feature: support new ca and sign domains/ips

Signed-off-by: xiexianbin <me@xiexianbin.cn>

.github/workflows/licensed.yml

@@ -0,0 +1,23 @@
+name: Licensed
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: Check licenses
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install licensed
+        run: |
+          cd $RUNNER_TEMP
+          curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.4.4/licensed-3.4.4-linux-x64.tar.gz
+          sudo tar -xzf licensed.tar.gz
+          sudo mv licensed /usr/local/bin/licensed
+      - run: licensed status

.github/workflows/release-new-action-version.yml

@@ -0,0 +1,47 @@
+name: Release new action version
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+permissions:
+  contents: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Release
+        uses: softprops/action-gh-release@v1
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Go
+        uses: actions/setup-go@v3
+
+      - name: Check Go Version and Install Go Dep
+        run: |
+          go version
+          go mod vendor
+
+      - name: Build
+        run: make all
+
+      - name: Generate Release.txt
+        run: |
+          echo ${{ github.sha }} > Release.txt
+          cat Release.txt
+
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          files: |
+            Release.txt
+            LICENSE
+            bin/xca-linux
+            bin/xca-darwin
+            bin/xca-windows

.github/workflows/workflow.yaml

@@ -0,0 +1,34 @@
+name: build-test
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    paths-ignore:
+      - '**.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go: [ '1.17.0-rc.2', '1.16.1' ]
+    name: Go ${{ matrix.go }} test
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ matrix.go }}
+
+      - name: Check Go Version and Install Go Dep
+        run: |
+          go version
+          go mod vendor
+
+      - name: Test
+        run: make test && make build

.gitignore

@@ -13,3 +13,9 @@
 
 # Dependency directories (remove the comment below to include it)
 # vendor/
+.DS_Store
+bin/
+.history/
+.idea/
+certs/
+x-ca

.licensed.yml

@@ -0,0 +1,18 @@
+sources:
+  bundler: true
+
+allowed:
+  - apache-2.0
+  - bsd-2-clause
+  - bsd-3-clause
+  - isc
+  - mit
+  - cc0-1.0
+  - unlicense
+
+reviewed:
+  bundler:
+    - pathname-common_prefix
+    - racc
+    - reverse_markdown
+    - ruby2_keywords

Makefile

@@ -0,0 +1,30 @@
+# https://www.xiexianbin.cn/program/tools/2016-01-09-makefile/index.html
+.PHONY: all test clean build build-linux build-mac build-windows
+
+GOCMD=go
+GOBUILD=$(GOCMD) build
+GOCLEAN=$(GOCMD) clean
+GOTEST=$(GOCMD) test
+BINARY_NAME=xca
+BINARY_LINUX=$(BINARY_NAME)-linux
+BINARY_MAC=$(BINARY_NAME)-darwin
+BINARY_WIN=$(BINARY_NAME)-windows
+
+help:  ## Show this help.
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+
+all: clean test build build-linux build-mac build-windows  ## Build all
+test:  ## run test
+	$(GOTEST) -v ./...
+clean: ## run clean bin files
+	$(GOCLEAN)
+	rm -f bin/$(BINARY_NAME)
+build:  ## build for current os
+	$(GOBUILD) -o bin/$(BINARY_NAME) -v
+
+build-linux:  ## build linux amd64
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 $(GOBUILD) -o bin/$(BINARY_LINUX) -v
+build-mac:  ## build mac amd64
+	CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 $(GOBUILD) -o bin/$(BINARY_MAC) -v
+build-windows:  ## build windows amd64
+	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 $(GOBUILD) -o bin/$(BINARY_WIN) -v

README.md

@@ -1,2 +1,98 @@
 # go-ca
-golang ca demo
+
+golang x-ca client， which can simple Sign Self Root/Second-Level CA, and sign for Domains and IPs.
+
+shell implement at [x-ca/x-ca](https://github.com/x-ca/x-ca)
+
+## install
+
+```
+curl -Lfs -o xca https://github.com/x-ca/go-ca/releases/latest/download/xca-{linux|darwin|windows}
+chmox +x xca
+```
+
+## Help
+
+```
+$ bin/xca --help
+Create Root CA and TLS CA:
+goca -create-ca true \
+  -root-cert x-ca/ca/root-ca.crt \
+  -root-key x-ca/ca/root-ca/private/root-ca.key \
+  -tls-cert x-ca/ca/tls-ca.crt \
+  -tls-key x-ca/ca/tls-ca/private/tls-ca.key
+
+Sign Domains or Ips:
+xca -cn xxxx \
+  --domains "xxx,xxx" --ips "xxx,xxx" \
+  -tls-cert x-ca/ca/tls-ca.crt \
+  -tls-key x-ca/ca/tls-ca/private/tls-ca.key
+
+Usage:
+  -cn string
+    	sign cert common name.
+  -create-ca
+    	Create Root CA.
+  -domains string
+    	Comma-Separated domain names.
+  -help
+    	show help message
+  -ips string
+    	Comma-Separated IP addresses.
+  -root-cert string
+    	Root certificate file path, PEM format. (default "x-ca/ca/root-ca.crt")
+  -root-key string
+    	Root private key file path, PEM/? format. (default "x-ca/ca/root-ca/private/root-ca.key")
+  -tls-cert string
+    	Second-Level certificate file path, PEM format. (default "x-ca/ca/tls-ca.crt")
+  -tls-key string
+    	Second-Level private key file path, PEM/? format. (default "x-ca/ca/tls-ca/private/tls-ca.key")
+```
+
+## Usage Demo
+
+- create ca
+
+```
+bin/xca -create-ca true \
+  -root-cert x-ca/ca/root-ca.crt \
+  -root-key x-ca/ca/root-ca/private/root-ca.key \
+  -tls-cert x-ca/ca/tls-ca.crt \
+  -tls-key x-ca/ca/tls-ca/private/tls-ca.key
+```
+
+[install](https://www.xiexianbin.cn/http/ssl/2017-02-15-openssl-self-sign-ca/#导出导入自签名证书) `x-ca/ca/root-ca.crt` and `x-ca/ca/tls-ca.crt` to trust Your CA.
+
+- or use x-ca
+
+```
+mkdir path
+git clone git@github.com:x-ca/ca.git x-ca
+```
+
+- sign domain
+
+```
+bin/xca -cn xiexianbin.cn \
+  --domains "*.xiexianbin.cn,*.80.xyz" \
+  --ips 100.80.0.128 \
+  -tls-cert x-ca/ca/tls-ca.crt \
+  -tls-key x-ca/ca/tls-ca/private/tls-ca.key
+```
+
+- test cert
+
+```
+docker run -it -d \
+  -p 8443:443 \
+  -v $(pwd)/examples/default.conf:/etc/nginx/conf.d/default.conf \
+  -v $(pwd)/certs/xiexianbin.cn/xiexianbin.cn.bundle.crt:/etc/pki/nginx/server.crt \
+  -v $(pwd)/certs/xiexianbin.cn/xiexianbin.cn.key:/etc/pki/nginx/private/server.key \
+  nginx
+```
+
+visit https://dev.xiexianbin.cn:8443/
+
+## Ref
+
+- [基于OpenSSL签署根CA、二级CA](https://www.xiexianbin.cn/s/ca/)

ca/base.go

@@ -0,0 +1,21 @@
+/*
+Copyright © 2022 xiexianbin.cn
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package ca
+
+type CA interface {
+	CreateKey() error
+	CreateCert() error
+	Write(keyPath, certPath, chainPath string) error
+	//Load(keyPath, certPath string) (interface{}, error)
+}