feature: ec crt/refactor cmd/add info/version command

.gitignore

@@ -14,8 +14,9 @@
 # Dependency directories (remove the comment below to include it)
 # vendor/
 .DS_Store
-bin/
 .history/
 .idea/
 .lh/
+bin/
+vendor
 x-ca

Makefile

@@ -69,40 +69,40 @@ clean: ## Run clean bin files
 
 .PHONY: build
 build:  ## Build for current os
-	${SUB_BUILD_CMD} -o bin/$(BINARY_NAME)
+	${SUB_BUILD_CMD} -o bin/$(BINARY_NAME) ./cmd/...
 
 .PHONY: linux-amd64
 linux-amd64:  ## Build linux amd64
-	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@
+	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@ ./cmd/...
 
 .PHONY: linux-arm64
 linux-arm64:  ## Build linux arm64
-	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@
+	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@ ./cmd/...
 
 .PHONY: linux-ppc64le
 linux-ppc64le:  ## Build linux ppc64le
-	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@
+	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@ ./cmd/...
 
 .PHONY: linux-s390x
 linux-s390x:  ## Build linux s390x
-	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@
+	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@ ./cmd/...
 
 .PHONY: darwin-amd64
 darwin-amd64:  ## Build darwin amd64
-	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@
+	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@ ./cmd/...
 
 .PHONY: darwin-arm64
 darwin-arm64:  ## Build darwin arm64
-	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@
+	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@ ./cmd/...
 
 .PHONY: windows-amd64
 windows-amd64:  ## Build windows amd64
-	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@.exe
+	CGO_ENABLED=0 ${GOARGS} ${SUB_BUILD_CMD} -o bin/${BINARY_NAME}-$@.exe ./cmd/...
 
-.PHONY: docker-build
-docker-build: test  ## Build docker image
-	docker build -t ${IMG} .
+# .PHONY: docker-build
+# docker-build: test  ## Build docker image
+# 	docker build -t ${IMG} .
 
-.PHONY: docker-push
-docker-push:  ## Push docker image
-	docker push ${IMG}
+# .PHONY: docker-push
+# docker-push:  ## Push docker image
+# 	docker push ${IMG}

README.md

@@ -6,7 +6,8 @@
 
 golang x-ca client, which can simple Sign Self Root/Second-Level CA, and sign for Domains and IPs.
 
-shell implement at [x-ca/x-ca](https://github.com/x-ca/x-ca)
+- shell implement at [x-ca/x-ca](https://github.com/x-ca/x-ca)
+- [import Self Sign CA To System](https://www.xiexianbin.cn/http/ssl/2017-02-15-openssl-self-sign-ca/#导出导入自签名证书) `x-ca/ca/root-ca.crt` and `x-ca/ca/tls-ca.crt` to trust Your CA.
 
 ## install
 
@@ -19,81 +20,70 @@ mv xca /usr/local/bin/
 ## Help
 
 ```
-$ xca --help
-Create Root CA and TLS CA:
-xca -create-ca true \
-  -root-cert x-ca/ca/root-ca.crt \
-  -root-key x-ca/ca/root-ca/private/root-ca.key \
-  -tls-cert x-ca/ca/tls-ca.crt \
-  -tls-key x-ca/ca/tls-ca/private/tls-ca.key \
-  -tls-chain x-ca/ca/tls-ca-chain.pem
-
-Sign Domains or Ips:
-xca -cn xxxx \
-  --domains "xxx,xxx" --ips "xxx,xxx" \
-  -tls-cert x-ca/ca/tls-ca.crt \
-  -tls-key x-ca/ca/tls-ca/private/tls-ca.key \
-  -tls-chain x-ca/ca/tls-ca-chain.pem
-
-Usage:
-  -cn string
-    	sign cert common name.
-  -create-ca
-    	Create Root CA.
-  -domains string
-    	Comma-Separated domain names.
-  -help
-    	show help message
-  -ips string
-    	Comma-Separated IP addresses.
-  -root-cert string
-    	Root certificate file path, PEM format. (default "x-ca/ca/root-ca.crt")
-  -root-key string
-    	Root private key file path, PEM format. (default "x-ca/ca/root-ca/private/root-ca.key")
-  -tls-cert string
-    	Second-Level certificate file path, PEM format. (default "x-ca/ca/tls-ca.crt")
-  -tls-chain string
-    	Root/Second-Level CA Chain file path, PEM format. (default "x-ca/ca/tls-ca-chain.pem")
-  -tls-key string
-    	Second-Level private key file path, PEM format. (default "x-ca/ca/tls-ca/private/tls-ca.key")
-  -tls-key-password string
-    	tls key password, only work for load github.com/x-ca/x-ca.
-  -version
-    	show version info.
-
-Source Code:
-  https://github.com/x-ca/go-ca
+xca --help
+xca create-ca --help
+xca sign --help
 ```
 
