Fork: 0
yangyangxie / EnvoyControlPlane
Transfer to URL with SHA Find file
Newer
Older
EnvoyControlPlane / internal / pkg / cert / persist.go
@yangyangxie yangyangxie 21 hours ago 2 KB Fix: Ensure FullChainPEM is saved and loaded in persist.go
Raw Blame History 
package cert

import (
	"context"
	"envoy-control-plane/internal/pkg/cert/api"
	"envoy-control-plane/internal/pkg/storage"
	"errors"
	"fmt"
)

// SaveCertificateData persists the certificate data needed for renewal to the database.
// It uses the underlying CertStorer dependency.
func SaveCertificateData(ctx context.Context, store *storage.Storage, cert *api.Certificate, email string, issuertype string, secretname string) error {
	if store == nil {
		return errors.New("certificate store dependency is nil, cannot save data")
	}

	certStorage := &storage.CertStorage{
		Domain:         cert.Domain,
		Email:          email, // Store email with the cert
		CertPEM:        cert.CertPEM,
		KeyPEM:         cert.KeyPEM,
		FullChainPEM:   cert.FullChain, // ADDED: Save the full chain
		AccountKey:     cert.AccountKey,
		AccountURL:     cert.AccountURL,
		IssuerType:     issuertype,
		SecretName:     secretname,
		EnableRotation: cert.EnableRotation,
		RenewBefore:    cert.RenewBefore,
	}

	if err := store.SaveCertificate(ctx, certStorage); err != nil {
		return fmt.Errorf("failed to save certificate data for %s: %w", cert.Domain, err)
	}
	// if err := store.UpdateSecretDomain(ctx, secretname, cert.Domain); err != nil {
	// 	return fmt.Errorf("failed to update the domain %s for secret %s: %w", cert.Domain, secretname, err)
	// }
	return nil
}

// LoadCertificateData retrieves the certificate data needed for renewal from the database.
// It uses the underlying CertStorer dependency.
func LoadCertificateData(ctx context.Context, store *storage.Storage, domain string) (*api.Certificate, string, string, error) {
	if store == nil {
		return nil, "", "", errors.New("certificate store dependency is nil, cannot load data")
	}

	certStorage, err := store.LoadCertificate(ctx, domain)
	if err != nil {
		return nil, "", "", fmt.Errorf("failed to load certificate data for %s: %w", domain, err)
	}
	if certStorage == nil {
		return nil, "", "", fmt.Errorf("no certificate data found for domain %s", domain)
	}

	cert := &api.Certificate{
		Domain:         certStorage.Domain,
		CertPEM:        certStorage.CertPEM,
		KeyPEM:         certStorage.KeyPEM,
		FullChain:      certStorage.FullChainPEM, // ADDED: Load the full chain
		AccountKey:     certStorage.AccountKey,
		AccountURL:     certStorage.AccountURL,
		EnableRotation: certStorage.EnableRotation,
		RenewBefore:    certStorage.RenewBefore,
	}

	return cert, certStorage.Email, certStorage.IssuerType, nil
}