From cf063d1f4a763120c4def4d78bf586419ee067c8 Mon Sep 17 00:00:00 2001
From: Miclain Keffeler <mickeffeler@gmail.com>
Date: Wed, 23 Dec 2020 22:43:47 -0600
Subject: [PATCH] Revert "Begins to fix issue 87"

This reverts commit e2ba4159c3af6f559a148c793276bb17081b56f9.
---
 api/sign.go                           | 18 +++++++--------
 authority/provisioner/sign_options.go |  9 ++++----
 authority/tls.go                      | 33 ++-------------------------
 3 files changed, 14 insertions(+), 46 deletions(-)

diff --git a/api/sign.go b/api/sign.go
index 7687015d..69e9a1a5 100644
--- a/api/sign.go
+++ b/api/sign.go
@@ -12,12 +12,11 @@ import (
 
 // SignRequest is the request body for a certificate signature request.
 type SignRequest struct {
-	CsrPEM            CertificateRequest `json:"csr"`
-	OTT               string             `json:"ott"`
-	NotAfter          TimeDuration       `json:"notAfter,omitempty"`
-	NotBefore         TimeDuration       `json:"notBefore,omitempty"`
-	AppendedCertsFile string             `json:"AppendedCertsFile,omitempty"`
-	TemplateData      json.RawMessage    `json:"templateData,omitempty"`
+	CsrPEM       CertificateRequest `json:"csr"`
+	OTT          string             `json:"ott"`
+	NotAfter     TimeDuration       `json:"notAfter,omitempty"`
+	NotBefore    TimeDuration       `json:"notBefore,omitempty"`
+	TemplateData json.RawMessage    `json:"templateData,omitempty"`
 }
 
 // Validate checks the fields of the SignRequest and returns nil if they are ok
@@ -62,10 +61,9 @@ func (h *caHandler) Sign(w http.ResponseWriter, r *http.Request) {
 	}
 
 	opts := provisioner.SignOptions{
-		NotBefore:         body.NotBefore,
-		NotAfter:          body.NotAfter,
-		TemplateData:      body.TemplateData,
-		AppendedCertsFile: body.AppendedCertsFile,
+		NotBefore:    body.NotBefore,
+		NotAfter:     body.NotAfter,
+		TemplateData: body.TemplateData,
 	}
 
 	signOpts, err := h.Authority.AuthorizeSign(body.OTT)
diff --git a/authority/provisioner/sign_options.go b/authority/provisioner/sign_options.go
index b32b3c6c..9bfe8529 100644
--- a/authority/provisioner/sign_options.go
+++ b/authority/provisioner/sign_options.go
@@ -23,11 +23,10 @@ const DefaultCertValidity = 24 * time.Hour
 // SignOptions contains the options that can be passed to the Sign method. Backdate
 // is automatically filled and can only be configured in the CA.
 type SignOptions struct {
-	NotAfter          TimeDuration    `json:"notAfter"`
-	NotBefore         TimeDuration    `json:"notBefore"`
-	AppendedCertsFile string          `json:"AppendedCertsFile"`
-	TemplateData      json.RawMessage `json:"templateData"`
-	Backdate          time.Duration   `json:"-"`
+	NotAfter     TimeDuration    `json:"notAfter"`
+	NotBefore    TimeDuration    `json:"notBefore"`
+	TemplateData json.RawMessage `json:"templateData"`
+	Backdate     time.Duration   `json:"-"`
 }
 
 // SignOption is the interface used to collect all extra options used in the
diff --git a/authority/tls.go b/authority/tls.go
index 43a593f7..f22f4624 100644
--- a/authority/tls.go
+++ b/authority/tls.go
@@ -8,8 +8,6 @@ import (
 	"encoding/asn1"
 	"encoding/base64"
 	"encoding/pem"
-	"io/ioutil"
-	"log"
 	"net/http"
 	"time"
 
@@ -69,7 +67,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
 		certModifiers  []provisioner.CertificateModifier
 		certEnforcers  []provisioner.CertificateEnforcer
 	)
-	var thecertfile = signOpts.AppendedCertsFile
+
 	opts := []interface{}{errs.WithKeyVal("csr", csr), errs.WithKeyVal("signOptions", signOpts)}
 	if err := csr.CheckSignature(); err != nil {
 		return nil, errs.Wrap(http.StatusBadRequest, err, "authority.Sign; invalid certificate request", opts...)
@@ -163,35 +161,8 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
 				"authority.Sign; error storing certificate in db", opts...)
 		}
 	}
-	//If the user defined a file to append to in ca.json
-	//log.Fatal(string(thecertfile))
-	if thecertfile != "" {
-		content, err := ioutil.ReadFile(string(thecertfile))
-		if err != nil {
-			log.Fatal(err)
-		}
-		block, _ := pem.Decode([]byte(content))
-		if block == nil {
-			log.Fatal(err)
-		}
-		certs, err := x509.ParseCertificate(block.Bytes)
-		if err != nil {
-			log.Fatal(err)
-		}
-		var thecert = make([]*x509.Certificate, len(resp.CertificateChain)+1)
-		for i, aid := range resp.CertificateChain {
-			//log.wr(aid)
-			thecert[i] = aid
-		}
-		thecert[len(resp.CertificateChain)] = certs
-		return append([]*x509.Certificate{resp.Certificate}, thecert...), nil
-	}
-	var thecert = make([]*x509.Certificate, len(resp.CertificateChain))
-	for i, aid := range resp.CertificateChain {
-		thecert[i] = aid
-	}
-	return append([]*x509.Certificate{resp.Certificate}, thecert...), nil
 
+	return append([]*x509.Certificate{resp.Certificate}, resp.CertificateChain...), nil
 }
 
 // Renew creates a new Certificate identical to the old certificate, except