Move cert handling into library and add option passphrase. Adjust uploader and checker.

docs/csaf_checker.md

@@ -7,25 +7,26 @@ Usage:
   csaf_checker [OPTIONS] domain...
 
 Application Options:
-  -o, --output=REPORT-FILE       File name of the generated report
-  -f, --format=[json|html]       Format of report (default: json)
-      --insecure                 Do not check TLS certificates from provider
-      --client-cert=CERT-FILE    TLS client certificate file (PEM encoded data)
-      --client-key=KEY-FILE      TLS client private key file (PEM encoded data)
-      --version                  Display version of the binary
-  -v, --verbose                  Verbose output
-  -r, --rate=                    The average upper limit of https operations per second (defaults to unlimited)
-  -y, --years=YEARS              Number of years to look back from now
-  -t, --timerange=RANGE          RANGE of time from which advisories to download
-  -i, --ignorepattern=PATTERN    Dont download files if there URLs match any of the given PATTERNs
-  -H, --header=                  One or more extra HTTP header fields
-      --validator=URL            URL to validate documents remotely
-      --validatorcache=FILE      FILE to cache remote validations
-      --validatorpreset=         One or more presets to validate remotely (default: [mandatory])
-  -c, --config=TOML-FILE         Path to config TOML file
+  -o, --output=REPORT-FILE              File name of the generated report
+  -f, --format=[json|html]              Format of report (default: json)
+      --insecure                        Do not check TLS certificates from provider
+      --client-cert=CERT-FILE           TLS client certificate file (PEM encoded data)
+      --client-key=KEY-FILE             TLS client private key file (PEM encoded data)
+      --client-passphrase=PASSPHRASE    Optional passphrase for the client certificate
+      --version                         Display version of the binary
+  -v, --verbose                         Verbose output
+  -r, --rate=                           The average upper limit of https operations per second (defaults to unlimited)
+  -y, --years=YEARS                     Number of years to look back from now
+  -t, --timerange=RANGE                 RANGE of time from which advisories to download
+  -i, --ignorepattern=PATTERN           Dont download files if there URLs match any of the given PATTERNs
+  -H, --header=                         One or more extra HTTP header fields
+      --validator=URL                   URL to validate documents remotely
+      --validatorcache=FILE             FILE to cache remote validations
+      --validatorpreset=                One or more presets to validate remotely (default: [mandatory])
+  -c, --config=TOML-FILE                Path to config TOML file
 
 Help Options:
-  -h, --help                     Show this help message
+  -h, --help                            Show this help message
 ```
 
 Will check all given _domains_, by trying each as a CSAF provider.
@@ -42,19 +43,20 @@ csaf_checker.toml
 with `~` expanding to `$HOME` on unixoid systems and `%HOMEPATH` on Windows systems.
 Supported options in config files:
 ```
-output           = ""
-format           = "json"
-insecure         = false 
-# client_cert    # not set by default
-# client_key     # not set by default
-verbose          = false
-# rate           # not set by default
-# years	         # not set by default
-# timerange      # not set by default
-# header         # not set by default
-# validator      # not set by default
-# validatorcache # not set by default
-validatorpreset  = ["mandatory"]
+output              = ""
+format              = "json"
+insecure            = false 
+# client_cert       # not set by default
+# client_key        # not set by default
+# client_passphrase # not set by default
+verbose             = false
+# rate              # not set by default
+# years	            # not set by default
+# timerange         # not set by default
+# header            # not set by default
+# validator         # not set by default
+# validatorcache    # not set by default
+validatorpreset     = ["mandatory"]
 ```
 
 Usage example:

docs/csaf_uploader.md

@@ -7,19 +7,18 @@
 
 Application Options:
   -a, --action=[upload|create]              Action to perform (default: upload)
-  -u, --url=URL                             URL of the CSAF provider (default:
-                                            https://localhost/cgi-bin/csaf_provider.go)
+  -u, --url=URL                             URL of the CSAF provider (default: https://localhost/cgi-bin/csaf_provider.go)
   -t, --tlp=[csaf|white|green|amber|red]    TLP of the feed (default: csaf)
-  -x, --external-signed                     CSAF files are signed externally. Assumes .asc files
-                                            beside CSAF files.
+  -x, --external-signed                     CSAF files are signed externally. Assumes .asc files beside CSAF files.
   -s, --no-schema-check                     Do not check files against CSAF JSON schema locally.
   -k, --key=KEY-FILE                        OpenPGP key to sign the CSAF files
   -p, --password=PASSWORD                   Authentication password for accessing the CSAF provider
   -P, --passphrase=PASSPHRASE               Passphrase to unlock the OpenPGP key
       --client-cert=CERT-FILE.crt           TLS client certificate file (PEM encoded data)
       --client-key=KEY-FILE.pem             TLS client private key file (PEM encoded data)
+      --client-passphrase=PASSPHRASE        Optional passphrase for the client certificate
   -i, --password-interactive                Enter password interactively
-  -I, --passphrase-interactive               Enter passphrase interactively
+  -I, --passphrase-interactive              Enter OpenPGP key passphrase interactively
       --insecure                            Do not check TLS certificates from provider
   -c, --config=INI-FILE                     Path to config ini file
       --version                             Display version of the binary