptKey = false
+
+// genCmd represents the gen command
+var genCmd = &cobra.Command{
+	Use:   "gen",
+	Short: "Used to generate a certificate request.",
+	Long: `You can set the required parameters with the following environmental variables
+or you can enter them interactively: COUNTRY, ORG, OU, LOCALITY, and PROVINCE.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		scanner := bufio.NewScanner(os.Stdin)
+		country, exists := os.LookupEnv("COUNTRY")
+		if !exists {
+			country = input(scanner, "COUNTRY: ")
+		}
+		org, exists := os.LookupEnv("ORG")
+		if !exists {
+			org = input(scanner, "ORG: ")
+		}
+		ou, exists := os.LookupEnv("OU")
+		if !exists {
+			ou = input(scanner, "OU: ")
+		}
+		locality, exists := os.LookupEnv("LOCALITY")
+		if !exists {
+			locality = input(scanner, "LOCALITY: ")
+		}
+		province, exists := os.LookupEnv("PROVINCE")
+		if !exists {
+			province = input(scanner, "PROVINCE: ")
+		}
+
+		if len(commonName) == 0 {
+			fmt.Println("The common name must not be blank.")
+			os.Exit(1)
+		}
+		encryptKeyPass := ""
+		if encryptKey {
+			fmt.Print("Password: ")
+			password, err := terminal.ReadPassword(int(syscall.Stdin))
+			if err != nil {
+				fmt.Println("Couldn't get password.")
+				os.Exit(1)
+			}
+			encryptKeyPass = string(password)
+		}
+
+		subj := getSubject(country, org, ou, locality, province, commonName)
+		var csrOutput gen.CsrOutputInfo
+		key, err := rsa.GenerateKey(rand.Reader, 2048)
+		if err != nil {
+			fmt.Println("Couldn't generate private key")
+			os.Exit(1)
+		}
+		csrInfo := gen.CsrInputInfo{
+			CommonName: commonName,
+			Sans:       trimStrings(sans),
+			Name:       subj,
+			PrivKey:    key,
+		}
+
+		csrOutput, err = gen.NewCsrSecure(csrInfo, encryptKey, encryptKeyPass)
+		if err != nil {
+			fmt.Println("Couldn't generate CSR")
+			os.Exit(1)
+		}
+		if csrOut == "-" {
+			fmt.Printf("%s\n", csrOutput.CsrPem)
+		} else {
+			err := os.WriteFile(csrOut, []byte(csrOutput.CsrPem), fs.FileMode(0600))
+			if err != nil {
+				log.Fatalln("Couldn't write out csr file.")
+			}
+		}
+
+		if keyOut == "-" {
+			fmt.Printf("%s\n", csrOutput.PrivateKeyPem)
+		} else {
+			err := os.WriteFile(keyOut, []byte(csrOutput.PrivateKeyPem), fs.FileMode(0600))
+			if err != nil {
+				log.Fatalln("Couldn't write out key file.")
+			}
+		}
+	},
+}
+
+func trimStrings(s []string) []string {
+	for i := range s {
+		s[i] = strings.Trim(s[i], " ")
+	}
+	return s
+}
+func input(scanner *bufio.Scanner, prompt string) string {
+	fmt.Print(prompt)
+	if scanner.Scan() {
+		return scanner.Text()
+	}
+	return ""
+}
+
+func getSubject(country, org, ou, locality, province, commonName string) pkix.Name {
+	return pkix.Name{
+		Country:            []string{country},
+		Organization:       []string{org},
+		OrganizationalUnit: []string{ou},
+		Locality:           []string{locality},
+		Province:           []string{province},
+		CommonName:         commonName,
+	}
+}
+
+var (
+	commonName = ""
+	sans       = make([]string, 0)
+	keyOut     = ""
+	csrOut     = ""
+)
+
+func init() {
+	rootCmd.AddCommand(genCmd)
+	genCmd.Example = "LOCALITY=\"Bowling Green\" PROVINCE=\"Kentucky\" COUNTRY=\"US\" ORG=\"Example ORG\" OU=\"Example OU\" ./ssltool gen -c www.example.com"
+	genCmd.Flags().StringVarP(&commonName, "cn", "c", "", "Common name")
+	genCmd.Flags().StringSliceVarP(&sans, "sans", "s", []string{}, "Sans list. In the form www.example.com,www-prod01.example.edu")
+	genCmd.Flags().StringVarP(&csrOut, "csrout", "", "-", "Csr out filename. - for stdout")
+	genCmd.Flags().StringVarP(&keyOut, "keyout", "", "-", "Key out filename. - for stdout")
+	genCmd.Flags().BoolVarP(&encryptKey, "encryptkey", "e", false, "Encrypt private key")
+	err := genCmd.MarkFlagRequired("cn")
+	if err != nil {
+		log.Fatalln("Couldn't mark cn as required.")
+	}
+}

cmd/root.go

@@ -0,0 +1,36 @@
+/*
+Copyright © 2023 Dex Wood
+*/
+package cmd
+
+import (
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+// rootCmd represents the base command when called without any subcommands
+var rootCmd = &cobra.Command{
+	Use:   "ssltool",
+	Short: "Various SSL utilities",
+	Long:  `Various SSL utilities - Dex Wood`,
+	// Uncomment the following line if your bare application
+	// has an action associated with it:
+	// Run: func(cmd *cobra.Command, args []string) { },
+}
+
+// Execute adds all child commands to the root command and sets flags appropriately.
+// This is called by main.main(). It only needs to happen once to the rootCmd.
+func Execute() {
+	err := rootCmd.Execute()
+	if err != nil {
+		os.Exit(1)
+	}
+}
+
+var rootExamples = `ssltool details --host www.example.com
+ssltool details --host www.example.com --cert`
+
+func init() {
+	rootCmd.Example = rootExamples
+}

go.mod

@@ -0,0 +1,15 @@
+module ssltool
+
+go 1.19
+
+require (
+	github.com/spf13/cobra v1.7.0
+	golang.org/x/crypto v0.10.0
+)
+
+require (
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/sys v0.9.0 // indirect
+	golang.org/x/term v0.9.0 // indirect
+)

go.sum

@@ -0,0 +1,16 @@
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
+github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
+golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
+golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28=
+golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=