switch to non-deprecated functions in source code
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
This commit is contained in:
Tim Ramlot
parent
1c2662af82
commit
0cf0f80b40
@ -64,7 +64,7 @@ func init() {
|
||||
Localities: []string{"San Francisco"},
|
||||
Provinces: []string{"California"},
|
||||
}
|
||||
caX509Cert, err := pki.GenerateTemplate(caCertificateTemplate)
|
||||
caX509Cert, err := pki.CertificateTemplateFromCertificate(caCertificateTemplate)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
@ -101,7 +101,7 @@ func init() {
|
||||
Countries: []string{"GB"},
|
||||
OrganizationalUnits: []string{"cert-manager"},
|
||||
}
|
||||
testX509Cert, err := pki.GenerateTemplate(testCertTemplate)
|
||||
testX509Cert, err := pki.CertificateTemplateFromCertificate(testCertTemplate)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
@ -40,7 +40,7 @@ var defaultInternalKeyUsages = []cmapi.KeyUsage{cmapi.UsageDigitalSignature, cma
|
||||
|
||||
func ValidateCertificateRequest(a *admissionv1.AdmissionRequest, obj runtime.Object) (field.ErrorList, []string) {
|
||||
cr := obj.(*cmapi.CertificateRequest)
|
||||
allErrs := ValidateCertificateRequestSpec(&cr.Spec, field.NewPath("spec"), true)
|
||||
allErrs := ValidateCertificateRequestSpec(&cr.Spec, field.NewPath("spec"))
|
||||
allErrs = append(allErrs,
|
||||
ValidateCertificateRequestApprovalCondition(cr.Status.Conditions, field.NewPath("status", "conditions"))...)
|
||||
|
||||
@ -83,7 +83,7 @@ func validateCertificateRequestAnnotations(objA, objB *cmapi.CertificateRequest,
|
||||
return el
|
||||
}
|
||||
|
||||
func ValidateCertificateRequestSpec(crSpec *cmapi.CertificateRequestSpec, fldPath *field.Path, validateCSRContent bool) field.ErrorList {
|
||||
func ValidateCertificateRequestSpec(crSpec *cmapi.CertificateRequestSpec, fldPath *field.Path) field.ErrorList {
|
||||
el := field.ErrorList{}
|
||||
|
||||
el = append(el, validateIssuerRef(crSpec.IssuerRef, fldPath)...)
|
||||
@ -96,7 +96,7 @@ func ValidateCertificateRequestSpec(crSpec *cmapi.CertificateRequestSpec, fldPat
|
||||
el = append(el, field.Invalid(fldPath.Child("request"), crSpec.Request, fmt.Sprintf("failed to decode csr: %s", err)))
|
||||
} else {
|
||||
// only compare usages if set on CR and in the CSR
|
||||
if len(crSpec.Usages) > 0 && len(csr.Extensions) > 0 && validateCSRContent && !reflect.DeepEqual(crSpec.Usages, defaultInternalKeyUsages) {
|
||||
if len(crSpec.Usages) > 0 && len(csr.Extensions) > 0 && !reflect.DeepEqual(crSpec.Usages, defaultInternalKeyUsages) {
|
||||
if crSpec.IsCA {
|
||||
crSpec.Usages = ensureCertSignIsSet(crSpec.Usages)
|
||||
}
|
||||
|
||||
@ -18,6 +18,9 @@ package validation
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/asn1"
|
||||
"encoding/pem"
|
||||
"reflect"
|
||||
"testing"
|
||||
@ -29,6 +32,7 @@ import (
|
||||
cminternal "github.com/cert-manager/cert-manager/internal/apis/certmanager"
|
||||
cminternalmeta "github.com/cert-manager/cert-manager/internal/apis/meta"
|
||||
cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
|
||||
"github.com/cert-manager/cert-manager/pkg/util/pki"
|
||||
utilpki "github.com/cert-manager/cert-manager/pkg/util/pki"
|
||||
"github.com/cert-manager/cert-manager/test/unit/gen"
|
||||
)
|
||||
@ -540,6 +544,75 @@ func TestValidateCertificateRequest(t *testing.T) {
|
||||
a: someAdmissionRequest,
|
||||
wantE: []*field.Error{},
|
||||
},
|
||||
"Test csr with default usages and isCA": {
|
||||
cr: &cminternal.CertificateRequest{
|
||||
Spec: cminternal.CertificateRequestSpec{
|
||||
Request: mustGenerateCSR(t, gen.Certificate("test", gen.SetCertificateDNSNames("example.com"), gen.SetCertificateKeyUsages(cmapi.UsageDigitalSignature, cmapi.UsageCertSign, cmapi.UsageKeyEncipherment), gen.SetCertificateIsCA(true))),
|
||||
IssuerRef: validIssuerRef,
|
||||
IsCA: true,
|
||||
Usages: nil,
|
||||
},
|
||||
},
|
||||
a: someAdmissionRequest,
|
||||
wantE: []*field.Error{},
|
||||
},
|
||||
