This repository has been archived by the owner on Jan 2, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 71
/
flags.go
107 lines (92 loc) · 3.36 KB
/
flags.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package main
import (
"flag"
"fmt"
"net"
"os"
"strings"
)
var interfaceNameVar string
var networkAddrVar string
var additionalClientAddrs string
var caCertPathVar string
var caKeyPathVar string
var ourCertPathVar string
var ourKeyPathVar string
var serverAddressVar string
var connPortVar string
var modeVar string
var gatewayVar string
var crlPathVar string
func printUsage() {
fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0])
fmt.Fprintf(os.Stderr, "%s <server address>\n", os.Args[0])
flag.PrintDefaults()
}
func parseFlags() {
flag.StringVar(&interfaceNameVar, "i", "", "TUN interface, one is picked if not specified")
flag.StringVar(&caCertPathVar, "ca", "", "Path to PEM-encoded cert to validate client/serv")
flag.StringVar(&caKeyPathVar, "ca_key", "", "Path to PEM-encoded key to use generating certificates")
flag.StringVar(&ourCertPathVar, "cert", "", "Path to PEM-encoded cert for our side of the connection")
flag.StringVar(&ourKeyPathVar, "key", "", "Path to PEM-encoded key for our cert")
flag.StringVar(&connPortVar, "port", "3234", "Port for the VPN connection")
flag.StringVar(&modeVar, "mode", "client", "Whether the process starts a server or as a client")
flag.StringVar(&networkAddrVar, "network", "192.168.69.1/24", "Address for this interface with netmask")
flag.StringVar(&gatewayVar, "gw", "", "(Client only) Set the default gateway to this value")
flag.StringVar(&crlPathVar, "crl", "", "Optional path to JSON-CRL file")
flag.StringVar(&additionalClientAddrs, "req-addrs", "", "(Client only) Additional addresses to associate with the client")
flag.Usage = printUsage
flag.Parse()
if modeVar != "init-server-certs" && modeVar != "make-client-cert" && modeVar != "blacklist-cert" && flag.NArg() != 1 {
printUsage()
os.Exit(2)
}
if modeVar == "server" {
if ourCertPathVar == "" || ourKeyPathVar == "" {
fmt.Fprintf(os.Stderr, "Err: Certificate and key must be specified for server mode.\n")
flag.PrintDefaults()
os.Exit(2)
}
}
if modeVar == "init-server-certs" {
if ourCertPathVar == "" || ourKeyPathVar == "" {
fmt.Fprintf(os.Stderr, "Err: Certificate and key path must be specified for generating certs.\n")
flag.PrintDefaults()
os.Exit(2)
}
if caCertPathVar == "" || caKeyPathVar == "" {
fmt.Fprintf(os.Stderr, "Err: CA Certificate and key path must be specified for generating certs.\n")
flag.PrintDefaults()
os.Exit(2)
}
}
if modeVar == "make-client-cert" {
if caCertPathVar == "" || caKeyPathVar == "" {
fmt.Fprintf(os.Stderr, "Err: CA Certificate and key path must be specified for generating certs.\n")
flag.PrintDefaults()
os.Exit(2)
}
if flag.NArg() != 2 {
fmt.Fprintf(os.Stderr, "Err: Expected 2 arguments. EG: ./subnet OPTIONS certPath keyPath\n")
os.Exit(2)
}
}
if modeVar == "blacklist-cert" {
if crlPathVar == "" {
fmt.Fprintf(os.Stderr, "Err: CRL path must be specified.\n")
flag.PrintDefaults()
os.Exit(2)
}
if flag.NArg() != 2 {
fmt.Fprintf(os.Stderr, "Err: Expected 2 arguments. EG: ./subnet -crl <crlPath> -mode blacklist-cert <certPath> \"justification\"\n")
os.Exit(2)
}
}
for i, addrStr := range strings.Split(additionalClientAddrs, ",") {
if addrStr != "" && net.ParseIP(addrStr) == nil {
fmt.Fprintf(os.Stderr, "Err: --req-addrs additional address (index %d) is not a valid IP address.\n", i)
os.Exit(2)
}
}
serverAddressVar = flag.Arg(0)
}