update issue cert method

Signed-off-by: nyagamunene <[email protected]>

api/logging.go

@@ -5,7 +5,6 @@ package api
 
 import (
 	"context"
-	"crypto/rsa"
 	"crypto/x509"
 	"fmt"
 	"log/slog"
@@ -86,7 +85,7 @@ func (lm *loggingMiddleware) RetrieveCAToken(ctx context.Context) (tokenString s
 	return lm.svc.RetrieveCAToken(ctx)
 }
 
-func (lm *loggingMiddleware) IssueCert(ctx context.Context, entityID, ttl string, ipAddrs []string, options certs.SubjectOptions, privKey ...*rsa.PrivateKey) (cert certs.Certificate, err error) {
+func (lm *loggingMiddleware) IssueCert(ctx context.Context, entityID, ttl string, ipAddrs []string, options certs.SubjectOptions, privKey ...any) (cert certs.Certificate, err error) {
 	defer func(begin time.Time) {
 		message := fmt.Sprintf("Method issue_cert for took %s to complete", time.Since(begin))
 		if err != nil {

api/metrics.go

@@ -5,7 +5,6 @@ package api
 
 import (
 	"context"
-	"crypto/rsa"
 	"crypto/x509"
 	"time"
 
@@ -72,7 +71,7 @@ func (mm *metricsMiddleware) RetrieveCAToken(ctx context.Context) (string, error
 	return mm.svc.RetrieveCAToken(ctx)
 }
 
-func (mm *metricsMiddleware) IssueCert(ctx context.Context, entityID, ttl string, ipAddrs []string, options certs.SubjectOptions, privKey ...*rsa.PrivateKey) (certs.Certificate, error) {
+func (mm *metricsMiddleware) IssueCert(ctx context.Context, entityID, ttl string, ipAddrs []string, options certs.SubjectOptions, privKey ...any) (certs.Certificate, error) {
 	defer func(begin time.Time) {
 		mm.counter.With("method", "issue_certificate").Add(1)
 		mm.latency.With("method", "issue_certificate").Observe(time.Since(begin).Seconds())

certs.go

@@ -158,7 +158,7 @@ type Service interface {
 	RetrieveCAToken(ctx context.Context) (string, error)
 
 	// IssueCert issues a certificate from the database.
-	IssueCert(ctx context.Context, entityID, ttl string, ipAddrs []string, option SubjectOptions, privKey ...*rsa.PrivateKey) (Certificate, error)
+	IssueCert(ctx context.Context, entityID, ttl string, ipAddrs []string, option SubjectOptions, privKey ...any) (Certificate, error)
 
 	// OCSP retrieves the OCSP response for a certificate.
 	OCSP(ctx context.Context, serialNumber string) (*Certificate, int, *x509.Certificate, error)

service.go

@@ -5,6 +5,7 @@ package certs
 
 import (
 	"context"
+	"crypto"
 	"crypto/ecdsa"
 	"crypto/ed25519"
 	"crypto/rand"
@@ -88,17 +89,17 @@ func NewService(ctx context.Context, repo Repository, config *Config) (Service,
 // using the provided template and the generated private key.
 // The certificate is then stored in the repository using the CreateCert method.
 // If the root CA is not found, it returns an error.
-func (s *service) IssueCert(ctx context.Context, entityID, ttl string, ipAddrs []string, options SubjectOptions, key ...*rsa.PrivateKey) (Certificate, error) {
-	var privKey rsa.PrivateKey
+func (s *service) IssueCert(ctx context.Context, entityID, ttl string, ipAddrs []string, options SubjectOptions, key ...any) (Certificate, error) {
+	var privKey any
 	var err error
 	if len(key) == 0 {
 		pKey, err := rsa.GenerateKey(rand.Reader, PrivateKeyBytes)
-		privKey = *pKey
+		privKey = pKey
 		if err != nil {
 			return Certificate{}, err
 		}
 	} else {
-		privKey = *key[0]
+		privKey = key[0]
 	}
 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
 	if err != nil {
@@ -132,12 +133,37 @@ func (s *service) IssueCert(ctx context.Context, entityID, ttl string, ipAddrs [
 		DNSNames:              append(s.intermediateCA.Certificate.DNSNames, ipAddrs...),
 	}
 
-	certBytes, err := x509.CreateCertificate(rand.Reader, &template, s.intermediateCA.Certificate, &privKey.PublicKey, s.intermediateCA.PrivateKey)
+	var pubKey crypto.PublicKey
+	var privKeyBytes []byte
+	var privKeyType string
+
+	switch key := privKey.(type) {
+	case *rsa.PrivateKey:
+		pubKey = key.Public()
+		privKeyBytes = x509.MarshalPKCS1PrivateKey(key)
+		privKeyType = "RSA PRIVATE KEY"
+	case *ecdsa.PrivateKey:
+		pubKey = key.Public()
+		privKeyBytes, err = x509.MarshalPKCS8PrivateKey(key)
+		privKeyType = "EC PRIVATE KEY"
+	case ed25519.PrivateKey:
+		pubKey = key.Public()
+		privKeyBytes, err = x509.MarshalPKCS8PrivateKey(key)
+		privKeyType = "PRIVATE KEY"
+	default:
+		return Certificate{}, errors.Wrap(ErrCreateEntity, errors.New("unsupported private key type"))
+	}
+
+	if err != nil {
+		return Certificate{}, err
+	}
+
+	certBytes, err := x509.CreateCertificate(rand.Reader, &template, s.intermediateCA.Certificate, pubKey, s.intermediateCA.PrivateKey)
 	if err != nil {
 		return Certificate{}, err
 	}
 	dbCert := Certificate{
-		Key:          pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(&privKey)}),
+		Key:          pem.EncodeToMemory(&pem.Block{Type: privKeyType, Bytes: privKeyBytes}),
 		Certificate:  pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certBytes}),
 		SerialNumber: template.SerialNumber.String(),
 		EntityID:     entityID,

tracing/certs.go

@@ -5,7 +5,6 @@ package tracing
 
 import (
 	"context"
-	"crypto/rsa"
 	"crypto/x509"
 
 	"github.com/absmach/certs"
@@ -54,7 +53,7 @@ func (tm *tracingMiddleware) RetrieveCAToken(ctx context.Context) (string, error
 	return tm.svc.RetrieveCAToken(ctx)
 }
 
-func (tm *tracingMiddleware) IssueCert(ctx context.Context, entityID, ttl string, ipAddrs []string, options certs.SubjectOptions, privKey ...*rsa.PrivateKey) (certs.Certificate, error) {
+func (tm *tracingMiddleware) IssueCert(ctx context.Context, entityID, ttl string, ipAddrs []string, options certs.SubjectOptions, privKey ...any) (certs.Certificate, error) {
 	ctx, span := tm.tracer.Start(ctx, "issue_cert")
 	defer span.End()
 	return tm.svc.IssueCert(ctx, entityID, ttl, ipAddrs, options, privKey...)