From 2ae32665bbb9290a5652b48174e2018346f605e1 Mon Sep 17 00:00:00 2001
From: Phil Calvin <phil@philcalvin.com>
Date: Wed, 30 Dec 2020 22:10:59 -0500
Subject: [PATCH 1/2] Add Dockerfiles for testing basic functionality

This is with the end goal of getting rough compatibility with paultag/minica so we can have one true minica tool.
---
 Dockerfile         | 22 ++++++++++++++++++++++
 Dockerfile.paultag |  9 +++++++++
 tests.sh           | 44 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 75 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 Dockerfile.paultag
 create mode 100755 tests.sh

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..3dc5eb3
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,22 @@
+FROM debian:buster AS build
+
+RUN apt-get update -y && \
+    apt-get install -y golang
+
+WORKDIR /build
+
+COPY . .
+
+RUN go build
+
+FROM debian:buster
+
+COPY --from=build /build/minica /usr/bin/minica
+
+RUN apt-get update -y && \
+    apt-get install --no-install-recommends -y \
+      curl ca-certificates openssl
+
+WORKDIR /test
+COPY tests.sh .
+RUN ./tests.sh
\ No newline at end of file
diff --git a/Dockerfile.paultag b/Dockerfile.paultag
new file mode 100644
index 0000000..28e3135
--- /dev/null
+++ b/Dockerfile.paultag
@@ -0,0 +1,9 @@
+FROM debian:buster
+
+RUN apt-get update -y && \
+    apt-get install --no-install-recommends -y \
+      minica curl ca-certificates openssl
+
+WORKDIR /test
+COPY tests.sh .
+RUN ./tests.sh
diff --git a/tests.sh b/tests.sh
new file mode 100755
index 0000000..b62a260
--- /dev/null
+++ b/tests.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -e
+echo "world" > hello
+
+minica localhost
+
+set +e
+# FIXME: jsha/minica puts the keypair in a directory, copy those out for compatibility
+# so the same tests work against either version.
+cp localhost/cert.pem localhost.crt
+cp localhost/key.pem localhost.key
+cp minica.pem cacert.crt
+set -e
+
+openssl s_server -cert localhost.crt -key localhost.key -accept 8080 -WWW &
+set +e
+
+curl https://localhost:8080/hello
+if (( $? != 60 )); then
+	exit "Expected request to server with untrusted CA to fail."
+fi
+
+set -e
+cp cacert.crt /usr/share/ca-certificates/
+echo "cacert.crt" >> /etc/ca-certificates.conf
+update-ca-certificates	
+set +e
+
+curl https://localhost:8080/hello
+if (( $? != 0 )); then
+	exit "Expected request to server with trusted CA to succeed."
+fi
+
+# FIXME: -ca-key-size and -key-size are paultag/minica-only right now, but could be ported.
+# set -e
+# minica -ca-key-size 4096 -key-size 4096 127.0.0.1
+# openssl s_server -cert 127.0.0.1.crt -key 127.0.0.1.key -accept 8081 -WWW &
+# set +e
+
+# curl https://127.0.0.1:8081/hello
+# if (( $? != 0 )); then
+# 	exit "Expected request to server with trusted CA to succeed."
+# fi
\ No newline at end of file

From 36417e624610666947fd48b399291abb0e38f09c Mon Sep 17 00:00:00 2001
From: Phil Calvin <phil@philcalvin.com>
Date: Wed, 30 Dec 2020 22:15:16 -0500
Subject: [PATCH 2/2] Allow domains to be specified as unflagged arguments

This is for drop-in(-ish) compatibility with https://github.com/paultag/minica
---
 README.md | 7 +++++++
 main.go   | 8 ++------
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 894995c..f1206cd 100644
--- a/README.md
+++ b/README.md
@@ -42,3 +42,10 @@ go build
 # generate and sign an end-entity key and cert, storing them in ./foo.com/
 $ minica --domains foo.com
 ```
+
+For compatibility with another (unaffiliated) tool of the same name, domains
+can also be specified as final arguments:
+
+```
+minica foo.com
+```
\ No newline at end of file
diff --git a/main.go b/main.go
index 9734969..4aeb1fb 100644
--- a/main.go
+++ b/main.go
@@ -313,15 +313,11 @@ will not overwrite existing keys or certificates.
 		flag.PrintDefaults()
 	}
 	flag.Parse()
-	if *domains == "" && *ipAddresses == "" {
+	if flag.NArg() == 0 && *domains == "" && *ipAddresses == "" {
 		flag.Usage()
 		os.Exit(1)
 	}
-	if len(flag.Args()) > 0 {
-		fmt.Printf("Extra arguments: %s (maybe there are spaces in your domain list?)\n", flag.Args())
-		os.Exit(1)
-	}
-	domainSlice := split(*domains)
+	domainSlice := append(split(*domains), (flag.Args())...)
 	domainRe := regexp.MustCompile("^[A-Za-z0-9.*-]+$")
 	for _, d := range domainSlice {
 		if !domainRe.MatchString(d) {