- pkg/certificate: add Format to Request struct to support specifyi…

…ng the Request Format - pkg/venafi/tpp/connector: set a default to the request.Format in `RetrieveCertificate()`, unless a Format is explicitly passed
Venafi · Feb 13, 2023 · 19e7412 · 19e7412
1 parent 8d6c4fc
commit 19e7412
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 7 deletions.
diff --git a/pkg/certificate/certificate.go b/pkg/certificate/certificate.go
@@ -26,16 +26,18 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
-	"github.com/Venafi/vcert/v4/pkg/util"
-	"github.com/youmark/pkcs8"
 	"net"
 	"net/url"
 	"strings"
 	"time"
 
-	"github.com/Venafi/vcert/v4/pkg/verror"
+	"github.com/Venafi/vcert/v4/pkg/util"
+	"github.com/youmark/pkcs8"
+
 	"reflect"
 	"sort"
+
+	"github.com/Venafi/vcert/v4/pkg/verror"
 )
 
 // EllipticCurve represents the types of supported elliptic curves
@@ -211,6 +213,7 @@ type Request struct {
 	Location      *Location
 	ValidityHours int
 	IssuerHint    string
+	Format        string
 }
 
 //SSH Certificate structures

diff --git a/pkg/venafi/tpp/connector.go b/pkg/venafi/tpp/connector.go
@@ -1202,6 +1202,14 @@ func (c *Connector) RetrieveCertificate(req *certificate.Request) (certificates
 	includeChain := req.ChainOption != certificate.ChainOptionIgnore
 	rootFirstOrder := includeChain && req.ChainOption == certificate.ChainOptionRootFirst
 
+	// if Request doesn't contain a Fornat, use defaults
+	if req.Format == "" {
+		if req.KeyType == certificate.KeyTypeRSA {
+			req.Format = "Base64 (PKCS #8)"
+		}
+		req.Format = "base64"
+	}
+
 	if req.PickupID == "" && req.Thumbprint != "" {
 		// search cert by Thumbprint and fill pickupID
 		searchResult, err := c.searchCertificatesByFingerprint(req.Thumbprint)
@@ -1219,15 +1227,12 @@ func (c *Connector) RetrieveCertificate(req *certificate.Request) (certificates
 
 	certReq := certificateRetrieveRequest{
 		CertificateDN:  req.PickupID,
-		Format:         "base64",
 		RootFirstOrder: rootFirstOrder,
 		IncludeChain:   includeChain,
+		Format:         req.Format,
 	}
 	if req.CsrOrigin == certificate.ServiceGeneratedCSR || req.FetchPrivateKey {
 		certReq.IncludePrivateKey = true
-		if req.KeyType == certificate.KeyTypeRSA {
-			certReq.Format = "Base64 (PKCS #8)"
-		}
 		certReq.Password = req.KeyPassword
 	}