enable Request.Format

pkg/certificate/certificate.go

@@ -26,16 +26,18 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
-	"github.com/Venafi/vcert/v4/pkg/util"
-	"github.com/youmark/pkcs8"
 	"net"
 	"net/url"
 	"strings"
 	"time"
 
-	"github.com/Venafi/vcert/v4/pkg/verror"
+	"github.com/Venafi/vcert/v4/pkg/util"
+	"github.com/youmark/pkcs8"
+
 	"reflect"
 	"sort"
+
+	"github.com/Venafi/vcert/v4/pkg/verror"
 )
 
 // EllipticCurve represents the types of supported elliptic curves
@@ -211,6 +213,7 @@ type Request struct {
 	Location      *Location
 	ValidityHours int
 	IssuerHint    string
+	Format        string
 }
 
 //SSH Certificate structures

pkg/venafi/tpp/connector.go

@@ -1201,6 +1201,12 @@ func (c *Connector) RetrieveCertificate(req *certificate.Request) (certificates
 
 	includeChain := req.ChainOption != certificate.ChainOptionIgnore
 	rootFirstOrder := includeChain && req.ChainOption == certificate.ChainOptionRootFirst
+	if req.Format == "" {
+		if req.KeyType == certificate.KeyTypeRSA {
+			req.Format = "Base64 (PKCS #8)"
+		}
+		req.Format = "base64"
+	}
 
 	if req.PickupID == "" && req.Thumbprint != "" {
 		// search cert by Thumbprint and fill pickupID
@@ -1219,15 +1225,12 @@ func (c *Connector) RetrieveCertificate(req *certificate.Request) (certificates
 
 	certReq := certificateRetrieveRequest{
 		CertificateDN:  req.PickupID,
-		Format:         "base64",
 		RootFirstOrder: rootFirstOrder,
 		IncludeChain:   includeChain,
+		Format:         req.Format,
 	}
 	if req.CsrOrigin == certificate.ServiceGeneratedCSR || req.FetchPrivateKey {
 		certReq.IncludePrivateKey = true
-		if req.KeyType == certificate.KeyTypeRSA {
-			certReq.Format = "Base64 (PKCS #8)"
-		}
 		certReq.Password = req.KeyPassword
 	}