[ca] add private server certificate generation support

capcom6 · capcom6 · commit dd6f075da0ad · 2025-03-11T13:59:30.000+07:00
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/android-sms-gateway/cli
 go 1.23.2
 
 require (
-	github.com/android-sms-gateway/client-go v1.5.5-0.20250309004612-ebfc247ebb13
+	github.com/android-sms-gateway/client-go v1.5.5
 	github.com/capcom6/go-helpers v0.0.0-20240521035631-865ee2879fa3
 	github.com/joho/godotenv v1.5.1
 	github.com/urfave/cli/v2 v2.27.5
diff --git a/go.sum b/go.sum
@@ -1,11 +1,7 @@
-github.com/android-sms-gateway/client-go v1.4.1-0.20250131044630-1de6b5ecb49f h1:7qhIHF6Kytfa1ln0ww46nJIFwxzHkINK7atkE8cLSJM=
-github.com/android-sms-gateway/client-go v1.4.1-0.20250131044630-1de6b5ecb49f/go.mod h1:DQsReciU1xcaVW3T5Z2bqslNdsAwCFCtghawmA6g6L4=
-github.com/android-sms-gateway/client-go v1.5.0 h1:CDREtWU2Z85dW7JcsW3a+vKZkj9g2Buq8vlrnEdGaoE=
-github.com/android-sms-gateway/client-go v1.5.0/go.mod h1:DQsReciU1xcaVW3T5Z2bqslNdsAwCFCtghawmA6g6L4=
-github.com/android-sms-gateway/client-go v1.5.5-0.20250307091924-1076d115eb88 h1:LmcJ8zpxKTHtwBLkQcmn1pEIgPEDCH5bY9ukYQAf+1c=
-github.com/android-sms-gateway/client-go v1.5.5-0.20250307091924-1076d115eb88/go.mod h1:DQsReciU1xcaVW3T5Z2bqslNdsAwCFCtghawmA6g6L4=
 github.com/android-sms-gateway/client-go v1.5.5-0.20250309004612-ebfc247ebb13 h1:OSPmpOeLtU10zULCNuSJ6ouuwlKZlBaxYEs5vxknPWI=
 github.com/android-sms-gateway/client-go v1.5.5-0.20250309004612-ebfc247ebb13/go.mod h1:DQsReciU1xcaVW3T5Z2bqslNdsAwCFCtghawmA6g6L4=
+github.com/android-sms-gateway/client-go v1.5.5 h1:38ykCT1g+w3dW7ZNDeX1qyfZuvXI5h19MP/WFg4Rodw=
+github.com/android-sms-gateway/client-go v1.5.5/go.mod h1:DQsReciU1xcaVW3T5Z2bqslNdsAwCFCtghawmA6g6L4=
 github.com/capcom6/go-helpers v0.0.0-20240521035631-865ee2879fa3 h1:mq9rmBMCCzqGnZtbQqFSd+Ua3fahqUOYaTf26YFhWJc=
 github.com/capcom6/go-helpers v0.0.0-20240521035631-865ee2879fa3/go.mod h1:WDqc7HZNqHxUTisArkYIBZtqUfJBVyPWeQI+FMwEzAw=
 github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
diff --git a/internal/commands/ca/ca.go b/internal/commands/ca/ca.go
@@ -6,4 +6,5 @@ import (
 
 var Commands = []*cli.Command{
 	webhooks,
+	private,
 }
diff --git a/internal/commands/ca/common/command.go b/internal/commands/ca/common/command.go
@@ -0,0 +1,63 @@
+package common
+
+import (
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"net"
+	"net/netip"
+
+	"github.com/android-sms-gateway/cli/internal/core/codes"
+	"github.com/android-sms-gateway/client-go/ca"
+	"github.com/urfave/cli/v2"
+)
+
+// NewIPCertificateCommand creates a new CLI command for generating an IP certificate
+// of the specified type
+func NewIPCertificateCommand(name, usage string, aliases []string, typ ca.CSRType) *cli.Command {
+	return &cli.Command{
+		Name:      name,
+		Aliases:   aliases,
+		Usage:     usage,
+		Args:      true,
+		ArgsUsage: "Server IP address",
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:     "out",
+				Usage:    "Certificate output file",
+				Required: false,
+				Value:    "server.crt",
+			},
+			&cli.StringFlag{
+				Name:     "keyout",
+				Usage:    "Private key output file",
+				Required: false,
+				Value:    "server.key",
+			},
+		},
+		Action: func(c *cli.Context) error {
+			ip := c.Args().Get(0)
+			if ip == "" {
+				return cli.Exit("IP address is empty", codes.ParamsError)
+			}
+
+			netipAddr, err := netip.ParseAddr(ip)
+			if err != nil {
+				return cli.Exit(err.Error(), codes.ParamsError)
+			}
+
+			if !netipAddr.IsPrivate() {
+				return cli.Exit("IP address is not private", codes.ParamsError)
+			}
+
+			csrTemplate := x509.CertificateRequest{
+				Subject: pkix.Name{
+					CommonName: netipAddr.String(),
+				},
+				IPAddresses: []net.IP{netipAddr.AsSlice()},
+			}
+
+			return requestCertificate(c, typ, csrTemplate)
+		},
+	}
+
+}
diff --git a/internal/commands/ca/common/utils.go b/internal/commands/ca/common/utils.go
@@ -1,4 +1,4 @@
-package ca
+package common
 
