From 213d5ec6b5caf543386f4d854e9e7dcf4447470b Mon Sep 17 00:00:00 2001
From: Max Ehrlich <max.ehr@gmail.com>
Date: Thu, 13 Sep 2018 17:02:54 -0400
Subject: [PATCH] Self-signed issuers return a copy of the same certificate
 that was issued as the CA

Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
---
 pkg/issuer/selfsigned/issue.go | 10 +++++-----
 pkg/issuer/selfsigned/renew.go | 10 +++++-----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/pkg/issuer/selfsigned/issue.go b/pkg/issuer/selfsigned/issue.go
index 403a2259b..3bc00878f 100644
--- a/pkg/issuer/selfsigned/issue.go
+++ b/pkg/issuer/selfsigned/issue.go
@@ -49,7 +49,7 @@ const (
 	defaultOrganization = "cert-manager"
 )
 
-func (c *SelfSigned) Issue(ctx context.Context, crt *v1alpha1.Certificate) ([]byte, []byte, error) {
+func (c *SelfSigned) Issue(ctx context.Context, crt *v1alpha1.Certificate) ([]byte, []byte, []byte, error) {
 	signeeKey, err := kube.SecretTLSKey(c.secretsLister, crt.Namespace, crt.Spec.SecretName)
 
 	if k8sErrors.IsNotFound(err) || errors.IsInvalidData(err) {
@@ -59,7 +59,7 @@ func (c *SelfSigned) Issue(ctx context.Context, crt *v1alpha1.Certificate) ([]by
 	if err != nil {
 		s := messageErrorGetCertKeyPair + err.Error()
 		crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionFalse, errorGetCertKeyPair, s, false)
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 
 	certPem, err := c.obtainCertificate(crt, signeeKey)
@@ -67,7 +67,7 @@ func (c *SelfSigned) Issue(ctx context.Context, crt *v1alpha1.Certificate) ([]by
 	if err != nil {
 		s := messageErrorIssueCert + err.Error()
 		crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionFalse, errorIssueCert, s, false)
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 
 	crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionTrue, successCertIssued, messageCertIssued, true)
@@ -76,10 +76,10 @@ func (c *SelfSigned) Issue(ctx context.Context, crt *v1alpha1.Certificate) ([]by
 	if err != nil {
 		s := messageErrorEncodePrivateKey + err.Error()
 		crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionFalse, errorEncodePrivateKey, s, false)
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 
-	return keyPem, certPem, nil
+	return keyPem, certPem, certPem, nil
 }
 
 func (c *SelfSigned) obtainCertificate(crt *v1alpha1.Certificate, privateKey crypto.PrivateKey) ([]byte, error) {
diff --git a/pkg/issuer/selfsigned/renew.go b/pkg/issuer/selfsigned/renew.go
index 7fea943e5..229f37758 100644
--- a/pkg/issuer/selfsigned/renew.go
+++ b/pkg/issuer/selfsigned/renew.go
@@ -34,13 +34,13 @@ const (
 	messageCertRenewed = "Certificate issued successfully"
 )
 
-func (c *SelfSigned) Renew(ctx context.Context, crt *v1alpha1.Certificate) ([]byte, []byte, error) {
+func (c *SelfSigned) Renew(ctx context.Context, crt *v1alpha1.Certificate) ([]byte, []byte, []byte, error) {
 	signeeKey, err := kube.SecretTLSKey(c.secretsLister, crt.Namespace, crt.Spec.SecretName)
 
 	if err != nil {
 		s := messageErrorGetCertKeyPair + err.Error()
 		crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionFalse, errorGetCertKeyPair, s, false)
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 
 	certPem, err := c.obtainCertificate(crt, signeeKey)
@@ -48,7 +48,7 @@ func (c *SelfSigned) Renew(ctx context.Context, crt *v1alpha1.Certificate) ([]by
 	if err != nil {
 		s := messageErrorRenewCert + err.Error()
 		crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionFalse, errorRenewCert, s, false)
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 
 	crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionTrue, successCertRenewed, messageCertRenewed, true)
@@ -57,8 +57,8 @@ func (c *SelfSigned) Renew(ctx context.Context, crt *v1alpha1.Certificate) ([]by
 	if err != nil {
 		s := messageErrorEncodePrivateKey + err.Error()
 		crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionFalse, errorEncodePrivateKey, s, false)
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 
-	return keyPem, certPem, nil
+	return keyPem, certPem, certPem, nil
 }