fix: correct PKCS12 hook invocation arguments #16

Merged

heiko merged 1 commit from fix/14-pkcs12 into master 2026-04-29 12:27:05 +02:00

Conversation 1 Commits 1 Files changed 1 +28 -18

heiko commented 2026-04-29 10:11:42 +02:00

Owner

Copy link

Summary

Fixes #14 — PKCS12 hook was called with empty positional arguments.

The hook Args slice was always allocated with 8 positions (indices 0-7), but for PKCS12 only RoleBUNDLE exists in the items list. The switch statement had no case for RoleBUNDLE, so positions 3-6 remained empty strings and the timestamp was always at position 7.

Now for PKCS12 format, the hook is called as documented:

<script> deploy_cert <DOMAIN> <BUNDLEFILE> <TIMESTAMP>

For PEM format, the existing behavior is unchanged:

<script> deploy_cert <DOMAIN> <KEYFILE> <CERTFILE> <FULLCHAIN> <CHAINFILE> <TIMESTAMP>

Test plan

• go build ./... passes
• go test ./... passes
• Manual test: configure a PKCS12 client with a hook script that prints $@ and verify BUNDLEFILE and TIMESTAMP are in the correct positions

## Summary Fixes #14 — PKCS12 hook was called with empty positional arguments. The hook Args slice was always allocated with 8 positions (indices 0-7), but for PKCS12 only `RoleBUNDLE` exists in the items list. The switch statement had no case for `RoleBUNDLE`, so positions 3-6 remained empty strings and the timestamp was always at position 7. Now for PKCS12 format, the hook is called as documented: ``` <script> deploy_cert <DOMAIN> <BUNDLEFILE> <TIMESTAMP> ``` For PEM format, the existing behavior is unchanged: ``` <script> deploy_cert <DOMAIN> <KEYFILE> <CERTFILE> <FULLCHAIN> <CHAINFILE> <TIMESTAMP> ``` ## Test plan - [ ] `go build ./...` passes - [ ] `go test ./...` passes - [ ] Manual test: configure a PKCS12 client with a hook script that prints `$@` and verify BUNDLEFILE and TIMESTAMP are in the correct positions

heiko added 1 commit 2026-04-29 10:11:42 +02:00

fix: correct PKCS12 hook invocation arguments (#14) ... 1747724fb4

For PKCS12 format, the hook was called with 8 arguments where
positions 3-6 were empty strings and the timestamp was at position 7.
The documented (and intended) behavior is:

    <script> deploy_cert <DOMAIN> <BUNDLEFILE> <TIMESTAMP>

Now PKCS12 hooks receive the bundle file path and timestamp as
args 3 and 4, matching the documentation and the environment
variable BUNDLEFILE that was already set correctly.

Fixes #14

heiko force-pushed fix/14-pkcs12 from 1747724fb4 to dd00579faa 2026-04-29 12:24:38 +02:00 Compare

heiko reviewed 2026-04-29 12:26:10 +02:00

heiko left a comment

Copy link

Review [ai]

Looks good. The fix is correct and all tests pass after rebase onto master (including the new integration and PKCS12 hook tests from PR #17).

For PKCS12 format, the hook was invoked with 8 positional args where positions 3-6 were empty strings. Now PKCS12 hooks get a compact arg list: hook deploy_cert DOMAIN BUNDLEFILE TIMESTAMP. PEM hooks remain unchanged.

Verified:

• Rebased cleanly onto master (single commit, no conflicts)
• go test ./... passes (all unit and integration tests green)
• TestExecute_Hook_PKCS12 specifically validates the new PKCS12 arg layout
• The PEM hook path is unaffected (TestExecute_Hook_PEM still passes)

Minor note: the comment at line 233-235 in cert.go still references the old format. Could update to document both PEM and PKCS12 invocation patterns, but not blocking.

Review [ai] **Looks good.** The fix is correct and all tests pass after rebase onto master (including the new integration and PKCS12 hook tests from PR #17). For PKCS12 format, the hook was invoked with 8 positional args where positions 3-6 were empty strings. Now PKCS12 hooks get a compact arg list: `hook deploy_cert DOMAIN BUNDLEFILE TIMESTAMP`. PEM hooks remain unchanged. Verified: - Rebased cleanly onto master (single commit, no conflicts) - `go test ./...` passes (all unit and integration tests green) - `TestExecute_Hook_PKCS12` specifically validates the new PKCS12 arg layout - The PEM hook path is unaffected (`TestExecute_Hook_PEM` still passes) Minor note: the comment at line 233-235 in cert.go still references the old format. Could update to document both PEM and PKCS12 invocation patterns, but not blocking.

heiko merged commit b4ff74a637 into master 2026-04-29 12:27:05 +02:00

heiko deleted branch fix/14-pkcs12 2026-04-29 12:27:05 +02:00

heiko referenced this pull request from a commit 2026-04-29 12:27:06 +02:00

fix: correct PKCS12 hook invocation arguments (#16)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

security

Security vulnerability or hardening

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

invalid

question

security

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

heiko/cert-proxy!16

No description provided.