Add CA-Bundle to pemToPkcs12 output (#3494)

* Add CA-Bundle to pemToPkcs12 output

Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>

* add fullPemToPkcs12 and tests

Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>

---------

Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>

pkg/template/v2/pkcs12.go

@@ -117,19 +117,51 @@ func pemToPkcs12(cert, key string) (string, error) {
 
 func pemToPkcs12Pass(cert, key, pass string) (string, error) {
 	certPem, _ := pem.Decode([]byte(cert))
-	keyPem, _ := pem.Decode([]byte(key))
 
 	parsedCert, err := x509.ParseCertificate(certPem.Bytes)
 	if err != nil {
 		return "", err
 	}
 
+	return certsToPkcs12(parsedCert, key, nil, pass)
+}
+
+func fullPemToPkcs12(cert, key string) (string, error) {
+	return fullPemToPkcs12Pass(cert, key, "")
+}
+
+func fullPemToPkcs12Pass(cert, key, pass string) (string, error) {
+	certPem, rest := pem.Decode([]byte(cert))
+
+	parsedCert, err := x509.ParseCertificate(certPem.Bytes)
+	if err != nil {
+		return "", err
+	}
+
+	caCerts := make([]*x509.Certificate, 0)
+	for len(rest) > 0 {
+		caPem, restBytes := pem.Decode(rest)
+		rest = restBytes
+
+		caCert, err := x509.ParseCertificate(caPem.Bytes)
+		if err != nil {
+			return "", err
+		}
+
+		caCerts = append(caCerts, caCert)
+	}
+
+	return certsToPkcs12(parsedCert, key, caCerts, pass)
+}
+
+func certsToPkcs12(cert *x509.Certificate, key string, caCerts []*x509.Certificate, password string) (string, error) {
+	keyPem, _ := pem.Decode([]byte(key))
 	parsedKey, err := parsePrivateKey(keyPem.Bytes)
 	if err != nil {
 		return "", err
 	}
 
-	pfx, err := gopkcs12.Modern.Encode(parsedKey, parsedCert, nil, pass)
+	pfx, err := gopkcs12.Modern.Encode(parsedKey, cert, caCerts, password)
 	if err != nil {
 		return "", err
 	}

pkg/template/v2/template.go

@@ -32,8 +32,10 @@ var tplFuncs = tpl.FuncMap{
 	"pkcs12cert":     pkcs12cert,
 	"pkcs12certPass": pkcs12certPass,
 
-	"pemToPkcs12":     pemToPkcs12,
-	"pemToPkcs12Pass": pemToPkcs12Pass,
+	"pemToPkcs12":         pemToPkcs12,
+	"pemToPkcs12Pass":     pemToPkcs12Pass,
+	"fullPemToPkcs12":     fullPemToPkcs12,
+	"fullPemToPkcs12Pass": fullPemToPkcs12Pass,
 
 	"filterPEM": filterPEM,