chore: Clean up flags

Run bf <cmd> --help for detailed help text.
RealImage · Mar 4, 2024 · 9776486 · 9776486
1 parent 6808b44
commit 9776486
Show file tree

Hide file tree

Showing 8 changed files with 36 additions and 39 deletions.
diff --git a/certificate.go b/certificate.go
@@ -41,6 +41,16 @@ func ParseCertificate(asn1Data []byte) (*Certificate, error) {
 // It checks for the correct signature algorithm, identity namespace, and identity.
 // On success, it sets the ID, Namespace, and PublicKey fields.
 func NewCertificate(cert *x509.Certificate) (*Certificate, error) {
+	if !cert.BasicConstraintsValid {
+		return nil, fmt.Errorf("%w: basic constraints not valid", ErrCertificateInvalid)
+	}
+
+	if cert.IsCA {
+		if cert.KeyUsage&x509.KeyUsageCertSign == 0 {
+			return nil, fmt.Errorf("%w: certificate is a CA but cannot sign", ErrCertificateInvalid)
+		}
+	}
+
 	// Check for bifrost signature algorithm
 	if cert.SignatureAlgorithm != SignatureAlgorithm {
 		return nil, fmt.Errorf(

diff --git a/cmd/bf/ca.go b/cmd/bf/ca.go
@@ -28,7 +28,7 @@ var (
 				Name:        "host",
 				Usage:       "listen on `HOST`",
 				Aliases:     []string{"H"},
-				EnvVars:     envvarNames("HOST"),
+				EnvVars:     []string{"HOST"},
 				Value:       "localhost",
 				Destination: &caHost,
 				Action: func(_ *cli.Context, h string) error {
@@ -42,7 +42,7 @@ var (
 				Name:        "port",
 				Usage:       "listen on `PORT`",
 				Aliases:     []string{"p"},
-				EnvVars:     envvarNames("PORT"),
+				EnvVars:     []string{"PORT"},
 				Value:       8008,
 				Destination: &caPort,
 				Action: func(_ *cli.Context, p int) error {
@@ -56,13 +56,13 @@ var (
 				Name:        "web",
 				Usage:       "enable web interface",
 				Aliases:     []string{"w"},
-				EnvVars:     envvarNames("WEB"),
+				EnvVars:     []string{"WEB"},
 				Destination: &webEnabled,
 			},
 			&cli.PathFlag{
 				Name:        "web-static-path",
 				Usage:       "read web static files from `PATH`",
-				EnvVars:     envvarNames("WEB_STATIC_PATH"),
+				EnvVars:     []string{"WEB_STATIC_PATH"},
 				Destination: &webStaticPath,
 			},
 			&cli.BoolFlag{

diff --git a/cmd/bf/flags.go b/cmd/bf/flags.go
@@ -8,19 +8,14 @@ import (
 	"github.com/urfave/cli/v2"
 )
 
-func envvarNames(s string) []string {
-	return []string{s, "BF_" + s}
-}
-
 // Flags
 var (
 	namespace uuid.UUID
 	nsFlag    = &cli.StringFlag{
-		Name:     "namespace",
-		Usage:    "namespace `UUID`",
-		Required: true,
-		Aliases:  []string{"ns"},
-		EnvVars:  envvarNames("NS"),
+		Name:    "namespace",
+		Usage:   "namespace `UUID`",
+		Aliases: []string{"ns"},
+		EnvVars: []string{"NS", "NAMESPACE"},
 		Action: func(_ *cli.Context, ns string) (err error) {
 			namespace, err = uuid.Parse(ns)
 			return err
@@ -32,7 +27,7 @@ var (
 		Name:        "ca-certificate",
 		Usage:       "read CA certificate from `FILE`",
 		Aliases:     []string{"ca-cert"},
-		EnvVars:     envvarNames("CA_CERT"),
+		EnvVars:     []string{"CA_CERT", "CA_CRT", "CRT"},
 		TakesFile:   true,
 		Value:       "cert.pem",
 		Destination: &caCertUri,
@@ -43,7 +38,7 @@ var (
 		Name:        "ca-private-key",
 		Usage:       "read CA private key from `FILE`",
 		Aliases:     []string{"ca-key"},
-		EnvVars:     envvarNames("CA_PRIVKEY"),
+		EnvVars:     []string{"CA_PRIVKEY", "CA_KEY", "KEY"},
 		TakesFile:   true,
 		Value:       "key.pem",
 		Destination: &caPrivKeyUri,

