Add key name to CreateCertificateAuthority

2021-10-07 14:19:39 -07:00 · 2021-10-07 14:19:39 -07:00 · 52a18e0c2d
commit 52a18e0c2d
parent 08c9902f29
3 changed files with 23 additions and 1 deletions
--- a/cas/apiv1/requests.go
+++ b/cas/apiv1/requests.go
@ -108,6 +108,9 @@ type GetCertificateAuthorityResponse struct {
 	RootCertificate *x509.Certificate
 }

+// CreateKeyRequest is the request used to generate a new key using a KMS.
+type CreateKeyRequest = apiv1.CreateKeyRequest
+
 // CreateCertificateAuthorityRequest is the request used to generate a root or
 // intermediate certificate.
 type CreateCertificateAuthorityRequest struct {
@ -126,7 +129,7 @@ type CreateCertificateAuthorityRequest struct {
 	// CreateKey defines the KMS CreateKeyRequest to use when creating a new
 	// CertificateAuthority. If CreateKey is nil, a default algorithm will be
 	// used.
-	CreateKey *apiv1.CreateKeyRequest
+	CreateKey *CreateKeyRequest
 }

 // CreateCertificateAuthorityResponse is the response for
@ -136,6 +139,7 @@ type CreateCertificateAuthorityResponse struct {
 	Name             string
 	Certificate      *x509.Certificate
 	CertificateChain []*x509.Certificate
+	KeyName          string
 	PublicKey        crypto.PublicKey
 	PrivateKey       crypto.PrivateKey
 	Signer           crypto.Signer
--- a/cas/softcas/softcas.go
+++ b/cas/softcas/softcas.go
@ -174,6 +174,7 @@ func (c *SoftCAS) CreateCertificateAuthority(req *apiv1.CreateCertificateAuthori
 		Name:             cert.Subject.CommonName,
 		Certificate:      cert,
 		CertificateChain: chain,
+		KeyName:          key.Name,
 		PublicKey:        key.PublicKey,
 		PrivateKey:       key.PrivateKey,
 		Signer:           signer,
--- a/cas/softcas/softcas_test.go
+++ b/cas/softcas/softcas_test.go
@ -106,6 +106,7 @@ func (m *mockKeyManager) CreateKey(req *kmsapi.CreateKeyRequest) (*kmsapi.Create
 		signer = m.signer
 	}
 	return &kmsapi.CreateKeyResponse{
+		Name:       req.Name,
 		PrivateKey: signer,
 		PublicKey:  signer.Public(),
 	}, m.errCreateKey
@ -516,6 +517,22 @@ func TestSoftCAS_CreateCertificateAuthority(t *testing.T) {
 			PrivateKey:  saSigner,
 			Signer:      saSigner,
 		}, false},
+		{"ok createKey", fields{nil, nil, &mockKeyManager{}}, args{&apiv1.CreateCertificateAuthorityRequest{
+			Type:     apiv1.RootCA,
+			Template: testRootTemplate,
+			Lifetime: 24 * time.Hour,
+			CreateKey: &kmsapi.CreateKeyRequest{
+				Name:               "root_ca.crt",
+				SignatureAlgorithm: kmsapi.ECDSAWithSHA256,
+			},
+		}}, &apiv1.CreateCertificateAuthorityResponse{
+			Name:        "Test Root CA",
+			Certificate: testSignedRootTemplate,
+			PublicKey:   testSignedRootTemplate.PublicKey,
+			KeyName:     "root_ca.crt",
+			PrivateKey:  testSigner,
+			Signer:      testSigner,
+		}, false},
 		{"fail template", fields{nil, nil, &mockKeyManager{}}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.RootCA,
 			Lifetime: 24 * time.Hour,