Merge pull request #90 from planetscale/dbussink/cleanup-ca-chain

Cleanup unneeded CA chain

Author: dbussink

Diff for: planetscale/certs.go

@@ -30,7 +30,6 @@ type CertificatesService interface {
 
 type Cert struct {
 	ClientCert tls.Certificate
-	CACerts    []*x509.Certificate
 	AccessHost string
 	Ports      RemotePorts
 }
@@ -101,22 +100,16 @@ func (c *certificatesService) Create(ctx context.Context, r *CreateCertificateRe
 	}
 
 	var cr struct {
-		Certificate      string         `json:"certificate"`
-		CertificateChain string         `json:"certificate_chain"`
-		AccessHost       string         `json:"access_host"`
-		Ports            map[string]int `json:"ports"`
+		Certificate string         `json:"certificate"`
+		AccessHost  string         `json:"access_host"`
+		Ports       map[string]int `json:"ports"`
 	}
 
 	err = c.client.do(ctx, req, &cr)
 	if err != nil {
 		return nil, err
 	}
 
-	caCerts, err := parseCerts(cr.CertificateChain)
-	if err != nil {
-		return nil, fmt.Errorf("parsing certificate chain failed: %s", err)
-	}
-
 	privateKeyBytes, err := x509.MarshalPKCS8PrivateKey(r.PrivateKey)
 	if err != nil {
 		return nil, fmt.Errorf("failed to marshal private key: %s", err)
@@ -136,31 +129,10 @@ func (c *certificatesService) Create(ctx context.Context, r *CreateCertificateRe
 
 	return &Cert{
 		ClientCert: clientCert,
-		CACerts:    caCerts,
 		AccessHost: cr.AccessHost,
 		Ports: RemotePorts{
 			Proxy: cr.Ports["proxy"],
 			MySQL: cr.Ports["mysql-tls"],
 		},
 	}, nil
 }
-
-func parseCerts(pemCert string) ([]*x509.Certificate, error) {
-	perCertBlock := []byte(pemCert)
-	var certs []*x509.Certificate
-
-	for {
-		var certBlock *pem.Block
-		certBlock, perCertBlock = pem.Decode(perCertBlock)
-		if certBlock == nil {
-			break
-		}
-		cert, err := x509.ParseCertificate(certBlock.Bytes)
-		if err != nil {
-			return nil, err
-		}
-
-		certs = append(certs, cert)
-	}
-	return certs, nil
-}

Diff for: planetscale/certs_test.go

@@ -95,14 +95,12 @@ func TestCertificates_Create(t *testing.T) {
 		w.WriteHeader(200)
 
 		var out = struct {
-			Certificate      string         `json:"certificate"`
-			CertificateChain string         `json:"certificate_chain"`
-			AccessHost       string         `json:"access_host"`
-			Ports            map[string]int `json:"ports"`
+			Certificate string         `json:"certificate"`
+			AccessHost  string         `json:"access_host"`
+			Ports       map[string]int `json:"ports"`
 		}{
-			Certificate:      testSignedPublicKey,
-			CertificateChain: testCACert,
-			AccessHost:       accessHost,
+			Certificate: testSignedPublicKey,
+			AccessHost:  accessHost,
 			Ports: map[string]int{
 				"mysql-tls": 3306,
 				"proxy":     3307,
@@ -127,16 +125,21 @@ func TestCertificates_Create(t *testing.T) {
 	c.Assert(err, qt.IsNil)
 
 	c.Assert(cert.AccessHost, qt.Equals, accessHost)
-	c.Assert(cert.CACerts, qt.HasLen, 1)
 	c.Assert(cert.ClientCert, qt.Not(qt.IsNil))
 	c.Assert(cert.ClientCert.PrivateKey, qt.Not(qt.IsNil))
 	c.Assert(cert.ClientCert.Certificate, qt.HasLen, 1)
 
 	ccert := cert.ClientCert.Certificate[0]
 	ct, err := x509.ParseCertificate(ccert)
 	c.Assert(err, qt.IsNil)
+
+	caBlock, _ := pem.Decode([]byte(testCACert))
+	c.Assert(caBlock, qt.IsNotNil)
+	ca, err := x509.ParseCertificate(caBlock.Bytes)
+	c.Assert(err, qt.IsNil)
+
 	c.Assert(ct.Subject.CommonName, qt.Equals, "org-foo/db-foo/branch-foo")
-	c.Assert(ct.Issuer.CommonName, qt.Equals, cert.CACerts[0].Issuer.CommonName)
+	c.Assert(ct.Issuer.CommonName, qt.Equals, ca.Subject.CommonName)
 
 	c.Assert(cert.Ports.MySQL, qt.Equals, 3306)
 	c.Assert(cert.Ports.Proxy, qt.Equals, 3307)