From 4928da23361e896e69208a8f985d10940a90f1c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Magnus=20Le=C3=9Fmann=20=28=40MarkL4YG=29?=
 <github@m-lessmann.de>
Date: Fri, 22 Nov 2024 12:55:05 +0100
Subject: [PATCH] feat: Tertiary full chain supprt

- Technically, CAs and intermediate CAs do not use "fullchain" certificates, but it is useful to us to include the entire certificate chain in the leaf certificate
---
 .../certassist/openssl/OpenSSLCertificateCreator.java        | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java b/src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
index 4358c2f..66f16bc 100644
--- a/src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
+++ b/src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
@@ -106,7 +106,10 @@ public class OpenSSLCertificateCreator {
 
             Path fullchain = tmpDir.resolve("fullchain.pem");
             try {
-                Files.write(fullchain, Files.readAllBytes(certAuthority.certificatePath()), StandardOpenOption.CREATE);
+                Path certAuthFullchain = Optional
+                    .ofNullable(certAuthority.fullchainPath())
+                    .orElse(certAuthority.certificatePath());
+                Files.write(fullchain, Files.readAllBytes(certAuthFullchain), StandardOpenOption.CREATE);
                 Files.write(fullchain, Files.readAllBytes(signedCert), StandardOpenOption.APPEND);
             } catch (IOException e) {
                 throw new CommandLineOperationException("Failed to create fullchain file.", e);