Use new x509util for renew/rekey.

2020-08-05 19:09:06 -07:00 · 2020-08-05 19:09:06 -07:00 · ce1eb0a01b
commit ce1eb0a01b
parent f437b86a7b
2 changed files with 3 additions and 14 deletions
--- a/authority/tls.go
+++ b/authority/tls.go
@ -245,21 +245,10 @@ func (a *Authority) Rekey(oldCert *x509.Certificate, pk crypto.PublicKey) ([]*x5
 		newCert.ExtraExtensions = append(newCert.ExtraExtensions, ext)
 	}
-	leaf, err := x509legacy.NewLeafProfileWithTemplate(newCert, a.x509Issuer, a.x509Signer)
+	serverCert, err := x509util.CreateCertificate(newCert, a.x509Issuer, newCert.PublicKey, a.x509Signer)
 	if err != nil {
 		return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Rekey", opts...)
 	}
 	crtBytes, err := leaf.CreateCertificate()
 	if err != nil {
 		return nil, errs.Wrap(http.StatusInternalServerError, err,
 			"authority.Rekey; error renewing certificate from existing server certificate", opts...)
 	}
 	serverCert, err := x509.ParseCertificate(crtBytes)
 	if err != nil {
 		return nil, errs.Wrap(http.StatusInternalServerError, err,
 			"authority.Rekey; error parsing new server certificate", opts...)
 	}
 	if err = a.db.StoreCertificate(serverCert); err != nil {
 		if err != db.ErrNotImplemented {
--- a/authority/tls_test.go
+++ b/authority/tls_test.go
@ -538,7 +538,7 @@ func TestAuthority_Renew(t *testing.T) {
 			return &renewTest{
 				auth: _a,
 				cert: cert,
-				err:  errors.New("authority.Rekey; error renewing certificate from existing server certificate"),
+				err:  errors.New("authority.Rekey: error creating certificate"),
 				code: http.StatusInternalServerError,
 			}, nil
 		},
@ -766,7 +766,7 @@ func TestAuthority_Rekey(t *testing.T) {
 			return &renewTest{
 				auth: _a,
 				cert: cert,
-				err:  errors.New("authority.Rekey; error renewing certificate from existing server certificate"),
+				err:  errors.New("authority.Rekey: error creating certificate"),
 				code: http.StatusInternalServerError,
 			}, nil
 		},