diff --git a/api/api.go b/api/api.go index 57c81262..f83a2354 100644 --- a/api/api.go +++ b/api/api.go @@ -36,7 +36,7 @@ type Authority interface { Root(shasum string) (*x509.Certificate, error) Sign(cr *x509.CertificateRequest, opts provisioner.Options, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error) Renew(peer *x509.Certificate) ([]*x509.Certificate, error) - RenewOrRekey(peer *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error) + Rekey(peer *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error) LoadProvisionerByCertificate(*x509.Certificate) (provisioner.Interface, error) LoadProvisionerByID(string) (provisioner.Interface, error) GetProvisioners(cursor string, limit int) (provisioner.List, string, error) diff --git a/api/api_test.go b/api/api_test.go index 3e79971e..27aec1b1 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -613,7 +613,7 @@ func (m *mockAuthority) Renew(cert *x509.Certificate) ([]*x509.Certificate, erro return []*x509.Certificate{m.ret1.(*x509.Certificate), m.ret2.(*x509.Certificate)}, m.err } -func (m *mockAuthority) RenewOrRekey(oldcert *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error) { +func (m *mockAuthority) Rekey(oldcert *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error) { if m.renewOrRekey != nil { return m.renewOrRekey(oldcert, pk) } diff --git a/api/rekey.go b/api/rekey.go index b175ff9b..2d24dbb8 100644 --- a/api/rekey.go +++ b/api/rekey.go @@ -43,7 +43,7 @@ func (h *caHandler) Rekey(w http.ResponseWriter, r *http.Request) { return } - certChain, err := h.Authority.RenewOrRekey(r.TLS.PeerCertificates[0], body.CsrPEM.CertificateRequest.PublicKey) + certChain, err := h.Authority.Rekey(r.TLS.PeerCertificates[0], body.CsrPEM.CertificateRequest.PublicKey) if err != nil { WriteError(w, errs.Wrap(http.StatusInternalServerError, err, "cahandler.Rekey")) return diff --git a/authority/tls.go b/authority/tls.go index aa26ee01..0b38ecb7 100644 --- a/authority/tls.go +++ b/authority/tls.go @@ -139,16 +139,16 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti // Renew creates a new Certificate identical to the old certificate, except // with a validity window that begins 'now'. func (a *Authority) Renew(oldCert *x509.Certificate) ([]*x509.Certificate, error) { - return a.RenewOrRekey(oldCert, oldCert.PublicKey) + return a.Rekey(oldCert, oldCert.PublicKey) } // Func is used for renewing or rekeying based on the public key passed. -func (a *Authority) RenewOrRekey(oldCert *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error) { +func (a *Authority) Rekey(oldCert *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error) { opts := []interface{}{errs.WithKeyVal("serialNumber", oldCert.SerialNumber.String())} // Check step provisioner extensions if err := a.authorizeRenew(oldCert); err != nil { - return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.RenewOrRekey", opts...) + return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Rekey", opts...) } // Durations @@ -201,7 +201,7 @@ func (a *Authority) RenewOrRekey(oldCert *x509.Certificate, pk crypto.PublicKey) pubBytes, err := x509.MarshalPKIXPublicKey(pk) if err != nil { return nil, errs.Wrap(http.StatusInternalServerError, err, - "authority.RenewOrRekey; error marshaling public key", opts...) + "authority.Rekey; error marshaling public key", opts...) } hash := sha1.Sum(pubBytes) skiExtension := pkix.Extension{ @@ -214,23 +214,23 @@ func (a *Authority) RenewOrRekey(oldCert *x509.Certificate, pk crypto.PublicKey) leaf, err := x509util.NewLeafProfileWithTemplate(newCert, a.x509Issuer, a.x509Signer) if err != nil { - return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.RenewOrRekey", opts...) + return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Rekey", opts...) } crtBytes, err := leaf.CreateCertificate() if err != nil { return nil, errs.Wrap(http.StatusInternalServerError, err, - "authority.RenewOrRekey; error renewing certificate from existing server certificate", opts...) + "authority.Rekey; error renewing certificate from existing server certificate", opts...) } serverCert, err := x509.ParseCertificate(crtBytes) if err != nil { return nil, errs.Wrap(http.StatusInternalServerError, err, - "authority.RenewOrRekey; error parsing new server certificate", opts...) + "authority.Rekey; error parsing new server certificate", opts...) } if err = a.db.StoreCertificate(serverCert); err != nil { if err != db.ErrNotImplemented { - return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.RenewOrRekey; error storing certificate in db", opts...) + return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Rekey; error storing certificate in db", opts...) } } diff --git a/authority/tls_test.go b/authority/tls_test.go index e12ff266..7c9caedc 100644 --- a/authority/tls_test.go +++ b/authority/tls_test.go @@ -370,7 +370,7 @@ ZYtQ9Ot36qc= } } -func TestAuthority_RenewOrRekey(t *testing.T) { +func TestAuthority_Rekey(t *testing.T) { pub, _, err := keys.GenerateDefaultKeyPair() assert.FatalError(t, err) pub1, _, err := keys.GenerateDefaultKeyPair() @@ -430,14 +430,14 @@ func TestAuthority_RenewOrRekey(t *testing.T) { return &renewTest{ auth: _a, cert: cert, - err: errors.New("authority.RenewOrRekey; error renewing certificate from existing server certificate"), + err: errors.New("authority.Rekey; error renewing certificate from existing server certificate"), code: http.StatusInternalServerError, }, nil }, "fail-unauthorized": func() (*renewTest, error) { return &renewTest{ cert: certNoRenew, - err: errors.New("authority.RenewOrRekey: authority.authorizeRenew: jwk.AuthorizeRenew; renew is disabled for jwk provisioner dev:IMi94WBNI6gP5cNHXlZYNUzvMjGdHyBRmFoo-lCEaqk"), + err: errors.New("authority.Rekey: authority.authorizeRenew: jwk.AuthorizeRenew; renew is disabled for jwk provisioner dev:IMi94WBNI6gP5cNHXlZYNUzvMjGdHyBRmFoo-lCEaqk"), code: http.StatusUnauthorized, }, nil }, @@ -480,9 +480,9 @@ func TestAuthority_RenewOrRekey(t *testing.T) { var certChain []*x509.Certificate if tc.auth != nil { - certChain, err = tc.auth.RenewOrRekey(tc.cert, pub1) + certChain, err = tc.auth.Rekey(tc.cert, pub1) } else { - certChain, err = a.RenewOrRekey(tc.cert, pub1) + certChain, err = a.Rekey(tc.cert, pub1) } if err != nil { if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {