Get chain of certs

Signed-off-by: nyagamunene <[email protected]>

api/http/endpoint.go

@@ -262,7 +262,7 @@ func downloadCAEndpoint(svc certs.Service) endpoint.Endpoint {
 			return fileDownloadRes{}, err
 		}
 
-		cert, err := svc.GetSigningCA(ctx, req.token)
+		cert, err := svc.GetChainCA(ctx, req.token)
 		if err != nil {
 			return fileDownloadRes{}, err
 		}
@@ -283,7 +283,7 @@ func viewCAEndpoint(svc certs.Service) endpoint.Endpoint {
 			return viewCertRes{}, err
 		}
 
-		cert, err := svc.GetSigningCA(ctx, req.token)
+		cert, err := svc.GetChainCA(ctx, req.token)
 		if err != nil {
 			return viewCertRes{}, err
 		}

api/logging.go

@@ -157,14 +157,14 @@ func (lm *loggingMiddleware) GenerateCRL(ctx context.Context, caType certs.CertT
 	return lm.svc.GenerateCRL(ctx, caType)
 }
 
-func (lm *loggingMiddleware) GetSigningCA(ctx context.Context, token string) (cert certs.Certificate, err error) {
+func (lm *loggingMiddleware) GetChainCA(ctx context.Context, token string) (cert certs.Certificate, err error) {
 	defer func(begin time.Time) {
-		message := fmt.Sprintf("Method get_signing_ca took %s to complete", time.Since(begin))
+		message := fmt.Sprintf("Method get_chain_ca took %s to complete", time.Since(begin))
 		if err != nil {
 			lm.logger.Warn(fmt.Sprintf("%s with error: %s.", message, err))
 			return
 		}
 		lm.logger.Info(message)
 	}(time.Now())
-	return lm.svc.GetSigningCA(ctx, token)
+	return lm.svc.GetChainCA(ctx, token)
 }

api/metrics.go

@@ -120,10 +120,10 @@ func (mm *metricsMiddleware) GenerateCRL(ctx context.Context, caType certs.CertT
 	return mm.svc.GenerateCRL(ctx, caType)
 }
 
-func (mm *metricsMiddleware) GetSigningCA(ctx context.Context, token string) (certs.Certificate, error) {
+func (mm *metricsMiddleware) GetChainCA(ctx context.Context, token string) (certs.Certificate, error) {
 	defer func(begin time.Time) {
-		mm.counter.With("method", "get_signing_ca").Add(1)
-		mm.latency.With("method", "get_signing_ca").Observe(time.Since(begin).Seconds())
+		mm.counter.With("method", "get_chain_ca").Add(1)
+		mm.latency.With("method", "get_chain_ca").Observe(time.Since(begin).Seconds())
 	}(time.Now())
-	return mm.svc.GetSigningCA(ctx, token)
+	return mm.svc.GetChainCA(ctx, token)
 }

certs.go

@@ -68,8 +68,8 @@ type Service interface {
 	// GenerateCRL creates cert revocation list.
 	GenerateCRL(ctx context.Context, caType CertType) ([]byte, error)
 
-	// Retrieves the signing CA.
-	GetSigningCA(ctx context.Context, token string) (Certificate, error)
+	// GetChainCA retrieves the chain of CA i.e. root and intermediate cert concat together.
+	GetChainCA(ctx context.Context, token string) (Certificate, error)
 }
 
 type Repository interface {

cli/utils.go

@@ -6,7 +6,6 @@ package cli
 import (
 	"encoding/json"
 	"fmt"
-	"io/fs"
 	"os"
 	"path/filepath"
 
@@ -16,7 +15,7 @@ import (
 	"github.com/spf13/cobra"
 )
 
-const fileMode = fs.FileMode(600)
+const fileMode = 0o644
 
 var (
 	// Limit query parameter.
@@ -106,8 +105,7 @@ func saveToFile(filename string, content []byte) error {
 	}
 
 	filePath := filepath.Join(cwd, filename)
-	err = os.WriteFile(filePath, content, fileMode)
-	if err != nil {
+	if err := os.WriteFile(filePath, content, fileMode); err != nil {
 		return fmt.Errorf("failed to write file %s: %w", filename, err)
 	}
 

service.go

@@ -254,7 +254,12 @@ func (s *service) RetrieveCert(ctx context.Context, token, serialNumber string)
 	if err != nil {
 		return Certificate{}, []byte{}, errors.Wrap(ErrViewEntity, err)
 	}
-	return cert, pem.EncodeToMemory(&pem.Block{Bytes: s.intermediateCA.Certificate.Raw, Type: "CERTIFICATE"}), nil
+	concat, err := s.getConcatCAs(ctx)
+	if err != nil {
+		return Certificate{}, []byte{}, errors.Wrap(ErrViewEntity, err)
+	}
+
+	return cert, concat.Certificate, nil
 }
 
 func (s *service) ListCerts(ctx context.Context, pm PageMetadata) (CertificatePage, error) {
@@ -450,18 +455,33 @@ func (s *service) GenerateCRL(ctx context.Context, caType CertType) ([]byte, err
 	return pemBytes, nil
 }
 
-func (s *service) GetSigningCA(ctx context.Context, token string) (Certificate, error) {
+func (s *service) GetChainCA(ctx context.Context, token string) (Certificate, error) {
 	if _, err := jwt.ParseWithClaims(token, &jwt.StandardClaims{Issuer: Organization, Subject: "certs"}, func(token *jwt.Token) (interface{}, error) {
 		return []byte(s.intermediateCA.SerialNumber), nil
 	}); err != nil {
 		return Certificate{}, errors.Wrap(err, ErrMalformedEntity)
 	}
 
-	cert, err := s.repo.RetrieveCert(ctx, s.intermediateCA.SerialNumber)
+	return s.getConcatCAs(ctx)
+}
+
+func (s *service) getConcatCAs(ctx context.Context) (Certificate, error) {
+	intermediateCert, err := s.repo.RetrieveCert(ctx, s.intermediateCA.SerialNumber)
 	if err != nil {
 		return Certificate{}, errors.Wrap(ErrViewEntity, err)
 	}
-	return cert, nil
+
+	rootCert, err := s.repo.RetrieveCert(ctx, s.rootCA.SerialNumber)
+	if err != nil {
+		return Certificate{}, errors.Wrap(ErrViewEntity, err)
+	}
+
+	concat := string(intermediateCert.Certificate) + string(rootCert.Certificate)
+	return Certificate{
+		Certificate: []byte(concat),
+		Key:         intermediateCert.Key,
+		ExpiryTime:  intermediateCert.ExpiryTime,
+	}, nil
 }
 
 func (s *service) generateRootCA(ctx context.Context, config Config) (*CA, error) {

tracing/certs.go

@@ -89,8 +89,8 @@ func (tm *tracingMiddleware) GenerateCRL(ctx context.Context, caType certs.CertT
 	return tm.svc.GenerateCRL(ctx, caType)
 }
 
-func (tm *tracingMiddleware) GetSigningCA(ctx context.Context, token string) (certs.Certificate, error) {
-	ctx, span := tm.tracer.Start(ctx, "get_signing_ca")
+func (tm *tracingMiddleware) GetChainCA(ctx context.Context, token string) (certs.Certificate, error) {
+	ctx, span := tm.tracer.Start(ctx, "get_chain_ca")
 	defer span.End()
-	return tm.svc.GetSigningCA(ctx, token)
+	return tm.svc.GetChainCA(ctx, token)
 }