 import (
 	"crypto/ecdsa"
@@ -41,7 +41,7 @@ func newServerCertificateRequestPEM(template x509.CertificateRequest, priv *ecds
 	return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE REQUEST", Bytes: csrBytes}), nil
 }
 
-func requestCertificate(c *cli.Context, template x509.CertificateRequest) error {
+func requestCertificate(c *cli.Context, typ ca.CSRType, template x509.CertificateRequest) error {
 	log.Println("Generating private key...")
 	priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
@@ -68,6 +68,7 @@ func requestCertificate(c *cli.Context, template x509.CertificateRequest) error
 	client := metadata.GetCAClient(c.App.Metadata)
 
 	resp, err := client.PostCSR(c.Context, ca.PostCSRRequest{
+		Type:    typ,
 		Content: string(csrPemBytes),
 	})
 	if err != nil {
diff --git a/internal/commands/ca/private.go b/internal/commands/ca/private.go
@@ -0,0 +1,13 @@
+package ca
+
+import (
+	"github.com/android-sms-gateway/cli/internal/commands/ca/common"
+	"github.com/android-sms-gateway/client-go/ca"
+)
+
+var private = common.NewIPCertificateCommand(
+	"private",
+	"Issue a new certificate for Private server",
+	[]string{"p"},
+	ca.CSRTypePrivateServer,
+)
diff --git a/internal/commands/ca/webhooks.go b/internal/commands/ca/webhooks.go
@@ -1,57 +1,13 @@
 package ca
 
 import (
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"net"
-	"net/netip"
-
-	"github.com/android-sms-gateway/cli/internal/core/codes"
-	"github.com/urfave/cli/v2"
+	"github.com/android-sms-gateway/cli/internal/commands/ca/common"
+	"github.com/android-sms-gateway/client-go/ca"
 )
 
-var webhooks = &cli.Command{
-	Name:      "webhooks",
-	Aliases:   []string{"wh"},
-	Usage:     "Issue a new certificate for receiving webhooks to local IP address",
-	Args:      true,
-	ArgsUsage: "IP address",
-	Flags: []cli.Flag{
-		&cli.StringFlag{
-			Name:     "out",
-			Usage:    "Certificate output file",
-			Required: false,
-			Value:    "server.crt",
-		},
-		&cli.StringFlag{
-			Name:     "keyout",
-			Usage:    "Private key output file",
-			Required: false,
-			Value:    "server.key",
-		},
-	},
-	Action: func(c *cli.Context) error {
-		ip := c.Args().Get(0)
-		if ip == "" {
-			return cli.Exit("IP address is empty", codes.ParamsError)
-		}
-
-		netipAddr, err := netip.ParseAddr(ip)
-		if err != nil {
-			return cli.Exit(err.Error(), codes.ParamsError)
-		}
-
-		if !netipAddr.IsPrivate() {
-			return cli.Exit("IP address is not private", codes.ParamsError)
-		}
-
-		csrTemplate := x509.CertificateRequest{
-			Subject: pkix.Name{
-				CommonName: netipAddr.String(),
-			},
-			IPAddresses: []net.IP{netipAddr.AsSlice()},
-		}
-
-		return requestCertificate(c, csrTemplate)
-	},
-}
+var webhooks = common.NewIPCertificateCommand(
+	"webhooks",
+	"Issue a new certificate for receiving webhooks to local IP address",
+	[]string{"wh"},
+	ca.CSRTypeWebhook,
+)

Original file line number	Diff line number	Diff line change
`@@ -6,4 +6,5 @@ import (`
`6`	`6`
`7`	`7`	`var Commands = []*cli.Command{`
`8`	`8`	`webhooks,`
	`9`	`+ private,`
`9`	`10`	`}`