Merge pull request #10 from Keyfactor/double-encoding-fix

fixed double-encoding when storing the cert.
Keyfactor · May 17, 2023 · 8f3e7d6 · 8f3e7d6
2 parents 832e316 + 2613add
commit 8f3e7d6
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 38 deletions.
diff --git a/backend.go b/backend.go
@@ -106,7 +106,7 @@ func (b *keyfactorBackend) submitCSR(ctx context.Context, req *logical.Request,
 		return nil, "", err
 	}
 	if config == nil {
-		return nil, "", errors.New("configuration is empty.")
+		return nil, "", errors.New("configuration is empty")
 	}
 
 	ca := config.CertAuthority
@@ -154,10 +154,11 @@ func (b *keyfactorBackend) submitCSR(ctx context.Context, req *logical.Request,
 	}
 
 	// Read response and return certificate and key
+
 	defer res.Body.Close()
 	body, err := ioutil.ReadAll(res.Body)
 	if err != nil {
-		b.Logger().Info("Error reading response: {{err}}", err)
+		b.Logger().Error("Error reading response: {{err}}", err)
 		return nil, "", err
 	}
 
@@ -177,6 +178,8 @@ func (b *keyfactorBackend) submitCSR(ctx context.Context, req *logical.Request,
 	serial := inner["SerialNumber"].(string)
 	kfId := inner["KeyfactorID"].(float64)
 
+	b.Logger().Debug("parsed response: ", certI...)
+
 	if err != nil {
 		b.Logger().Error("unable to parse ca_chain response", fmt.Sprint(err))
 	}
@@ -190,20 +193,26 @@ func (b *keyfactorBackend) submitCSR(ctx context.Context, req *logical.Request,
 		b.Logger().Error("error storing the ca_chain locally", err)
 	}
 
-	err = req.Storage.Put(ctx, &logical.StorageEntry{
-		Key:   "certs/" + normalizeSerial(serial),
+	key := "certs/" + normalizeSerial(serial)
+
+	entry := &logical.StorageEntry{
+		Key:   key,
 		Value: []byte(certs[0]),
-	})
+	}
+
+	b.Logger().Debug("cert entry.Value = ", string(entry.Value))
+
+	err = req.Storage.Put(ctx, entry)
 	if err != nil {
 		return nil, "", errwrap.Wrapf("unable to store certificate locally: {{err}}", err)
 	}
 
-	entry, err := logical.StorageEntryJSON("kfId/"+normalizeSerial(serial), kfId)
+	kfIdEntry, err := logical.StorageEntryJSON("kfId/"+normalizeSerial(serial), kfId)
 	if err != nil {
 		return nil, "", err
 	}
 
-	err = req.Storage.Put(ctx, entry)
+	err = req.Storage.Put(ctx, kfIdEntry)
 	if err != nil {
 		return nil, "", errwrap.Wrapf("unable to store the keyfactor ID for the certificate locally: {{err}}", err)
 	}

diff --git a/path_certs.go b/path_certs.go
@@ -5,7 +5,6 @@ import (
 	"encoding/base64"
 	b64 "encoding/base64"
 	"encoding/json"
-	"encoding/pem"
 	"fmt"
 	"io"
 	"net/http"
@@ -117,8 +116,7 @@ func (b *keyfactorBackend) pathFetchCert(ctx context.Context, req *logical.Reque
 	var serial, contentType string
 	var certEntry, revokedEntry *logical.StorageEntry
 	var funcErr error
-	var certificate []byte
-	var block pem.Block
+	var certificate string
 	var revocationTime int64
 	response = &logical.Response{
 		Data: map[string]interface{}{},
@@ -131,7 +129,6 @@ func (b *keyfactorBackend) pathFetchCert(ctx context.Context, req *logical.Reque
 	b.Logger().Debug("fetching cert, path = " + req.Path)
 
 	serial = data.Get("serial").(string)
-	pemType := "CERTIFICATE"
 
 	if len(serial) == 0 {
 		response = logical.ErrorResponse("The serial number must be provided")
@@ -156,13 +153,9 @@ func (b *keyfactorBackend) pathFetchCert(ctx context.Context, req *logical.Reque
 		goto reply
 	}
 
-	block = pem.Block{
-		Type:  pemType,
-		Bytes: certEntry.Value,
-	}
-
-	certificate = []byte(strings.TrimSpace(string(pem.EncodeToMemory(&block))))
+	b.Logger().Debug("fetched certEntry.Value = ", certEntry.Value)
 
+	certificate = string(certEntry.Value)
 	revokedEntry, funcErr = fetchCertBySerial(ctx, req, "revoked/", serial)
 	if funcErr != nil {
 		switch funcErr.(type) {
@@ -509,19 +502,6 @@ func revokeCert(ctx context.Context, b *keyfactorBackend, req *logical.Request,
 		}
 		b.Logger().Info("certEntry key = " + certEntry.Key)
 		b.Logger().Info("certEntry value = " + string(certEntry.Value))
-		// cert, err := x509.ParseCertificate(certEntry.Value)
-		// if err != nil {
-		// 	return nil, errwrap.Wrapf("error parsing certificate: {{err}}", err)
-		// }
-		// if cert == nil {
-		// 	return nil, fmt.Errorf("got a nil certificate")
-		// }
-
-		// Add a little wiggle room because leases are stored with a second
-		// granularity
-		// if cert.NotAfter.Before(time.Now().Add(2 * time.Second)) {
-		// 	return nil, nil
-		// }
 
 		currTime := time.Now()
 		revInfo.CertificateBytes = certEntry.Value
@@ -540,14 +520,6 @@ func revokeCert(ctx context.Context, b *keyfactorBackend, req *logical.Request,
 
 	}
 
-	// crlErr := buildCRL(ctx, b, req, false)
-	// switch crlErr.(type) {
-	// case errutil.UserError:
-	// 	return logical.ErrorResponse(fmt.Sprintf("Error during CRL building: %s", crlErr)), nil
-	// case errutil.InternalError:
-	// 	return nil, errwrap.Wrapf("error encountered during CRL building: {{err}}", crlErr)
-	// }
-
 	resp := &logical.Response{
 		Data: map[string]interface{}{
 			"revocation_time": revInfo.RevocationTime,