[OOM-K8S-CERT-EXTERNAL-PROVIDER] Add client for CertService API

[oom/platform/cert-service.git] / certServiceK8sExternalProvider / src / cmpv2provisioner / cmpv2_provisioner.go
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go

index e48b527..67d719c 100644 (file)
--- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
@@ -38,33 +38,29 @@ import (
         "k8s.io/apimachinery/pkg/types"
         ctrl "sigs.k8s.io/controller-runtime"
  
+       "onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
         "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
  )
  
  var collection = new(sync.Map)
  
  type CertServiceCA struct {
-       name   string
-       url    string
-       caName string
-       key    []byte
-       cert   []byte
-       cacert []byte
+       name              string
+       url               string
+       caName            string
+       certServiceClient certserviceclient.CertServiceClient
  }
  
-func New(cmpv2Issuer *cmpv2api.CMPv2Issuer, key []byte, cert []byte, cacert []byte) (*CertServiceCA, error) {
+func New(cmpv2Issuer *cmpv2api.CMPv2Issuer, certServiceClient certserviceclient.CertServiceClient) (*CertServiceCA, error) {
  
         ca := CertServiceCA{}
         ca.name = cmpv2Issuer.Name
         ca.url = cmpv2Issuer.Spec.URL
         ca.caName = cmpv2Issuer.Spec.CaName
-       ca.key = key
-       ca.cert = cert
-       ca.cacert = cacert
+       ca.certServiceClient = certServiceClient
  
         log := ctrl.Log.WithName("cmpv2-provisioner")
-       log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "caName", ca.caName, "key", ca.key,
-               "cert", ca.cert, "cacert", ca.cacert)
+       log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "caName", ca.caName)
  
         return &ca, nil
  }
@@ -82,22 +78,27 @@ func Store(namespacedName types.NamespacedName, provisioner *CertServiceCA) {
         collection.Store(namespacedName, provisioner)
  }
  
-func (ca *CertServiceCA) Sign(ctx context.Context, certificateRequest *certmanager.CertificateRequest) ([]byte, []byte, error) {
+func (ca *CertServiceCA) Sign(ctx context.Context, certificateRequest *certmanager.CertificateRequest, privateKeyBytes []byte) ([]byte, []byte, error) {
         log := ctrl.Log.WithName("certservice-provisioner")
         log.Info("Signing certificate: ", "cert-name", certificateRequest.Name)
  
-       key, _ := base64.RawStdEncoding.DecodeString(string(ca.key))
-       log.Info("CA: ", "name", ca.name, "url", ca.url, "key", key)
+       log.Info("CA: ", "name", ca.name, "url", ca.url)
  
-       crPEM := certificateRequest.Spec.Request
-       csrBase64 := crPEM
-       log.Info("Csr PEM: ", "bytes", csrBase64)
+       csrBytes := certificateRequest.Spec.Request
+       log.Info("Csr PEM: ", "bytes", csrBytes)
  
-       csr, err := decodeCSR(crPEM)
+       csr, err := decodeCSR(csrBytes)
         if err != nil {
                 return nil, nil, err
         }
  
+       response, err := ca.certServiceClient.GetCertificates(csrBytes, privateKeyBytes)
+       if err != nil {
+               return nil, nil, err
+       }
+       log.Info("Certificate Chain", "cert-chain", response.CertificateChain)
+       log.Info("Trusted Certificates", "trust-certs", response.TrustedCertificates)
+
         cert := x509.Certificate{}
         cert.Raw = csr.Raw