add p15 key output file

The NMC Security Wizard can also produce .p15 files that contain just a private key. Add this ability to this tool.

When the `create` function is used, both files will be outputted.

pkg/app/cmd_create.go

@@ -6,7 +6,10 @@ import (
 	"os"
 )
 
-const createDefaultOutFilePath = "apctool.p15"
+const (
+	createDefaultOutFilePath    = "apctool.p15"
+	createDefaultOutKeyFilePath = "apctool.key.p15"
+)
 
 // cmdCreate is the app's command to create an apc p15 file from key and cert
 // pem files
@@ -26,25 +29,35 @@ func (app *app) cmdCreate(_ context.Context, args []string) error {
 
 	// validation done
 
-	// make p15 file
-	apcFile, err := app.pemToAPCP15(keyPem, certPem, "create")
+	// make p15 files
+	apcKeyCertFile, keyFile, err := app.pemToAPCP15s(keyPem, certPem, "create")
 	if err != nil {
 		return err
 	}
 
 	// determine file name (should already be done by flag parsing, but avoid nil just in case)
-	fileName := createDefaultOutFilePath
+	keyCertFileName := createDefaultOutFilePath
 	if app.config.create.outFilePath != nil && *app.config.create.outFilePath != "" {
-		fileName = *app.config.create.outFilePath
+		keyCertFileName = *app.config.create.outFilePath
 	}
 
-	// write file
-	err = os.WriteFile(fileName, apcFile, 0777)
+	keyFileName := createDefaultOutFilePath
+	if app.config.create.outKeyFilePath != nil && *app.config.create.outKeyFilePath != "" {
+		keyFileName = *app.config.create.outKeyFilePath
+	}
+
+	// write files
+	err = os.WriteFile(keyCertFileName, apcKeyCertFile, 0777)
 	if err != nil {
-		return fmt.Errorf("create: failed to write apc p15 file (%s)", err)
+		return fmt.Errorf("create: failed to write apc p15 key+cert file (%s)", err)
 	}
+	app.stdLogger.Printf("create: apc p15 key+cert file %s written to disk", keyCertFileName)
 
-	app.stdLogger.Printf("create: apc p15 file %s written to disk", fileName)
+	err = os.WriteFile(keyFileName, keyFile, 0777)
+	if err != nil {
+		return fmt.Errorf("create: failed to write apc p15 key file (%s)", err)
+	}
+	app.stdLogger.Printf("create: apc p15 key file %s written to disk", keyFileName)
 
 	return nil
 }

pkg/app/cmd_install.go

@@ -52,7 +52,7 @@ func (app *app) cmdInstall(cmdCtx context.Context, args []string) error {
 	// validation done
 
 	// make p15 file
-	apcFile, err := app.pemToAPCP15(keyPem, certPem, "install")
+	apcFile, _, err := app.pemToAPCP15s(keyPem, certPem, "install")
 	if err != nil {
 		return err
 	}

pkg/app/config.go

@@ -28,7 +28,8 @@ type config struct {
 	debugLogging *bool
 	create       struct {
 		keyCertPemCfg
-		outFilePath *string
+		outFilePath    *string
+		outKeyFilePath *string
 	}
 	install struct {
 		keyCertPemCfg
@@ -71,7 +72,8 @@ func (app *app) getConfig(args []string) error {
 	cfg.create.certPemFilePath = createFlags.StringLong("certfile", "", "path and filename of the certificate in pem format")
 	cfg.create.keyPem = createFlags.StringLong("keypem", "", "string of the rsa-1024 or rsa-2048 key in pem format")
 	cfg.create.certPem = createFlags.StringLong("certpem", "", "string of the certificate in pem format")
-	cfg.create.outFilePath = createFlags.StringLong("outfile", createDefaultOutFilePath, "path and filename to write the p15 file to")
+	cfg.create.outFilePath = createFlags.StringLong("outfile", createDefaultOutFilePath, "path and filename to write the key+cert p15 file to")
+	cfg.create.outKeyFilePath = createFlags.StringLong("outkeyfile", createDefaultOutKeyFilePath, "path and filename to write the key p15 file to")
 
 	createCmd := &ff.Command{
 		Name:      "create",

pkg/app/file_header.go

@@ -7,6 +7,8 @@ import (
 	"github.com/sigurn/crc16"
 )
 
+const apcHeaderLen = 228
+
 // makeFileHeader generates the 228 byte header to prepend to the .p15
 // as required by APC UPS NMC. Contrary to the apc_tools repo, it does
 // mot appear the header changes based on key size.
@@ -28,7 +30,7 @@ func makeFileHeader(p15File []byte) ([]byte, error) {
 	// 		*(uint32_t *)(buf + 208) = keySize; // 1 for 1024 key, otherwise (2048 bit) 2
 	// Unsure why this was in original code but seems irrelevant
 
-	header := make([]byte, 228)
+	header := make([]byte, apcHeaderLen)
 
 	// always 1
 	header[0] = 1

pkg/app/pem_to_p15.go

@@ -5,34 +5,36 @@ import (
 	"fmt"
 )
 
-// pemToAPCP15 reads the specified pem files and returns the apc p15 bytes
-func (app *app) pemToAPCP15(keyPem, certPem []byte, parentCmdName string) ([]byte, error) {
+// pemToAPCP15s reads the specified pem files and returns the apc p15 files (both a
+// p15 file with just the private key, and also a p15 file with both the private key
+// and certificate). The key+cert file includes the required APC header, prepended.
+func (app *app) pemToAPCP15s(keyPem, certPem []byte, parentCmdName string) (apcKeyCertFile, keyFile []byte, err error) {
 	app.stdLogger.Printf("%s: making apc p15 file from pem", parentCmdName)
 
 	// make p15 struct
 	p15, err := pkcs15.ParsePEMToPKCS15(keyPem, certPem)
 	if err != nil {
-		return nil, fmt.Errorf("%s: failed to parse pem files (%w)", parentCmdName, err)
+		return nil, nil, fmt.Errorf("%s: failed to parse pem files (%w)", parentCmdName, err)
 	}
 
 	app.stdLogger.Printf("%s: successfully loaded pem files", parentCmdName)
 
 	// make file bytes
-	p15File, err := p15.ToP15File()
+	keyCertFile, keyFile, err := p15.ToP15Files()
 	if err != nil {
-		return nil, fmt.Errorf("%s: failed to make p15 file (%w)", parentCmdName, err)
+		return nil, nil, fmt.Errorf("%s: failed to make p15 file (%w)", parentCmdName, err)
 	}
 
 	// make header for file bytes
-	apcHeader, err := makeFileHeader(p15File)
+	apcHeader, err := makeFileHeader(keyCertFile)
 	if err != nil {
-		return nil, fmt.Errorf("%s: failed to make p15 file header (%w)", parentCmdName, err)
+		return nil, nil, fmt.Errorf("%s: failed to make p15 file header (%w)", parentCmdName, err)
 	}
 
 	// combine header with file
-	apcFile := append(apcHeader, p15File...)
+	apcKeyCertFile = append(apcHeader, keyCertFile...)
 
 	app.stdLogger.Printf("%s: apc p15 file data succesfully generated", parentCmdName)
 
-	return apcFile, nil
+	return apcKeyCertFile, keyFile, nil
 }