From ce1eb0a01b68420351dc0d6d53d00ec23ffc6c3d Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano@smallstep.com>
Date: Wed, 5 Aug 2020 19:09:06 -0700
Subject: [PATCH] Use new x509util for renew/rekey.

---
 authority/tls.go      | 13 +------------
 authority/tls_test.go |  4 ++--
 2 files changed, 3 insertions(+), 14 deletions(-)

diff --git a/authority/tls.go b/authority/tls.go
index 76edf360..baaac270 100644
--- a/authority/tls.go
+++ b/authority/tls.go
@@ -245,21 +245,10 @@ func (a *Authority) Rekey(oldCert *x509.Certificate, pk crypto.PublicKey) ([]*x5
 		newCert.ExtraExtensions = append(newCert.ExtraExtensions, ext)
 	}
 
-	leaf, err := x509legacy.NewLeafProfileWithTemplate(newCert, a.x509Issuer, a.x509Signer)
+	serverCert, err := x509util.CreateCertificate(newCert, a.x509Issuer, newCert.PublicKey, a.x509Signer)
 	if err != nil {
 		return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Rekey", opts...)
 	}
-	crtBytes, err := leaf.CreateCertificate()
-	if err != nil {
-		return nil, errs.Wrap(http.StatusInternalServerError, err,
-			"authority.Rekey; error renewing certificate from existing server certificate", opts...)
-	}
-
-	serverCert, err := x509.ParseCertificate(crtBytes)
-	if err != nil {
-		return nil, errs.Wrap(http.StatusInternalServerError, err,
-			"authority.Rekey; error parsing new server certificate", opts...)
-	}
 
 	if err = a.db.StoreCertificate(serverCert); err != nil {
 		if err != db.ErrNotImplemented {
diff --git a/authority/tls_test.go b/authority/tls_test.go
index 90dc7075..41347f17 100644
--- a/authority/tls_test.go
+++ b/authority/tls_test.go
@@ -538,7 +538,7 @@ func TestAuthority_Renew(t *testing.T) {
 			return &renewTest{
 				auth: _a,
 				cert: cert,
-				err:  errors.New("authority.Rekey; error renewing certificate from existing server certificate"),
+				err:  errors.New("authority.Rekey: error creating certificate"),
 				code: http.StatusInternalServerError,
 			}, nil
 		},
@@ -766,7 +766,7 @@ func TestAuthority_Rekey(t *testing.T) {
 			return &renewTest{
 				auth: _a,
 				cert: cert,
-				err:  errors.New("authority.Rekey; error renewing certificate from existing server certificate"),
+				err:  errors.New("authority.Rekey: error creating certificate"),
 				code: http.StatusInternalServerError,
 			}, nil
 		},