Refactor cert util (hashicorp#6676)

Break dataBundle into two pieces: inputBundle, which contains data that is specific to the pki backend, and creationBundle, which is a more generic bundle of validated inputs given to certificate creation/signing routines. Move functions that only take creationBundle to certutil and make them public.
pfhayes · May 9, 2019 · 1d13290 · 1d13290
1 parent 9be1128
commit 1d13290
Show file tree

Hide file tree

Showing 10 changed files with 829 additions and 813 deletions.
diff --git a/builtin/logical/pki/backend_test.go b/builtin/logical/pki/backend_test.go
@@ -432,7 +432,7 @@ func checkCertsAndPrivateKey(keyType string, key crypto.Signer, usage x509.KeyUs
 }
 
 func generateURLSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[string]interface{}) []logicaltest.TestStep {
-	expected := urlEntries{
+	expected := certutil.URLEntries{
 		IssuingCertificates: []string{
 			"http://example.com/ca1",
 			"http://example.com/ca2",
@@ -499,7 +499,7 @@ func generateURLSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s
 				if resp.Data == nil {
 					return fmt.Errorf("no data returned")
 				}
-				var entries urlEntries
+				var entries certutil.URLEntries
 				err := mapstructure.Decode(resp.Data, &entries)
 				if err != nil {
 					return err

diff --git a/builtin/logical/pki/ca_util.go b/builtin/logical/pki/ca_util.go
@@ -4,6 +4,7 @@ import (
 	"time"
 
 	"github.com/hashicorp/vault/sdk/framework"
+	"github.com/hashicorp/vault/sdk/helper/certutil"
 	"github.com/hashicorp/vault/sdk/logical"
 )
 
@@ -53,7 +54,9 @@ func (b *backend) getGenerationParams(
 		return
 	}
 
-	errorResp = validateKeyTypeLength(role.KeyType, role.KeyBits)
+	if err := certutil.ValidateKeyTypeLength(role.KeyType, role.KeyBits); err != nil {
+		errorResp = logical.ErrorResponse(err.Error())
+	}
 
 	return
 }