From eb7a109c711e49909833c06e8cc7b3b133f0b7c2 Mon Sep 17 00:00:00 2001
From: Slawomir Koszewski <slawek@koszewscy.waw.pl>
Date: Fri, 22 May 2026 14:26:43 +0200
Subject: [PATCH] fix: add logging in certificate conversion process

---
 src/lib/provisioner.ts | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/lib/provisioner.ts b/src/lib/provisioner.ts
index 9551335..9d36d44 100644
--- a/src/lib/provisioner.ts
+++ b/src/lib/provisioner.ts
@@ -136,10 +136,15 @@ export class Provisioner {
 
   async convert(domain: string, targetFormat: 'pem' | 'pfx'): Promise<void> {
     const certName = domainToCertName(domain);
+    this.log(`[convert] cert name: ${certName}`);
+
     const cert = await this.store.getCertificate(certName);
     if (!cert) throw new Error(`Certificate not found in KeyVault: ${certName}`);
+    this.log(`[convert] contentType: ${cert.policy?.contentType}`);
 
     const currentFormat = cert.policy?.contentType === 'application/x-pkcs12' ? 'pfx' : 'pem';
+    this.log(`[convert] detected format: ${currentFormat}, target: ${targetFormat}`);
+
     if (currentFormat === targetFormat) {
       this.log(`Certificate ${certName} is already in ${targetFormat.toUpperCase()} format`);
       return;
@@ -147,13 +152,16 @@ export class Provisioner {
 
     const secretValue = await this.store.getSecret(certName);
     if (!secretValue) throw new Error(`Certificate secret not found: ${certName}`);
+    this.log(`[convert] secret length: ${secretValue.length}, starts with: ${secretValue.slice(0, 40)}`);
 
     if (currentFormat === 'pem') {
-      const { privateKeyPem, certPem, chainPem } = parsePemBundle(secretValue);
-      await this.store.importCertificate(certName, pemToPfx(privateKeyPem, certPem, chainPem), 'pfx');
+      const bundle = parsePemBundle(secretValue);
+      this.log(`[convert] parsed blocks — key: ${bundle.privateKeyPem.length} chars, cert: ${bundle.certPem.length} chars, chain: ${bundle.chainPem.length} chars`);
+      await this.store.importCertificate(certName, pemToPfx(bundle.privateKeyPem, bundle.certPem, bundle.chainPem), 'pfx');
     } else {
-      const { privateKeyPem, certPem, chainPem } = pfxToPem(Buffer.from(secretValue, 'base64'));
-      await this.store.importCertificate(certName, privateKeyPem + certPem + chainPem, 'pem');
+      const bundle = pfxToPem(Buffer.from(secretValue, 'base64'));
+      this.log(`[convert] parsed PFX — key: ${bundle.privateKeyPem.length} chars, cert: ${bundle.certPem.length} chars, chain: ${bundle.chainPem.length} chars`);
+      await this.store.importCertificate(certName, bundle.privateKeyPem + bundle.certPem + bundle.chainPem, 'pem');
     }
 
     this.log(`Certificate ${certName} converted to ${targetFormat.toUpperCase()}`);