Get ceritifcate chain associated with private key entry without a pas…

…sword
pavlo-v-chernykh · Aug 31, 2023 · 841aee8 · 841aee8
1 parent 1fdc529
commit 841aee8
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/keystore.go b/keystore.go
@@ -250,6 +250,22 @@ func (ks KeyStore) GetPrivateKeyEntry(alias string, password []byte) (PrivateKey
 	return pke, nil
 }
 
+// GetPrivateKeyEntryCertificateChain returns certificate chain associated with
+// PrivateKeyEntry from the keystore by the alias.
+func (ks KeyStore) GetPrivateKeyEntryCertificateChain(alias string) ([]Certificate, error) {
+	e, ok := ks.m[ks.convertAlias(alias)]
+	if !ok {
+		return nil, ErrEntryNotFound
+	}
+
+	pke, ok := e.(PrivateKeyEntry)
+	if !ok {
+		return nil, ErrWrongEntryType
+	}
+
+	return pke.CertificateChain, nil
+}
+
 // IsPrivateKeyEntry returns true if the keystore has PrivateKeyEntry by the alias.
 func (ks KeyStore) IsPrivateKeyEntry(alias string) bool {
 	_, ok := ks.m[ks.convertAlias(alias)].(PrivateKeyEntry)

diff --git a/keystore_test.go b/keystore_test.go
@@ -51,6 +51,11 @@ func TestSetGetMethods(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	chainGet, err := ks.GetPrivateKeyEntryCertificateChain(pkeAlias)
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	tceGet, err := ks.GetTrustedCertificateEntry(tceAlias)
 	if err != nil {
 		t.Fatal(err)
@@ -60,6 +65,10 @@ func TestSetGetMethods(t *testing.T) {
 		t.Fatal("private key entries not equal")
 	}
 
+	if !reflect.DeepEqual(pke.CertificateChain, chainGet) {
+		t.Fatal("certificate chains of private key entries are not equal")
+	}
+
 	if !reflect.DeepEqual(tce, tceGet) {
 		t.Fatal("private key entries not equal")
 	}