mad rsa | mad ecc

include/api.hrl

@@ -1,5 +1,5 @@
 -define(MAD,[compile/1,app/1,get/1,man/1,dia/1,release/1,resolve/1,clean/1,
-             start/1,attach/1,stop/1,sh/1,deps/1,up/1,fetch/1,
+             start/1,attach/1,stop/1,sh/1,deps/1,up/1,fetch/1,rsa/1,ecc/1,
              static/1,eunit/1,strip/1]).
 
 -type return() :: [] | true | false | {ok,any()} | {error,any()}.
@@ -17,6 +17,8 @@
 -spec deps(list(string())) -> return().
 -spec up(list(string())) -> return().
 -spec man(list(string())) -> return().
+-spec rsa(list(string())) -> return().
+-spec ecc(list(string())) -> return().
 -spec dia(list(string())) -> return().
 -spec fetch(list(string())) -> return().
 -spec static(list(string())) -> return().

include/mad.hrl

@@ -1 +1 @@
--define(VERSION,"5.4-36-g72a8fcf").
+-define(VERSION,"5.4-37-g16b352f").

priv/ecc/synrc.cnf

@@ -1,115 +0,0 @@
-[ ca ]
-default_ca = CA_default
-
-[ CA_default ]
-dir               = DIRECTORY
-certs             = $dir/certs
-crl_dir           = $dir/crl
-new_certs_dir     = $dir/certs
-database          = $dir/index.txt
-serial            = $dir/serial
-RANDFILE          = $dir/certs/.rand
-private_key       = $dir/certs/caroot.key
-certificate       = $dir/certs/caroot.pem
-crlnumber         = $dir/crlnumber
-crl               = $dir/crl/ecdsaroot.crl
-crl_extensions    = crl_ext
-default_crl_days  = 3650
-default_md        = sha384
-name_opt          = ca_default
-cert_opt          = ca_default
-default_days      = 3650
-preserve          = no
-policy            = policy_strict
-
-[ policy_strict ]
-countryName             = match
-stateOrProvinceName     = match
-organizationName        = match
-organizationalUnitName  = optional
-commonName              = supplied
-
-[ policy_loose ]
-countryName             = optional
-stateOrProvinceName     = optional
-localityName            = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = supplied
-
-[ req ]
-default_bits        = 2048
-distinguished_name  = req_distinguished_name
-string_mask         = utf8only
-default_md          = sha384
-x509_extensions     = v3_ca
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-stateOrProvinceName             = State or Province Name
-localityName                    = Locality Name
-0.organizationName              = Organization Name
-organizationalUnitName          = Organizational Unit Name
-commonName                      = Common Name
-commonName_default              = CA
-countryName_default             = UA
-stateOrProvinceName_default     = Kyiv
-localityName_default            = Kyiv
-0.organizationName_default      = SYNRC
-organizationalUnitName_default  = HQ
-
-[ v3_ca ]
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true
-keyUsage = critical, digitalSignature, cRLSign, keyCertSign
-
-[ v3_intermediate_ca ]
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true, pathlen:0
-keyUsage = critical, digitalSignature, cRLSign, keyCertSign
-crlDistributionPoints = @crl_info
-authorityInfoAccess = @ocsp_info
-
-[ usr_cert ]
-basicConstraints = CA:FALSE
-nsCertType = client, email
-nsComment = "Synrc Client Certificate"
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
-keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = clientAuth, emailProtection
-subjectAltName = @alt_names
-
-[ server_cert ]
-basicConstraints = CA:FALSE
-nsCertType = server
-nsComment = "Synrc Server Certificate"
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-keyUsage = critical, digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth
-crlDistributionPoints = @crl_info
-authorityInfoAccess = @ocsp_info
-subjectAltName = @alt_names
-
-[alt_names]
-DNS.0 = localhost
-
-[ crl_ext ]
-authorityKeyIdentifier=keyid:always
-
-[ ocsp ]
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
-keyUsage = critical, digitalSignature
-extendedKeyUsage = critical, OCSPSigning
-
-[crl_info]
-URI.0 = http://crl.n2o.dev:8081/ecdsaroot.crl
-
-[ocsp_info]
-caIssuers;URI.0 = http://crl.n2o.dev:8081/ecdsaroot.crt
-OCSP;URI.0 = http://ocsp.n2o.dev:8081/

