fix: handle CSR file path and raw PEM data in SignCertificateRequest

internal/pki/ca.go

@@ -10,6 +10,7 @@ import (
 	"math/big"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"
 )
 
@@ -167,7 +168,8 @@ func GenerateCertificateRequest(commonName, keyOutPath, csrOutPath string) error
 
 // SignCertificateRequest signs a CSR using the CA key and certificate.
 // It reads the CSR from csrPath and saves the signed certificate to certOutPath.
-func SignCertificateRequest(caKeyPath, caCertPath, csrPath, certOutPath string, duration time.Duration) error {
+// If csrPath contains PEM data (starts with "-----BEGIN"), it uses that directly instead of reading a file.
+func SignCertificateRequest(caKeyPath, caCertPath, csrPathOrData, certOutPath string, duration time.Duration) error {
 	// Load CA key
 	caKey, err := LoadCAPrivateKey(caKeyPath)
 	if err != nil {
@@ -180,10 +182,17 @@ func SignCertificateRequest(caKeyPath, caCertPath, csrPath, certOutPath string,
 		return fmt.Errorf("failed to load CA certificate: %w", err)
 	}
 
-	// Read CSR
-	csrPEM, err := os.ReadFile(csrPath)
-	if err != nil {
-		return fmt.Errorf("failed to read CSR file: %w", err)
+	// Determine if csrPathOrData is a file path or PEM data
+	var csrPEM []byte
+	if strings.HasPrefix(csrPathOrData, "-----BEGIN") {
+		// It's PEM data, use it directly
+		csrPEM = []byte(csrPathOrData)
+	} else {
+		// It's a file path, read the file
+		csrPEM, err = os.ReadFile(csrPathOrData)
+		if err != nil {
+			return fmt.Errorf("failed to read CSR file: %w", err)
+		}
 	}
 
 	block, _ := pem.Decode(csrPEM)