Add sign method

Author: loafoe

pki/services_service.go

@@ -50,6 +50,19 @@ type IssueResponse struct {
 	Auth          *string   `json:"auth"`
 }
 
+// SignRequest
+type SignRequest struct {
+	CSR               string `json:"csr" validation:"required"`
+	CommonName        string `json:"common_name" validation:"required"`
+	AltNames          string `json:"alt_names"`
+	OtherSans         string `json:"other_sans"`
+	IPSans            string `json:"ip_sans"`
+	URISans           string `json:"uri_sans"`
+	TTL               string `json:"ttl,omitempty"`
+	Format            string `json:"format" validation:"required"  enum:"pem|der|pem_bundle"`
+	ExcludeCNFromSans bool   `json:"exclude_cn_from_sans"`
+}
+
 // ServiceOptions
 type ServiceOptions struct {
 }
@@ -160,6 +173,29 @@ func (d *IssueData) GetPrivateKey() (interface{}, error) {
 	return nil, ErrInvalidPrivateKey
 }
 
+// Sign
+func (c *ServicesService) Sign(logicalPath, roleName string, signRequest SignRequest, options ...OptionFunc) (*IssueResponse, *Response, error) {
+	if err := c.validate.Struct(signRequest); err != nil {
+		return nil, nil, err
+	}
+	req, err := c.client.NewServiceRequest(http.MethodPost, "core/pki/api/"+logicalPath+"/sign/"+roleName, &signRequest, options)
+	if err != nil {
+		return nil, nil, err
+	}
+	var responseStruct struct {
+		IssueResponse
+		ErrorResponse
+	}
+	resp, err := c.client.Do(req, &responseStruct)
+	if err != nil {
+		return nil, nil, err
+	}
+	if resp == nil {
+		return nil, nil, ErrEmptyResult
+	}
+	return &responseStruct.IssueResponse, resp, nil
+}
+
 // IssueCertificate
 func (c *ServicesService) IssueCertificate(logicalPath, roleName string, request CertificateRequest, options ...OptionFunc) (*IssueResponse, *Response, error) {
 	req, err := c.client.NewServiceRequest(http.MethodPost, "core/pki/api/"+logicalPath+"/issue/"+roleName, &request, options)

pki/services_service_test.go

@@ -152,7 +152,7 @@ kljJ1cnVriYSyGoStCTCep8b4zDjl3KTdu2cGU4tUZIif6E2DruBZJ8=
 	}
 }
 
-func TestIssueCertificate(t *testing.T) {
+func TestIssueAndSignCertificates(t *testing.T) {
 	teardown := setup(t)
 	defer teardown()
 
@@ -196,6 +196,7 @@ func TestIssueCertificate(t *testing.T) {
 	role := "ec384"
 	muxPKI.HandleFunc("/core/pki/api/"+logicalPath+"/cert/"+serial, returnCert(logicalPath, role))
 	muxPKI.HandleFunc("/core/pki/api/"+logicalPath+"/issue/"+role, returnCert(logicalPath, role))
+	muxPKI.HandleFunc("/core/pki/api/"+logicalPath+"/sign/"+role, returnCert(logicalPath, role))
 	cert, resp, err := pkiClient.Services.IssueCertificate(logicalPath, role, pki.CertificateRequest{
 		CommonName: "test",
 		TTL:        "4355h",
@@ -237,6 +238,21 @@ func TestIssueCertificate(t *testing.T) {
 	if !assert.NotNil(t, cert) {
 		return
 	}
+
+	cert, resp, err = pkiClient.Services.Sign(logicalPath, role, pki.SignRequest{
+		CSR:        "",
+		CommonName: "1e100.io",
+		Format:     "pem",
+	})
+	if !assert.Nil(t, err) {
+		return
+	}
+	if !assert.NotNil(t, resp) {
+		return
+	}
+	if !assert.NotNil(t, cert) {
+		return
+	}
 }
 
 func TestServicesErrors(t *testing.T) {