Merge pull request #103 from Venafi/ecdsa-curve-default-value

fix #102
Venafi · Apr 21, 2020 · dd32326 · dd32326
2 parents b5e2214 + 114e6d8
commit dd32326
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 8 deletions.
diff --git a/cmd/vcert/commands.go b/cmd/vcert/commands.go
@@ -684,7 +684,9 @@ func generateCsrForCommandGenCsr(cf *commandFlags, privateKeyPass []byte) (priva
 		certReq.KeyType = *cf.keyType
 	}
 	certReq.KeyLength = cf.keySize
-	certReq.KeyCurve = cf.keyCurve
+	if cf.keyCurve != certificate.EllipticCurveNotSet {
+		certReq.KeyCurve = cf.keyCurve
+	}
 	err = certReq.GeneratePrivateKey()
 	if err != nil {
 		return

diff --git a/cmd/vcert/utils.go b/cmd/vcert/utils.go
@@ -129,7 +129,9 @@ func fillCertificateRequest(req *certificate.Request, cf *commandFlags) *certifi
 		} else if req.KeyLength == 0 {
 			req.KeyLength = 2048
 		}
-		req.KeyCurve = cf.keyCurve
+		if cf.keyCurve != certificate.EllipticCurveNotSet {
+			req.KeyCurve = cf.keyCurve
+		}
 		req.CsrOrigin = certificate.ServiceGeneratedCSR
 
 	default: // "local" == cf.csrOption:
@@ -141,7 +143,9 @@ func fillCertificateRequest(req *certificate.Request, cf *commandFlags) *certifi
 		} else if req.KeyLength == 0 {
 			req.KeyLength = 2048
 		}
-		req.KeyCurve = cf.keyCurve
+		if cf.keyCurve != certificate.EllipticCurveNotSet {
+			req.KeyCurve = cf.keyCurve
+		}
 		req.CsrOrigin = certificate.LocalGeneratedCSR
 	}
 	return req

diff --git a/cmd/vcert/validators.go b/cmd/vcert/validators.go
@@ -75,7 +75,7 @@ func validateCommonFlags(commandName string) error {
 		return fmt.Errorf("unknown key type: %s", flags.keyTypeString)
 	}
 
-	switch flags.keyCurveString {
+	switch strings.ToLower(flags.keyCurveString) {
 	case "p256":
 		flags.keyCurve = certificate.EllipticCurveP256
 	case "p384":

diff --git a/pkg/certificate/certificate.go b/pkg/certificate/certificate.go
@@ -66,8 +66,9 @@ func (ec *EllipticCurve) Set(value string) error {
 }
 
 const (
+	EllipticCurveNotSet EllipticCurve = iota
 	// EllipticCurveP521 represents the P521 curve
-	EllipticCurveP521 EllipticCurve = iota
+	EllipticCurveP521
 	// EllipticCurveP256 represents the P256 curve
 	EllipticCurveP256
 	// EllipticCurveP384 represents the P384 curve
@@ -451,7 +452,9 @@ func GenerateECDSAPrivateKey(curve EllipticCurve) (*ecdsa.PrivateKey, error) {
 	var priv *ecdsa.PrivateKey
 	var c elliptic.Curve
 	var err error
-
+	if curve == EllipticCurveNotSet {
+		curve = EllipticCurveDefault
+	}
 	switch curve {
 	case EllipticCurveP521:
 		c = elliptic.P521()

diff --git a/pkg/endpoint/endpoint.go b/pkg/endpoint/endpoint.go
@@ -424,9 +424,9 @@ func (z *ZoneConfiguration) UpdateCertificateRequest(request *certificate.Reques
 				foundMatch = true
 				switch request.KeyType {
 				case certificate.KeyTypeECDSA:
-					if len(keyConf.KeyCurves) != 0 {
+					if len(keyConf.KeyCurves) != 0 && request.KeyCurve == certificate.EllipticCurveNotSet {
 						request.KeyCurve = keyConf.KeyCurves[0]
-					} else {
+					} else if request.KeyCurve == certificate.EllipticCurveNotSet {
 						request.KeyCurve = certificate.EllipticCurveDefault
 					}
 				case certificate.KeyTypeRSA: