support import pem by index

Author: bakito

cmd/jks.go

@@ -14,9 +14,8 @@ import (
 )
 
 var (
-	jksPassword    string
-	jksSource      string
-	jksCertIndexes []int
+	jksPassword string
+	jksSource   string
 )
 
 // jksCmd represents the jks command
@@ -83,7 +82,7 @@ var jksCmd = &cobra.Command{
 		k, _ := os.Create(fileName)
 		defer k.Close()
 		keystore.Encode(k, ks, []byte(jksPassword))
-		fmt.Printf("java keystore file %s with %d certificates created.\n", fileName, cnt)
+		fmt.Printf("java keystore file %s with %d certificate(s) created.\n", fileName, cnt)
 		return nil
 	},
 }
@@ -92,25 +91,13 @@ func init() {
 	rootCmd.AddCommand(jksCmd)
 	jksCmd.PersistentFlags().StringVarP(&jksPassword, "password", "p", "changeit", "the password to be used for the java keystore")
 	jksCmd.PersistentFlags().StringVarP(&jksSource, "source", "s", "", "the source keystore to add the certs to")
-	jksCmd.PersistentFlags().IntSliceVarP(&jksCertIndexes, "add", "a", make([]int, 0), "import the certificates at the given indexes")
+
 }
 
 func alias(cert *x509.Certificate) string {
 	return fmt.Sprintf("%s (%s)", strings.ToLower(cert.Subject.CommonName), strings.ToLower(cert.Issuer.CommonName))
 }
 
-func isToExport(i int) bool {
-	if len(jksCertIndexes) == 0 {
-		return true
-	}
-	for _, a := range jksCertIndexes {
-		if a == i {
-			return true
-		}
-	}
-	return false
-}
-
 func alreadyContained(ks keystore.KeyStore, cert *x509.Certificate, index int) bool {
 	for a, e := range ks {
 		switch tce := e.(type) {

cmd/pem.go

@@ -24,7 +24,7 @@ var pemCmd = &cobra.Command{
 			return err
 		}
 
-		pem, err := certChainToPEM(certs)
+		pem, cnt, err := certChainToPEM(certs)
 
 		if err != nil {
 			return err
@@ -45,7 +45,7 @@ var pemCmd = &cobra.Command{
 
 		defer f.Close()
 		f.Write(pem)
-		fmt.Printf("pem file %s with %d certificates created.\n", fileName, len(certs))
+		fmt.Printf("pem file %s with %d certificate(s) created.\n", fileName, cnt)
 		return nil
 	},
 }
@@ -55,13 +55,19 @@ func init() {
 }
 
 // CertChainToPEM is a utility function returns a PEM encoded chain of x509 Certificates, in the order they are passed
-func certChainToPEM(certChain []*x509.Certificate) ([]byte, error) {
+func certChainToPEM(certChain []*x509.Certificate) ([]byte, int, error) {
 	var pemBytes bytes.Buffer
+	cnt := 0
 	for i, cert := range certChain {
-		fmt.Printf("Adding certificate #%d: %s\n", i, cert.Subject.CommonName)
-		if err := pem.Encode(&pemBytes, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}); err != nil {
-			return nil, err
+		if isToExport(i) {
+			fmt.Printf(" + Adding certificate #%d: %s\n", i, cert.Subject.CommonName)
+			if err := pem.Encode(&pemBytes, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}); err != nil {
+				return nil, 0, err
+			}
+			cnt++
+		} else {
+			fmt.Printf(" - Skipping certificate #%d: %s\n", i, cert.Subject.CommonName)
 		}
 	}
-	return pemBytes.Bytes(), nil
+	return pemBytes.Bytes(), cnt, nil
 }

cmd/root.go

@@ -22,8 +22,9 @@ NotAfter: %s
 )
 
 var (
-	targetURL  string
-	outputFile string
+	targetURL   string
+	outputFile  string
+	certIndexes []int
 )
 
 // rootCmd represents the base command when called without any subcommands
@@ -59,6 +60,7 @@ func init() {
 	rootCmd.PersistentFlags().StringVarP(&targetURL, "url", "u", "", "the URL to fetch the certificate from")
 	rootCmd.MarkPersistentFlagRequired("url")
 	rootCmd.PersistentFlags().StringVarP(&outputFile, "out-file", "o", "", "the output file")
+	rootCmd.PersistentFlags().IntSliceVarP(&certIndexes, "import-at", "i", make([]int, 0), "import the certificates at the given indexes")
 }
 
 func fetchCertificates() ([]*x509.Certificate, error) {
@@ -76,3 +78,15 @@ func fetchCertificates() ([]*x509.Certificate, error) {
 	}
 	return nil, fmt.Errorf("Could not find any certificates")
 }
+
+func isToExport(i int) bool {
+	if len(certIndexes) == 0 {
+		return true
+	}
+	for _, a := range certIndexes {
+		if a == i {
+			return true
+		}
+	}
+	return false
+}