x5c provisioner from golang code

[kirill-kostenetskyi]

Could somebody suggest please, is there is any way to make command like that from code:
step ca certificate --ca-url https://33.333.333.333:443 session account_2.crt account_2.key --provisioner=x5c@dev --x5c-cert=account.crt --x5c-key=account.key

With JWK provisioned we can do like that:

caProvisionerName := "admin@dev"
caURL := "https://33.333.333.333:443"
caRootSHA256 := "hash"
caPassword := "password"

//https://github.com/smallstep/step-issuer/blob/master/provisioners/step.go
var options []ca.ClientOption
options = append(options, ca.WithRootSHA256(caRootSHA256))
provisioner, err := ca.NewProvisioner(caProvisionerName, "", caURL, []byte(caPassword), options...)
csr, pk, err := ca.CreateCertificateRequest(account)
token, err := provisioner.Token(account)
sign, err := provisioner.Sign(&capi.SignRequest{
    CsrPEM: *csr,
    OTT:    token,
})

It seems like it's not possible to do that for x5c provisioner in the same way. Is there are any other solutions how to do that?
Thanks for any advice

[dopey]

Hey @kirill-kostenetskyi, we have a golang client for the CA. The code is here: https://github.com/smallstep/certificates/blob/master/ca/client.go.

The cli just uses this client under the hood. So, if you look at the code the cli is using to generate the x5c provisioner token you should just be able to either copy it, or depend on the cli code directly.

https://github.com/smallstep/cli/blob/d66a620dd751f6ecb54dcbcc8987f1c606a2cde0/utils/cautils/token_flow.go#L86-L140
https://github.com/smallstep/cli/blob/d66a620dd751f6ecb54dcbcc8987f1c606a2cde0/utils/cautils/token_generator.go#L158-L194

Let me know if that does / doesn't make sense.

[kirill-kostenetskyi]

@dopey thanks a lot!
I appreciate you spent time finding the code I needed in