From 4f6365d453ea4e3abb40d5060ef86876c59f1c4f Mon Sep 17 00:00:00 2001 From: "Tanishq Dubey (aider)" Date: Fri, 16 May 2025 21:17:23 -0400 Subject: [PATCH] fix: handle CSR file path and raw PEM data in SignCertificateRequest --- cmd/kat-agent/main.go | 14 ++++++++++---- internal/pki/ca.go | 19 ++++++++++++++----- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/cmd/kat-agent/main.go b/cmd/kat-agent/main.go index 55e14e8..d841978 100644 --- a/cmd/kat-agent/main.go +++ b/cmd/kat-agent/main.go @@ -173,11 +173,17 @@ func runInit(cmd *cobra.Command, args []string) { if err := pki.GenerateCertificateRequest(leaderCertCN, leaderKeyPath, leaderCSRPath); err != nil { log.Printf("Failed to generate leader key and CSR: %v", err) } else { - // Sign the CSR with our CA - if err := pki.SignCertificateRequest(caKeyPath, caCertPath, leaderCSRPath, leaderCertPath, 365*24*time.Hour); err != nil { - log.Printf("Failed to sign leader CSR: %v", err) + // Read the CSR file + csrData, err := os.ReadFile(leaderCSRPath) + if err != nil { + log.Printf("Failed to read leader CSR file: %v", err) } else { - log.Println("Successfully generated and signed leader server certificate") + // Sign the CSR with our CA + if err := pki.SignCertificateRequest(caKeyPath, caCertPath, leaderCSRPath, leaderCertPath, 365*24*time.Hour); err != nil { + log.Printf("Failed to sign leader CSR: %v", err) + } else { + log.Println("Successfully generated and signed leader server certificate") + } } } } else { diff --git a/internal/pki/ca.go b/internal/pki/ca.go index 16649b2..48f28f7 100644 --- a/internal/pki/ca.go +++ b/internal/pki/ca.go @@ -10,6 +10,7 @@ import ( "math/big" "os" "path/filepath" + "strings" "time" ) @@ -167,7 +168,8 @@ func GenerateCertificateRequest(commonName, keyOutPath, csrOutPath string) error // SignCertificateRequest signs a CSR using the CA key and certificate. // It reads the CSR from csrPath and saves the signed certificate to certOutPath. -func SignCertificateRequest(caKeyPath, caCertPath, csrPath, certOutPath string, duration time.Duration) error { +// If csrPath contains PEM data (starts with "-----BEGIN"), it uses that directly instead of reading a file. +func SignCertificateRequest(caKeyPath, caCertPath, csrPathOrData, certOutPath string, duration time.Duration) error { // Load CA key caKey, err := LoadCAPrivateKey(caKeyPath) if err != nil { @@ -180,10 +182,17 @@ func SignCertificateRequest(caKeyPath, caCertPath, csrPath, certOutPath string, return fmt.Errorf("failed to load CA certificate: %w", err) } - // Read CSR - csrPEM, err := os.ReadFile(csrPath) - if err != nil { - return fmt.Errorf("failed to read CSR file: %w", err) + // Determine if csrPathOrData is a file path or PEM data + var csrPEM []byte + if strings.HasPrefix(csrPathOrData, "-----BEGIN") { + // It's PEM data, use it directly + csrPEM = []byte(csrPathOrData) + } else { + // It's a file path, read the file + csrPEM, err = os.ReadFile(csrPathOrData) + if err != nil { + return fmt.Errorf("failed to read CSR file: %w", err) + } } block, _ := pem.Decode(csrPEM)