diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..3dc5eb3 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,22 @@ +FROM debian:buster AS build + +RUN apt-get update -y && \ + apt-get install -y golang + +WORKDIR /build + +COPY . . + +RUN go build + +FROM debian:buster + +COPY --from=build /build/minica /usr/bin/minica + +RUN apt-get update -y && \ + apt-get install --no-install-recommends -y \ + curl ca-certificates openssl + +WORKDIR /test +COPY tests.sh . +RUN ./tests.sh \ No newline at end of file diff --git a/Dockerfile.paultag b/Dockerfile.paultag new file mode 100644 index 0000000..28e3135 --- /dev/null +++ b/Dockerfile.paultag @@ -0,0 +1,9 @@ +FROM debian:buster + +RUN apt-get update -y && \ + apt-get install --no-install-recommends -y \ + minica curl ca-certificates openssl + +WORKDIR /test +COPY tests.sh . +RUN ./tests.sh diff --git a/README.md b/README.md index 894995c..f1206cd 100644 --- a/README.md +++ b/README.md @@ -42,3 +42,10 @@ go build # generate and sign an end-entity key and cert, storing them in ./foo.com/ $ minica --domains foo.com ``` + +For compatibility with another (unaffiliated) tool of the same name, domains +can also be specified as final arguments: + +``` +minica foo.com +``` \ No newline at end of file diff --git a/main.go b/main.go index 9734969..4aeb1fb 100644 --- a/main.go +++ b/main.go @@ -313,15 +313,11 @@ will not overwrite existing keys or certificates. flag.PrintDefaults() } flag.Parse() - if *domains == "" && *ipAddresses == "" { + if flag.NArg() == 0 && *domains == "" && *ipAddresses == "" { flag.Usage() os.Exit(1) } - if len(flag.Args()) > 0 { - fmt.Printf("Extra arguments: %s (maybe there are spaces in your domain list?)\n", flag.Args()) - os.Exit(1) - } - domainSlice := split(*domains) + domainSlice := append(split(*domains), (flag.Args())...) domainRe := regexp.MustCompile("^[A-Za-z0-9.*-]+$") for _, d := range domainSlice { if !domainRe.MatchString(d) { diff --git a/tests.sh b/tests.sh new file mode 100755 index 0000000..b62a260 --- /dev/null +++ b/tests.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set -e +echo "world" > hello + +minica localhost + +set +e +# FIXME: jsha/minica puts the keypair in a directory, copy those out for compatibility +# so the same tests work against either version. +cp localhost/cert.pem localhost.crt +cp localhost/key.pem localhost.key +cp minica.pem cacert.crt +set -e + +openssl s_server -cert localhost.crt -key localhost.key -accept 8080 -WWW & +set +e + +curl https://localhost:8080/hello +if (( $? != 60 )); then + exit "Expected request to server with untrusted CA to fail." +fi + +set -e +cp cacert.crt /usr/share/ca-certificates/ +echo "cacert.crt" >> /etc/ca-certificates.conf +update-ca-certificates +set +e + +curl https://localhost:8080/hello +if (( $? != 0 )); then + exit "Expected request to server with trusted CA to succeed." +fi + +# FIXME: -ca-key-size and -key-size are paultag/minica-only right now, but could be ported. +# set -e +# minica -ca-key-size 4096 -key-size 4096 127.0.0.1 +# openssl s_server -cert 127.0.0.1.crt -key 127.0.0.1.key -accept 8081 -WWW & +# set +e + +# curl https://127.0.0.1:8081/hello +# if (( $? != 0 )); then +# exit "Expected request to server with trusted CA to succeed." +# fi \ No newline at end of file