Add options to set root and federated certificates using x509.Certificate

2020-02-12 15:36:24 -08:00 · 2020-02-12 15:36:24 -08:00 · 2d4f369db2
commit 2d4f369db2
parent 43bd8113aa
1 changed files with 23 additions and 3 deletions
--- a/authority/options.go
+++ b/authority/options.go
@ -113,22 +113,42 @@ func WithSSHHostSigner(s crypto.Signer) Option {
 	}
 }

+// WithX509RootCerts is an option that allows to define the list of root
+// certificates to use. This option will replace any root certificate defined
+// before.
+func WithX509RootCerts(rootCerts ...*x509.Certificate) Option {
+	return func(a *Authority) error {
+		a.rootX509Certs = rootCerts
+		return nil
+	}
+}
+
+// WithX509FederatedCerts is an option that allows to define the list of
+// federated certificates. This option will replace any federated certificate
+// defined before.
+func WithX509FederatedCerts(certs ...*x509.Certificate) Option {
+	return func(a *Authority) error {
+		a.federatedX509Certs = certs
+		return nil
+	}
+}
+
 // WithX509RootBundle is an option that allows to define the list of root
-// certificates.
+// certificates. This option will replace any root certificate defined before.
 func WithX509RootBundle(pemCerts []byte) Option {
 	return func(a *Authority) error {
 		certs, err := readCertificateBundle(pemCerts)
 		if err != nil {
 			return err
 		}
-		x509.NewCertPool()
 		a.rootX509Certs = certs
 		return nil
 	}
 }

 // WithX509FederatedBundle is an option that allows to define the list of
-// federated certificates.
+// federated certificates. This option will replace any federated certificate
+// defined before.
 func WithX509FederatedBundle(pemCerts []byte) Option {
 	return func(a *Authority) error {
 		certs, err := readCertificateBundle(pemCerts)