diff --git a/cmd/bf/id.go b/cmd/bf/id.go
@@ -18,16 +18,7 @@ var (
 		Name:    "identity",
 		Aliases: []string{"id"},
 		Flags: []cli.Flag{
-			&cli.StringFlag{
-				Name:    "namespace",
-				Usage:   "Bifrost Namespace `UUID`",
-				Aliases: []string{"n", "ns"},
-				EnvVars: envvarNames("NS"),
-				Action: func(ctx *cli.Context, s string) (err error) {
-					bfns, err = uuid.Parse(s)
-					return
-				},
-			},
+			nsFlag,
 		},
 		Action: func(cliCtx *cli.Context) error {
 			ns, id, err := parseUUIDFromFile(bfns, cliCtx.Args().First())

diff --git a/cmd/bf/main.go b/cmd/bf/main.go
@@ -21,7 +21,7 @@ func main() {
 			&cli.StringFlag{
 				Name:    "log-level",
 				Aliases: []string{"l"},
-				EnvVars: envvarNames("LOG_LEVEL"),
+				EnvVars: []string{"LOG_LEVEL"},
 				Value:   slog.LevelInfo.String(),
 				Action: func(_ *cli.Context, l string) error {
 					logLevel := new(slog.LevelVar)

diff --git a/cmd/bf/new.go b/cmd/bf/new.go
@@ -96,12 +96,12 @@ var newCmd = &cli.Command{
 						CommonName:   key.UUID(namespace).String(),
 						Organization: []string{namespace.String()},
 					},
-					NotBefore:             notBefore,
-					NotAfter:              notAfter,
-					KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
-					ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-					IsCA:                  true,
-					BasicConstraintsValid: true,
+					NotBefore:      notBefore,
+					NotAfter:       notAfter,
+					KeyUsage:       x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+					ExtKeyUsage:    []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+					IsCA:           true,
+					MaxPathLenZero: true,
 				}
 
 				certDer, err := x509.CreateCertificate(

diff --git a/cmd/bf/proxy.go b/cmd/bf/proxy.go
@@ -46,7 +46,7 @@ var (
 				Name:        "host",
 				Usage:       "Listen on `HOST`",
 				Aliases:     []string{"H"},
-				EnvVars:     envvarNames("HOST"),
+				EnvVars:     []string{"HOST"},
 				Value:       "localhost",
 				Destination: &proxyHost,
 				Action: func(_ *cli.Context, h string) error {
@@ -60,7 +60,7 @@ var (
 				Name:        "port",
 				Usage:       "Listen on `PORT`",
 				Aliases:     []string{"p"},
-				EnvVars:     envvarNames("PORT"),
+				EnvVars:     []string{"PORT"},
 				Value:       8443,
 				Destination: &proxyPort,
 				Action: func(_ *cli.Context, p int) error {

diff --git a/tinyca/ca_test.go b/tinyca/ca_test.go
@@ -226,11 +226,12 @@ func TestCA_ServeHTTP(t *testing.T) {
 			CommonName:   id.String(),
 			Organization: []string{testns.String()},
 		},
-		NotBefore:             time.Now(),
-		NotAfter:              time.Now().Add(time.Hour * 24),
-		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		BasicConstraintsValid: true,
+		NotBefore:      time.Now(),
+		NotAfter:       time.Now().Add(time.Hour * 24),
+		KeyUsage:       x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:    []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		IsCA:           true,
+		MaxPathLenZero: true,
 	}
 
 	certDer, err := x509.CreateCertificate(