-## Usage Demo
-
-- create ca
-
-```
-xca -create-ca true \
-  -root-cert x-ca/ca/root-ca.crt \
-  -root-key x-ca/ca/root-ca/private/root-ca.key \
-  -tls-cert x-ca/ca/tls-ca.crt \
-  -tls-key x-ca/ca/tls-ca/private/tls-ca.key
 ```
+$ xca --help
+XCA is a command-line tool for creating and managing Root/Second-Level Certificate Authorities (CAs)
+and signing certificates for domains and IP addresses.
 
-[install](https://www.xiexianbin.cn/http/ssl/2017-02-15-openssl-self-sign-ca/#导出导入自签名证书) `x-ca/ca/root-ca.crt` and `x-ca/ca/tls-ca.crt` to trust Your CA.
+Available Commands:
+  create-ca   Create root and TLS CA certificates
+  info        Display information about Certificates
+  sign        Sign a certificate for domains and/or IPs
+  version     Show version information
 
-- or use x-ca
+Environment:
+  XCA_ROOT_PATH  Which path to store Root/Second-Level/TLS cert, default is "$(pwd)/x-ca"
 
+Examples:
+  xca create-ca --key-type ec --curve P256
+  xca sign example.com --domains "example.com,www.example.com"
+  xca sign 192.168.1.1 --ips "192.168.1.1"
+
+Source Code:
+  https://github.com/x-ca/go-ca
 ```
-mkdir path
-git clone git@github.com:x-ca/ca.git x-ca
-```
 
-- sign domain
+## Usage Demo
+
+You can specify the key type (`-key-type`) and curve (`-curve`) to create an EC root CA and TLS CA:
 
 ```
-xca -cn xiexianbin.cn \
-  --domains "*.xiexianbin.cn,*.80.xyz" \
-  --ips 100.80.0.128 \
-  -tls-cert x-ca/ca/tls-ca.crt \
-  -tls-key x-ca/ca/tls-ca/private/[tls-ca.key | tls-ca-des3.key]
+# Create EC CA
+$ xca create-ca --key-type ec --curve P256
+
+# default out `x-ca/...`
+$ tree x-ca
+x-ca
+└── ca
+    ├── root-ca
+    │   └── private
+    │       └── root-ca.key
+    ├── root-ca.crt
+    ├── tls-ca
+    │   └── private
+    │       └── tls-ca.key
+    ├── tls-ca-chain.pem
+    └── tls-ca.crt
+
+6 directories, 5 files
+
+# Show CA info
+$ xca info ./x-ca/ca/root-ca.crt
+$ xca info ./x-ca/ca/tls-ca.crt
+
+# Sign Domains certificate
+xca sign example.com --domains "example.com,www.example.com"
+
+# Sign Domains and IPs certificate
+$ xca sign xiexianbin.cn --ips "192.168.1.1,*.xiexianbin.cn,*.dev.xiexianbin.cn"
+
+# Show TLS cert info
+$ xca info ./x-ca/certs/xiexianbin.cn/xiexianbin.cn.crt
 ```
 
 - test cert
@@ -107,7 +97,25 @@ docker run -it -d \
   nginx
 ```
 
-visit https://dev.xiexianbin.cn:8443/
+- to verify, visit https://dev.xiexianbin.cn:8443/ in brower or run command:
+
+```
+curl -i -v -k https://dev.xiexianbin.cn:8443/ --resolve dev.xiexianbin.cn:8443:127.0.0.1
+```
+
+## Dev
+
+- core file
+
+```
+go.mod - Added cobra dependency
+ca/baseca.go - Common CA functionality
+ca/common.go - Shared utilities
+cmd/create.go - create-ca command
+cmd/sign.go - sign command
+cmd/root.go - root cobra command
+cmd/xca.go - main entry point (refactored)
+```
 
 ## FaQ