From bd9547ff7040ea625ff3ae4bf258d98a1bae53c4 Mon Sep 17 00:00:00 2001 From: Slawek Koszewski Date: Sun, 27 Jul 2025 21:46:27 +0200 Subject: [PATCH] Simplified template rendering. --- ca.go | 42 ++++++++++++++---------------------------- 1 file changed, 14 insertions(+), 28 deletions(-) diff --git a/ca.go b/ca.go index 4492f03..8984bcf 100644 --- a/ca.go +++ b/ca.go @@ -545,14 +545,12 @@ func parseDistinguishedName(dn string) pkix.Name { return name } -// Helper: apply Go template to a string using CertificateDefinition and CertificateDefaults as data -func applyTemplate(s string, def CertificateDefinition, defaults *CertificateDefaults) (string, error) { +// Helper: apply Go template to a string using only the certificate label as data +func applyTemplate(s string, name string) (string, error) { data := struct { - CertificateDefinition - Defaults *CertificateDefaults + Name string }{ - CertificateDefinition: def, - Defaults: defaults, + Name: name, } tmpl, err := template.New("").Parse(s) if err != nil { @@ -570,39 +568,27 @@ func renderCertificateDefTemplates(def CertificateDefinition, defaults *Certific newDef := def // Subject: use def.Subject if set, else defaults.Subject (rendered) if def.Subject != "" { - if rendered, err := applyTemplate(def.Subject, def, defaults); err == nil { + if rendered, err := applyTemplate(def.Subject, def.Name); err == nil { newDef.Subject = rendered } } else if defaults != nil && defaults.Subject != "" { - if rendered, err := applyTemplate(defaults.Subject, def, defaults); err == nil { + if rendered, err := applyTemplate(defaults.Subject, def.Name); err == nil { newDef.Subject = rendered } } - // Type: use def.Type if set, else defaults.Type (rendered) - if def.Type != "" { - if rendered, err := applyTemplate(def.Type, def, defaults); err == nil { - newDef.Type = rendered - } - } else if defaults != nil && defaults.Type != "" { - if rendered, err := applyTemplate(defaults.Type, def, defaults); err == nil { - newDef.Type = rendered - } + // Type: use def.Type if set, else defaults.Type (no template) + if def.Type == "" && defaults != nil && defaults.Type != "" { + newDef.Type = defaults.Type } - // Validity: use def.Validity if set, else defaults.Validity (rendered) - if def.Validity != "" { - if rendered, err := applyTemplate(def.Validity, def, defaults); err == nil { - newDef.Validity = rendered - } - } else if defaults != nil && defaults.Validity != "" { - if rendered, err := applyTemplate(defaults.Validity, def, defaults); err == nil { - newDef.Validity = rendered - } + // Validity: use def.Validity if set, else defaults.Validity (no template) + if def.Validity == "" && defaults != nil && defaults.Validity != "" { + newDef.Validity = defaults.Validity } // SAN: use def.SAN if set, else defaults.SAN (rendered) if len(def.SAN) > 0 { newSAN := make([]string, len(def.SAN)) for i, s := range def.SAN { - if rendered, err := applyTemplate(s, def, defaults); err == nil { + if rendered, err := applyTemplate(s, def.Name); err == nil { newSAN[i] = rendered } else { newSAN[i] = s @@ -612,7 +598,7 @@ func renderCertificateDefTemplates(def CertificateDefinition, defaults *Certific } else if defaults != nil && len(defaults.SAN) > 0 { newSAN := make([]string, len(defaults.SAN)) for i, s := range defaults.SAN { - if rendered, err := applyTemplate(s, def, defaults); err == nil { + if rendered, err := applyTemplate(s, def.Name); err == nil { newSAN[i] = rendered } else { newSAN[i] = s