Adds capability to define EKUs to be included in CSRs

Makefile

@@ -48,6 +48,9 @@ build: get
 	env GOOS=linux   GOARCH=arm64 go build $(GO_LDFLAGS) -o bin/linux/vcert_arm       ./cmd/vcert
 	env GOOS=linux   GOARCH=amd64 go build $(GO_LDFLAGS) -o bin/linux/vcert           ./cmd/vcert
 	env GOOS=linux   GOARCH=386   go build $(GO_LDFLAGS) -o bin/linux/vcert86         ./cmd/vcert
+	env GOOS=linux   GOARCH=arm GOARM=5 go build $(GO_LDFLAGS) -o bin/linux/vcert_arm32v5       ./cmd/vcert
+	env GOOS=linux   GOARCH=arm GOARM=6 go build $(GO_LDFLAGS) -o bin/linux/vcert_arm32v6       ./cmd/vcert
+	env GOOS=linux   GOARCH=arm GOARM=7 go build $(GO_LDFLAGS) -o bin/linux/vcert_arm32v7       ./cmd/vcert
 	env GOOS=darwin  GOARCH=amd64 go build $(GO_LDFLAGS) -o bin/darwin/vcert          ./cmd/vcert
 	env GOOS=darwin  GOARCH=arm64 go build $(GO_LDFLAGS) -o bin/darwin/vcert_arm      ./cmd/vcert
 	env GOOS=windows GOARCH=amd64 go build $(GO_LDFLAGS) -o bin/windows/vcert.exe     ./cmd/vcert

cmd/vcert/args.go

@@ -156,4 +156,5 @@ type commandFlags struct {
 	provisionOutputFile  string
 	provisionPickupID    string
 	provisionFormat      string
+	extKeyUsage          certificate.ExtKeyUsageSlice
 }

cmd/vcert/cmdHelper.go

@@ -79,6 +79,10 @@ func runBeforeCommand(c *cli.Context) error {
 		uri, _ := url.Parse(stringURI)
 		flags.uriSans = append(flags.uriSans, uri)
 	}
+	for _, stringExtKeyUsage := range c.StringSlice("eku") {
+		eku, _ := certificate.ParseExtKeyUsage(stringExtKeyUsage)
+		flags.extKeyUsage.Add(eku)
+	}
 
 	if flags.platformString != "" {
 		flags.platform = venafi.GetPlatformType(flags.platformString)

cmd/vcert/flags.go

@@ -239,6 +239,13 @@ var (
 		Hidden: true,
 	}
 
+	flagExtKeyUsage = &cli.StringSliceFlag{
+		Name: "eku",
+		Usage: "Use to specify an Extended Key Usage type to be included in the generated CSR. Common options include ServerAuth & ClientAuth. " +
+			"This option can be repeated to specify more than one value like this: --eku ServerAuth --eku ClientAuth etc. ",
+		Hidden: true,
+	}
+
 	flagFormat = &cli.StringFlag{
 		Name: "format",
 		Usage: "Use to specify the output format. Options include: pem | json | pkcs12 | jks | legacy-pem | legacy-pkcs12." +
@@ -802,6 +809,7 @@ var (
 		sansFlags,
 		flagCSRFile,
 		keyFlags,
+		flagExtKeyUsage,
 		flagNoPrompt,
 		flagVerbose,
 		flagCSRFormat,
@@ -839,6 +847,7 @@ var (
 			flagOmitSans,
 			flagValidDays,
 			flagValidPeriod,
+			flagExtKeyUsage,
 		)),
 	)
 
@@ -896,6 +905,7 @@ var (
 			sortableCredentialsFlags,
 			flagPickupIDFile,
 			flagOmitSans,
+			flagExtKeyUsage,
 		)),
 	)
 

cmd/vcert/utils.go

@@ -174,6 +174,9 @@ func fillCertificateRequest(req *certificate.Request, cf *commandFlags) *certifi
 			req.KeyCurve = cf.keyCurve
 		}
 		req.CsrOrigin = certificate.LocalGeneratedCSR
+		if len(cf.extKeyUsage) > 0 {
+			req.ExtKeyUsages = cf.extKeyUsage
+		}
 	}
 
 	if cf.validDays != "" {