* oom-certservice-k8s-external-provider
* ================================================================================
* Copyright (c) 2019 Smallstep Labs, Inc.
- * Modifications copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
* ================================================================================
* This source code was copied from the following git repository:
* https://github.com/smallstep/step-issuer
package cmpv2provisioner
import (
- "context"
"sync"
- certmanager "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
"k8s.io/apimachinery/pkg/types"
- "onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
"onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
- "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr"
+ "onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
+ "onap.org/oom-certservice/k8s-external-provider/src/model"
)
var collection = new(sync.Map)
}
func (ca *CertServiceCA) Sign(
- ctx context.Context,
- certificateRequest *certmanager.CertificateRequest,
- privateKeyBytes []byte,
+ signCertificateModel model.SignCertificateModel,
) (signedCertificateChain []byte, trustedCertificates []byte, err error) {
log := leveledlogger.GetLoggerWithName("certservice-provisioner")
- log.Info("Signing certificate: ", "cert-name", certificateRequest.Name)
+ certificateRequest := signCertificateModel.CertificateRequest
+ log.Info("Signing certificate: ", "cert-name", certificateRequest.Name)
log.Info("CA: ", "name", ca.name, "url", ca.url)
- csrBytes := certificateRequest.Spec.Request
- log.Debug("Csr PEM: ", "bytes", csrBytes)
+ var response *certserviceclient.CertificatesResponse
+ var errAPI error
- filteredCsrBytes, err := csr.FilterFieldsFromCSR(csrBytes, privateKeyBytes)
- if err != nil {
- return nil, nil, err
+ if ca.isCertificateUpdate(signCertificateModel) {
+ log.Debug("Certificate will be updated.", "old-certificate", signCertificateModel.OldCertificateBytes)
+ log.Info("Attempt to send certificate update request")
+ response, errAPI = ca.certServiceClient.UpdateCertificate(signCertificateModel)
+ } else {
+ log.Info("Attempt to send certificate request")
+ response, errAPI = ca.certServiceClient.GetCertificates(signCertificateModel)
}
- response, err := ca.certServiceClient.GetCertificates(filteredCsrBytes, privateKeyBytes)
- if err != nil {
- return nil, nil, err
+ if errAPI != nil {
+ return nil, nil, errAPI
}
log.Info("Successfully received response from CertService API")
log.Debug("Certificate Chain", "cert-chain", response.CertificateChain)
log.Error(signErr, "Cannot parse response from CertService API")
return nil, nil, signErr
}
-
log.Info("Successfully signed: ", "cert-name", certificateRequest.Name)
-
log.Debug("Signed cert PEM: ", "bytes", signedCertificateChain)
log.Debug("Trusted CA PEM: ", "bytes", trustedCertificates)
return signedCertificateChain, trustedCertificates, nil
}
+
+
+func (ca *CertServiceCA) isCertificateUpdate(signCertificateModel model.SignCertificateModel) bool {
+ return len(signCertificateModel.OldCertificateBytes) > 0 && len(signCertificateModel.OldPrivateKeyBytes) > 0
+}