1 files changed, 22 insertions, 26 deletions

diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
index dc2824ce..db171e33 100644
--- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
@@ -26,14 +26,12 @@
 package cmpv2provisioner
 
 import (
-	"context"
 	"sync"
 
 	"k8s.io/apimachinery/pkg/types"
 
 	"onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
 	"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
-	"onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr"
 	"onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
 	"onap.org/oom-certservice/k8s-external-provider/src/model"
 )
@@ -45,6 +43,7 @@ type CertServiceCA struct {
 	url               string
 	healthEndpoint    string
 	certEndpoint      string
+	updateEndpoint    string
 	caName            string
 	certServiceClient certserviceclient.CertServiceClient
 }
@@ -57,10 +56,11 @@ func New(cmpv2Issuer *cmpv2api.CMPv2Issuer, certServiceClient certserviceclient.
 	ca.caName = cmpv2Issuer.Spec.CaName
 	ca.healthEndpoint = cmpv2Issuer.Spec.HealthEndpoint
 	ca.certEndpoint = cmpv2Issuer.Spec.CertEndpoint
+	ca.updateEndpoint = cmpv2Issuer.Spec.UpdateEndpoint
 	ca.certServiceClient = certServiceClient
 
 	log := leveledlogger.GetLoggerWithName("cmpv2-provisioner")
-	log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "caName", ca.caName, "healthEndpoint", ca.healthEndpoint, "certEndpoint", ca.certEndpoint)
+	log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "caName", ca.caName, "healthEndpoint", ca.healthEndpoint, "certEndpoint", ca.certEndpoint, "updateEndpoint", ca.updateEndpoint)
 
 	return &ca, nil
 }
@@ -85,40 +85,23 @@ func Store(namespacedName types.NamespacedName, provisioner *CertServiceCA) {
 }
 
 func (ca *CertServiceCA) Sign(
-	ctx context.Context,
 	signCertificateModel model.SignCertificateModel,
 ) (signedCertificateChain []byte, trustedCertificates []byte, err error) {
 	log := leveledlogger.GetLoggerWithName("certservice-provisioner")
 
-	if signCertificateModel.IsUpdateRevision {
-		log.Debug("Certificate will be updated.", "old-certificate", signCertificateModel.OldCertificate,
-			"old-private-key", signCertificateModel.OldPrivateKey)
-	}
-
 	certificateRequest := signCertificateModel.CertificateRequest
-	privateKeyBytes := signCertificateModel.PrivateKeyBytes
 	log.Info("Signing certificate: ", "cert-name", certificateRequest.Name)
-
 	log.Info("CA: ", "name", ca.name, "url", ca.url)
 
-	csrBytes := certificateRequest.Spec.Request
-	log.Debug("Original CSR PEM: ", "bytes", csrBytes)
-
-	filteredCsrBytes, err := csr.FilterFieldsFromCSR(csrBytes, privateKeyBytes)
-	if err != nil {
-		return nil, nil, err
-	}
-	log.Debug("Filtered out CSR PEM: ", "bytes", filteredCsrBytes)
-
 	var response *certserviceclient.CertificatesResponse
 	var errAPI error
-
-	if signCertificateModel.IsUpdateRevision {
+	if ca.isCertificateUpdate(signCertificateModel) {
+		log.Debug("Certificate will be updated.", "old-certificate", signCertificateModel.OldCertificateBytes)
 		log.Info("Attempt to send certificate update request")
-		response, errAPI = ca.certServiceClient.UpdateCertificate(filteredCsrBytes, privateKeyBytes, signCertificateModel)
+		response, errAPI = ca.certServiceClient.UpdateCertificate(signCertificateModel)
 	} else {
 		log.Info("Attempt to send certificate request")
-		response, errAPI = ca.certServiceClient.GetCertificates(filteredCsrBytes, privateKeyBytes)
+		response, errAPI = ca.certServiceClient.GetCertificates(signCertificateModel)
 	}
 
 	if errAPI != nil {
@@ -135,11 +118,24 @@ func (ca *CertServiceCA) Sign(
 		log.Error(signErr, "Cannot parse response from CertService API")
 		return nil, nil, signErr
 	}
-
 	log.Info("Successfully signed: ", "cert-name", certificateRequest.Name)
-
 	log.Debug("Signed cert PEM: ", "bytes", signedCertificateChain)
 	log.Debug("Trusted CA  PEM: ", "bytes", trustedCertificates)
 
 	return signedCertificateChain, trustedCertificates, nil
 }
+
+func (ca *CertServiceCA) updateEndpointIsConfigured() bool {
+	log := leveledlogger.GetLoggerWithName("certservice-provisioner")
+	isConfigured := ca.updateEndpoint != ""
+	if !isConfigured {
+		log.Info("Missing 'update endpoint' configuration. Certificates will received by certificate request instead of certificate update request")
+	}
+	return isConfigured
+}
+
+func (ca *CertServiceCA) isCertificateUpdate(signCertificateModel model.SignCertificateModel) bool {
+	return len(signCertificateModel.OldCertificateBytes) > 0 &&
+		len(signCertificateModel.OldPrivateKeyBytes) > 0 &&
+		ca.updateEndpointIsConfigured()
+}