"Test cr with default usages": {
|
||||
cr: &cminternal.CertificateRequest{
|
||||
Spec: cminternal.CertificateRequestSpec{
|
||||
// mustGenerateCSR will set the default usages for us
|
||||
Request: mustGenerateCSR(t, gen.Certificate("test", gen.SetCertificateDNSNames("example.com"))),
|
||||
IssuerRef: validIssuerRef,
|
||||
Usages: []cminternal.KeyUsage{cminternal.UsageKeyEncipherment, cminternal.UsageDigitalSignature},
|
||||
},
|
||||
},
|
||||
a: someAdmissionRequest,
|
||||
wantE: []*field.Error{},
|
||||
},
|
||||
"Test cr with default usages, without any encoded in csr": {
|
||||
cr: &cminternal.CertificateRequest{
|
||||
Spec: cminternal.CertificateRequestSpec{
|
||||
// mustGenerateCSR will set the default usages for us
|
||||
Request: mustGenerateCSR(t, gen.Certificate("test", gen.SetCertificateDNSNames("example.com")), func(cr *x509.CertificateRequest) {
|
||||
// manually remove extensions that encode default usages
|
||||
cr.Extensions = nil
|
||||
cr.ExtraExtensions = nil
|
||||
}),
|
||||
IssuerRef: validIssuerRef,
|
||||
Usages: []cminternal.KeyUsage{cminternal.UsageKeyEncipherment, cminternal.UsageDigitalSignature},
|
||||
},
|
||||
},
|
||||
a: someAdmissionRequest,
|
||||
wantE: []*field.Error{},
|
||||
},
|
||||
"Test cr with default usages, with empty set encoded in csr": {
|
||||
cr: &cminternal.CertificateRequest{
|
||||
Spec: cminternal.CertificateRequestSpec{
|
||||
// mustGenerateCSR will set the default usages for us
|
||||
Request: mustGenerateCSR(t, gen.Certificate("test", gen.SetCertificateDNSNames("example.com")), func(cr *x509.CertificateRequest) {
|
||||
// manually remove extensions that encode default usages
|
||||
cr.Extensions = nil
|
||||
cr.ExtraExtensions = []pkix.Extension{
|
||||
{
|
||||
Id: pki.OIDExtensionKeyUsage,
|
||||
Critical: false,
|
||||
Value: func(t *testing.T) []byte {
|
||||
asn1KeyUsage, err := asn1.Marshal(asn1.BitString{Bytes: []byte{}, BitLength: 0})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
return asn1KeyUsage
|
||||
}(t),
|
||||
},
|
||||
}
|
||||
}),
|
||||
IssuerRef: validIssuerRef,
|
||||
Usages: []cminternal.KeyUsage{cminternal.UsageKeyEncipherment, cminternal.UsageDigitalSignature},
|
||||
},
|
||||
},
|
||||
a: someAdmissionRequest,
|
||||
wantE: []*field.Error{},
|
||||
},
|
||||
"Error on csr not having all usages": {
|
||||
cr: &cminternal.CertificateRequest{
|
||||
Spec: cminternal.CertificateRequestSpec{
|
||||
@ -802,7 +875,7 @@ func TestValidateCertificateRequest(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func mustGenerateCSR(t *testing.T, crt *cmapi.Certificate) []byte {
|
||||
func mustGenerateCSR(t *testing.T, crt *cmapi.Certificate, modifiers ...func(*x509.CertificateRequest)) []byte {
|
||||
// Create a new private key
|
||||
pk, err := utilpki.GenerateRSAPrivateKey(2048)
|
||||
if err != nil {
|
||||
@ -813,6 +886,9 @@ func mustGenerateCSR(t *testing.T, crt *cmapi.Certificate) []byte {
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
for _, modifier := range modifiers {
|
||||
modifier(x509CSR)
|
||||
}
|
||||
csrDER, err := utilpki.EncodeCSR(x509CSR, pk)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
|
||||
@ -153,7 +153,7 @@ func TestSign(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
template, err := pki.GenerateTemplateFromCertificateRequest(baseCR)
|
||||
template, err := pki.CertificateTemplateFromCertificateRequest(baseCR)
|
||||
if err != nil {
|
||||
t.Errorf("error generating template: %v", err)
|
||||
}
|
||||
@ -169,7 +169,12 @@ func TestSign(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
template2, err := pki.GenerateTemplateFromCSRPEM(generateCSR(t, sk2, "example.com", "example.com", "foo.com"), time.Hour, false)
|
||||
template2, err := pki.CertificateTemplateFromCSRPEM(
|
||||
generateCSR(t, sk2, "example.com", "example.com", "foo.com"),
|
||||
pki.CertificateTemplateOverrideDuration(time.Hour),
|
||||
pki.CertificateTemplateOverrideBasicConstraints(false, nil),
|
||||