priv/rsa/synrc.cnf

@@ -1,115 +0,0 @@
-[ ca ]
-default_ca = CA_default
-
-[ CA_default ]
-dir               = DIRECTORY
-certs             = $dir/certs
-crl_dir           = $dir/crl
-new_certs_dir     = $dir/certs
-database          = $dir/index.txt
-serial            = $dir/serial
-RANDFILE          = $dir/certs/.rand
-private_key       = $dir/certs/caroot.key
-certificate       = $dir/certs/caroot.pem
-crlnumber         = $dir/crlnumber
-crl               = $dir/crl/rsaroot.crl
-crl_extensions    = crl_ext
-default_crl_days  = 3650
-default_md        = sha384
-name_opt          = ca_default
-cert_opt          = ca_default
-default_days      = 3650
-preserve          = no
-policy            = policy_strict
-
-[ policy_strict ]
-countryName             = match
-stateOrProvinceName     = match
-organizationName        = match
-organizationalUnitName  = optional
-commonName              = supplied
-
-[ policy_loose ]
-countryName             = optional
-stateOrProvinceName     = optional
-localityName            = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = supplied
-
-[ req ]
-default_bits        = 2048
-distinguished_name  = req_distinguished_name
-string_mask         = utf8only
-default_md          = sha384
-x509_extensions     = v3_ca
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-stateOrProvinceName             = State or Province Name
-localityName                    = Locality Name
-0.organizationName              = Organization Name
-organizationalUnitName          = Organizational Unit Name
-commonName                      = Common Name
-commonName_default              = CA
-countryName_default             = UA
-stateOrProvinceName_default     = Kyiv
-localityName_default            = Kyiv
-0.organizationName_default      = SYNRC
-organizationalUnitName_default  = HQ
-
-[ v3_ca ]
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true
-keyUsage = critical, digitalSignature, cRLSign, keyCertSign
-
-[ v3_intermediate_ca ]
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true, pathlen:0
-keyUsage = critical, digitalSignature, cRLSign, keyCertSign
-crlDistributionPoints = @crl_info
-authorityInfoAccess = @ocsp_info
-
-[ usr_cert ]
-basicConstraints = CA:FALSE
-nsCertType = client, email
-nsComment = "Synrc Client Certificate"
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
-keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = clientAuth, emailProtection
-subjectAltName = @alt_names
-
-[ server_cert ]
-basicConstraints = CA:FALSE
-nsCertType = server
-nsComment = "Synrc Server Certificate"
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-keyUsage = critical, digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth
-crlDistributionPoints = @crl_info
-authorityInfoAccess = @ocsp_info
-subjectAltName = @alt_names
-
-[alt_names]
-DNS.0 = localhost
-
-[ crl_ext ]
-authorityKeyIdentifier=keyid:always
-
-[ ocsp ]
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
-keyUsage = critical, digitalSignature
-extendedKeyUsage = critical, OCSPSigning
-
-[crl_info]
-URI.0 = http://crl.n2o.dev:8081/rsaroot.crl
-
-[ocsp_info]
-caIssuers;URI.0 = http://crl.n2o.dev:8081/rsaroot.crt
-OCSP;URI.0 = http://ocsp.n2o.dev:8081/

src/mad.erl

@@ -37,6 +37,8 @@ atomize("com"++_) -> 'compile';
 atomize("eunit")  -> 'eunit';
 atomize("up")     -> 'up';
 atomize("get")    -> 'get';
+atomize("rsa")    -> 'rsa';
+atomize("ecc")    -> 'ecc';
 atomize("rel"++_) -> 'release';
 atomize("bun"++_) -> 'release';
 atomize("sta"++_) -> 'start';
@@ -69,9 +71,14 @@ help(Reason,D)    -> help(io_lib:format("~s ~p", [Reason, D])).
 help(_Msg)        -> help().
 help()            -> info("MAD Manage Dependencies ~s~n",[?VERSION]),
                      info("~n"),
-                     info("    invoke = mad | mad list~n"),
-                     info("      list = []  | command [options] list ~n"),
-                     info("   command = app [nitro|zero] <name> | deps | clean | compile | strip~n"),
-                     info("           | bundle [beam|script] <name> | man <html|check|groff> | repl~n"),
-                     info("           | start | stop | attach | static <min> | get <repo> | up [name] ~n"),
+                     info("  spec = mad | mad list~n"),
+                     info("  list =  [] | cmd [opt] list ~n"),
+                     info("   cmd = app [nitro|zero] <name> | deps | clean | compile | strip~n"),
+                     info("       | bundle [beam|script] <name> | man <html|check|groff> | repl~n"),
+                     info("       | start | stop | attach | static <min> | get <repo> | up [name]~n"),
+                     info("       | <rsa|ecc> [ new | ca | client key <name> | client pfx <name>~n"),
+                     info("                   | client csr <subj> <name> | client cert <name>~n"),
+                     info("                   | client revoke <name> | verify <name> <address>~n"),
+                     info("                   | server key <name> | server csr <subj> <name>~n"),
+                     info("                   | server cert <name> ]~n"),
                      return(false).

src/mad_local.erl

@@ -14,6 +14,8 @@ clean(Params)     -> mad_run:clean(Params).
 start(Params)     -> mad_run:start(Params).
 attach(Params)    -> mad_run:attach(Params).
 stop(Params)      -> mad_run:stop(Params).
+rsa(Params)       -> mad_ca:rsa(Params).
+ecc(Params)       -> mad_ca:ecc(Params).
 get(Params)       -> mad_git:get_repo(Params).
 deps(Params)      -> mad_git:deps(Params).
 up(Params)        -> mad_git:up(Params).