feat: add private_key field to JSON responses for all certificate/CA endpoints

2025-12-07 10:06:17 +01:00 · 2025-12-07 10:06:17 +01:00 · c7427dae28
parent 4a06ec52ca
commit c7427dae28
2 changed files with 64 additions and 0 deletions
--- a/internal/api/ca.go
+++ b/internal/api/ca.go
@ -24,6 +24,7 @@ type CAResponse struct {
 	NotAfter     string `json:"not_after"`
 	SerialNumber string `json:"serial_number"`
 	Certificate  string `json:"certificate"` // Base64 encoded
+	PrivateKey   string `json:"private_key,omitempty"` // Base64 encoded (optional)
 	IsCA         bool   `json:"is_ca"`
 }

@ -111,6 +112,14 @@ func CreateCA(c *gin.Context) {
 		response.Certificate = base64.StdEncoding.EncodeToString(ca.Cert.Raw)
 	}

+	// Ajouter la clé privée
+	if ca.PrivateKey != nil {
+		privKeyBase64, err := encodePrivateKey(ca.PrivateKey)
+		if err == nil {
+			response.PrivateKey = privKeyBase64
+		}
+	}
+
 	c.JSON(http.StatusCreated, gin.H{
 		"ca":         response,
 		"created_by": userID,
@ -145,6 +154,14 @@ func GetCA(c *gin.Context) {
 		response.Certificate = base64.StdEncoding.EncodeToString(ca.Cert.Raw)
 	}

+	// Ajouter la clé privée
+	if ca.PrivateKey != nil {
+		privKeyBase64, err := encodePrivateKey(ca.PrivateKey)
+		if err == nil {
+			response.PrivateKey = privKeyBase64
+		}
+	}
+
 	c.JSON(http.StatusOK, gin.H{"ca": response})
 }

@ -210,6 +227,14 @@ func SignCertificateWithCA(c *gin.Context) {
 		response.Certificate = base64.StdEncoding.EncodeToString(cert.Cert.Raw)
 	}

+	// Ajouter la clé privée
+	if cert.PrivateKey != nil {
+		privKeyBase64, err := encodePrivateKey(cert.PrivateKey)
+		if err == nil {
+			response.PrivateKey = privKeyBase64
+		}
+	}
+
 	c.JSON(http.StatusCreated, gin.H{
 		"certificate": response,
 		"signed_by":   req.CAId,
@ -278,6 +303,14 @@ func SignSubCA(c *gin.Context) {
 		response.Certificate = base64.StdEncoding.EncodeToString(subCA.Cert.Raw)
 	}

+	// Ajouter la clé privée
+	if subCA.PrivateKey != nil {
+		privKeyBase64, err := encodePrivateKey(subCA.PrivateKey)
+		if err == nil {
+			response.PrivateKey = privKeyBase64
+		}
+	}
+
 	c.JSON(http.StatusCreated, gin.H{
 		"ca":           response,
 		"signed_by":    req.ParentCAId,
--- a/internal/api/certificates.go
+++ b/internal/api/certificates.go
@ -27,9 +27,24 @@ type CertificateResponse struct {
 	NotAfter     string `json:"not_after"`
 	SerialNumber string `json:"serial_number"`
 	Certificate  string `json:"certificate"` // Base64 encoded
+	PrivateKey   string `json:"private_key,omitempty"` // Base64 encoded (optional)
 	Revoked      bool   `json:"revoked"`
 }

+// encodePrivateKey encode une clé privée en format base64 PKCS#8 PEM
+func encodePrivateKey(privateKey interface{}) (string, error) {
+	if privateKey == nil {
+		return "", nil
+	}
+
+	privKeyDER, err := x509.MarshalPKCS8PrivateKey(privateKey)
+	if err != nil {
+		return "", err
+	}
+
+	return base64.StdEncoding.EncodeToString(privKeyDER), nil
+}
+
 // certificateStore est un store global pour les certificats
 var certificateStore storage.CertificateStore

@ -81,6 +96,14 @@ func CreateCertificate(c *gin.Context) {
 		response.Certificate = base64.StdEncoding.EncodeToString(cert.Cert.Raw)
 	}

+	// Ajouter la clé privée
+	if cert.PrivateKey != nil {
+		privKeyBase64, err := encodePrivateKey(cert.PrivateKey)
+		if err == nil {
+			response.PrivateKey = privKeyBase64
+		}
+	}
+
 	c.JSON(http.StatusCreated, gin.H{
 		"certificate": response,
 		"created_by":  userID,
@ -134,6 +157,14 @@ func GetCertificate(c *gin.Context) {
 		response.Certificate = base64.StdEncoding.EncodeToString(cert.Cert.Raw)
 	}

+	// Ajouter la clé privée si disponible
+	if cert.PrivateKey != nil {
+		privKeyBase64, err := encodePrivateKey(cert.PrivateKey)
+		if err == nil {
+			response.PrivateKey = privKeyBase64
+		}
+	}
+
 	c.JSON(http.StatusOK, gin.H{"certificate": response})
 }