func main()

in testing/certutil/cmd/main.go [40:136]

• 86 lines of code
• 16 McCabe index (conditional complexity)

func main() {
	var caPath, caKeyPath, dest, name, names, ipList, prefix, pass string
	var client, rsaflag, noip bool
	flag.StringVar(&caPath, "ca", "",
		"File path for CA in PEM format")
	flag.StringVar(&caKeyPath, "ca-key", "",
		"File path for the CA key in PEM format")
	flag.BoolVar(&rsaflag, "rsa", false,
		"generate a RSA with a 2048-bit key certificate")
	flag.BoolVar(&client, "client", false,
		"generates a client certificate without any IP or SAN/DNS")
	flag.StringVar(&name, "name", "localhost",
		"a single \"Subject Alternate Name values\" for the child certificate. It's added to 'names' if set")
	flag.StringVar(&names, "names", "",
		"a comma separated list of \"Subject Alternate Name values\" for the child certificate")
	flag.BoolVar(&noip, "noip", false,
		"generate a certificate with no IP. It overrides -ips.")
	flag.StringVar(&ipList, "ips", "127.0.0.1",
		"a comma separated list of IP addresses for the child certificate")
	flag.StringVar(&prefix, "prefix", "current timestamp",
		"a prefix to be added to the file name. If not provided a timestamp will be used")
	flag.StringVar(&pass, "pass", "",
		"a passphrase to encrypt the certificate key")
	flag.Parse()

	if caPath == "" && caKeyPath != "" || caPath != "" && caKeyPath == "" {
		flag.Usage()
		fmt.Fprintf(flag.CommandLine.Output(),
			"Both 'ca' and 'ca-key' must be specified, or neither should be provided.\nGot ca: %s, ca-key: %s\n",
			caPath, caKeyPath)

	}
	if prefix == "current timestamp" {
		prefix = fmt.Sprintf("%d", time.Now().Unix())
	}
	filePrefix := prefix + "-"

	wd, err := os.Getwd()
	if err != nil {
		fmt.Printf("error getting current working directory: %v\n", err)
	}
	fmt.Println("files will be witten to:", wd)

	var netIPs []net.IP
	if !noip {
		ips := strings.Split(ipList, ",")
		for _, ip := range ips {
			netIPs = append(netIPs, net.ParseIP(ip))
		}
	}

	var dnsNames []string
	if names != "" {
		dnsNames = strings.Split(names, ",")
	}

	rootCert, rootKey := getCA(rsaflag, caPath, caKeyPath, dest, prefix)
	priv, pub := generateKey(rsaflag)

	childCert, childPair, err := certutil.GenerateGenericChildCert(
		name,
		netIPs,
		priv,
		pub,
		rootKey,
		rootCert,
		certutil.WithCNPrefix(prefix),
		certutil.WithDNSNames(dnsNames...),
		certutil.WithClientCert(client))
	if err != nil {
		panic(fmt.Errorf("error generating child certificate: %w", err))
	}

	if client {
		name = "client"
	}
	savePair(dest, filePrefix+name, childPair)

	if pass != "" {
		fmt.Printf("passphrase present, encrypting \"%s\" certificate key\n",
			name)
		err = os.WriteFile(filePrefix+name+"-passphrase", []byte(pass), 0o600)
		if err != nil {
			panic(fmt.Errorf("error writing passphrase file: %w", err))
		}

		certKeyEnc, err := certutil.EncryptKey(childCert.PrivateKey, pass)
		if err != nil {
			panic(err)
		}

		err = os.WriteFile(filepath.Join(dest, filePrefix+name+"_enc-key.pem"), certKeyEnc, 0o600)
		if err != nil {
			panic(fmt.Errorf("could not save %s certificate encrypted key: %w", filePrefix+name+"_enc-key.pem", err))
		}
	}
}