connect/ca: return a better error message if the CA isn't fully initialized when signing

pull/5249/head
Kyle Havlovitz 2019-01-22 11:15:09 -08:00
parent ddc4a8d848
commit a28ba4687d
No known key found for this signature in database
GPG Key ID: 8A5E6B173056AD6C
1 changed files with 6 additions and 3 deletions

View File

@ -328,6 +328,9 @@ func (c *ConsulProvider) Sign(csr *x509.CertificateRequest) (string, error) {
if err != nil { if err != nil {
return "", err return "", err
} }
if providerState.PrivateKey == "" {
return "", ErrNotInitialized
}
// Create the keyId for the cert from the signing private key. // Create the keyId for the cert from the signing private key.
signer, err := connect.ParseSigner(providerState.PrivateKey) signer, err := connect.ParseSigner(providerState.PrivateKey)
@ -623,9 +626,9 @@ func (c *ConsulProvider) generateCA(privateKey string, sn uint64) (string, error
serialNum := &big.Int{} serialNum := &big.Int{}
serialNum.SetUint64(sn) serialNum.SetUint64(sn)
template := x509.Certificate{ template := x509.Certificate{
SerialNumber: serialNum, SerialNumber: serialNum,
Subject: pkix.Name{CommonName: name}, Subject: pkix.Name{CommonName: name},
URIs: []*url.URL{id.URI()}, URIs: []*url.URL{id.URI()},
BasicConstraintsValid: true, BasicConstraintsValid: true,
KeyUsage: x509.KeyUsageCertSign | KeyUsage: x509.KeyUsageCertSign |
x509.KeyUsageCRLSign | x509.KeyUsageCRLSign |