From 8dabcfb7deb0c9fb1e76ab25ce4a87882b82a42c Mon Sep 17 00:00:00 2001
From: Pavlo Chernykh <526266+pavlo-v-chernykh@users.noreply.github.com>
Date: Fri, 1 Sep 2023 02:27:15 +0300
Subject: [PATCH] Get ceritifcate chain associated with private key entry
 without a password

---
 .github/workflows/main.yaml |  2 +-
 keystore.go                 | 16 ++++++++++++++++
 keystore_test.go            |  9 +++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index b8bd6c3..ffc6f17 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -23,7 +23,7 @@ jobs:
         uses: golangci/golangci-lint-action@v2.5.2
         with:
           args: --timeout=5m0s -c .golangci.yaml
-          version: v1.46.2
+          version: v1.54.2
   test:
     name: Test
     runs-on: ubuntu-latest
diff --git a/keystore.go b/keystore.go
index 42f61fe..2c3f222 100644
--- a/keystore.go
+++ b/keystore.go
@@ -250,6 +250,22 @@ func (ks KeyStore) GetPrivateKeyEntry(alias string, password []byte) (PrivateKey
 	return pke, nil
 }
 
+// GetPrivateKeyEntryCertificateChain returns certificate chain associated with
+// PrivateKeyEntry from the keystore by the alias.
+func (ks KeyStore) GetPrivateKeyEntryCertificateChain(alias string) ([]Certificate, error) {
+	e, ok := ks.m[ks.convertAlias(alias)]
+	if !ok {
+		return nil, ErrEntryNotFound
+	}
+
+	pke, ok := e.(PrivateKeyEntry)
+	if !ok {
+		return nil, ErrWrongEntryType
+	}
+
+	return pke.CertificateChain, nil
+}
+
 // IsPrivateKeyEntry returns true if the keystore has PrivateKeyEntry by the alias.
 func (ks KeyStore) IsPrivateKeyEntry(alias string) bool {
 	_, ok := ks.m[ks.convertAlias(alias)].(PrivateKeyEntry)
diff --git a/keystore_test.go b/keystore_test.go
index 34c266f..c773bc3 100644
--- a/keystore_test.go
+++ b/keystore_test.go
@@ -51,6 +51,11 @@ func TestSetGetMethods(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	chainGet, err := ks.GetPrivateKeyEntryCertificateChain(pkeAlias)
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	tceGet, err := ks.GetTrustedCertificateEntry(tceAlias)
 	if err != nil {
 		t.Fatal(err)
@@ -60,6 +65,10 @@ func TestSetGetMethods(t *testing.T) {
 		t.Fatal("private key entries not equal")
 	}
 
+	if !reflect.DeepEqual(pke.CertificateChain, chainGet) {
+		t.Fatal("certificate chains of private key entries are not equal")
+	}
+
 	if !reflect.DeepEqual(tce, tceGet) {
 		t.Fatal("private key entries not equal")
 	}