pki.CertificateTemplateOverrideKeyUsages(0, nil),
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
@ -69,7 +69,7 @@ func NewCA(ctx *controllerpkg.Context) certificaterequests.Issuer {
|
||||
issuerOptions: ctx.IssuerOptions,
|
||||
secretsLister: ctx.KubeSharedInformerFactory.Secrets().Lister(),
|
||||
reporter: crutil.NewReporter(ctx.Clock, ctx.Recorder),
|
||||
templateGenerator: pki.GenerateTemplateFromCertificateRequest,
|
||||
templateGenerator: pki.CertificateTemplateFromCertificateRequest,
|
||||
signingFn: pki.SignCSRTemplate,
|
||||
}
|
||||
}
|
||||
|
||||
@ -161,7 +161,7 @@ func TestSign(t *testing.T) {
|
||||
badDataSecret := rsaCASecret.DeepCopy()
|
||||
badDataSecret.Data[corev1.TLSPrivateKeyKey] = []byte("bad key")
|
||||
|
||||
template, err := pki.GenerateTemplateFromCertificateRequest(baseCR)
|
||||
template, err := pki.CertificateTemplateFromCertificateRequest(baseCR)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@ -360,7 +360,7 @@ func TestSign(t *testing.T) {
|
||||
"a successful signing should set condition to Ready": {
|
||||
certificateRequest: baseCR.DeepCopy(),
|
||||
templateGenerator: func(cr *cmapi.CertificateRequest) (*x509.Certificate, error) {
|
||||
_, err := pki.GenerateTemplateFromCertificateRequest(cr)
|
||||
_, err := pki.CertificateTemplateFromCertificateRequest(cr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -586,7 +586,7 @@ func TestCA_Sign(t *testing.T) {
|
||||
secretsLister: testlisters.FakeSecretListerFrom(testlisters.NewFakeSecretLister(),
|
||||
testlisters.SetFakeSecretNamespaceListerGet(test.givenCASecret, nil),
|
||||
),
|
||||
templateGenerator: pki.GenerateTemplateFromCertificateRequest,
|
||||
templateGenerator: pki.CertificateTemplateFromCertificateRequest,
|
||||
signingFn: pki.SignCSRTemplate,
|
||||
}
|
||||
|
||||
|
||||
@ -147,7 +147,7 @@ func (s *SelfSigned) Sign(ctx context.Context, cr *cmapi.CertificateRequest, iss
|
||||
return nil, err
|
||||
}
|
||||
|
||||
template, err := pki.GenerateTemplateFromCertificateRequest(cr)
|
||||
template, err := pki.CertificateTemplateFromCertificateRequest(cr)
|
||||
if err != nil {
|
||||
message := "Error generating certificate template"
|
||||
s.reporter.Failed(cr, err, "ErrorGenerating", message)
|
||||
|
||||
@ -158,7 +158,7 @@ func TestSign(t *testing.T) {
|
||||
gen.SetCertificateRequestCSR(csrEmptyCertPEM),
|
||||
)
|
||||
|
||||
templateRSA, err := pki.GenerateTemplateFromCertificateRequest(baseCR)
|
||||
templateRSA, err := pki.CertificateTemplateFromCertificateRequest(baseCR)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
t.FailNow()
|
||||
@ -169,7 +169,7 @@ func TestSign(t *testing.T) {
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
templateEC, err := pki.GenerateTemplateFromCertificateRequest(ecCR)
|
||||
templateEC, err := pki.CertificateTemplateFromCertificateRequest(ecCR)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
t.FailNow()
|
||||
@ -180,7 +180,7 @@ func TestSign(t *testing.T) {
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
templateEmptyCert, err := pki.GenerateTemplateFromCertificateRequest(emptyCR)
|
||||
templateEmptyCert, err := pki.CertificateTemplateFromCertificateRequest(emptyCR)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
t.FailNow()
|
||||
|
||||
@ -63,7 +63,7 @@ func generateCSR(t *testing.T, secretKey crypto.Signer) []byte {
|
||||
|
||||
func generateSelfSignedCert(t *testing.T, cr *cmapi.CertificateRequest, key crypto.Signer, notBefore, notAfter time.Time) []byte {
|
||||
t.Helper()
|
||||
template, err := pki.GenerateTemplateFromCertificateRequest(cr)
|
||||
template, err := pki.CertificateTemplateFromCertificateRequest(cr)
|
||||
if err != nil {
|
||||
t.Errorf("failed to generate cert template from CSR: %v", err)
|
||||
t.FailNow()
|
||||
|
||||
@ -66,7 +66,7 @@ func generateCSR(t *testing.T, secretKey crypto.Signer) []byte {
|
||||
|
||||
func generateSelfSignedCertFromCR(cr *cmapi.CertificateRequest, key crypto.Signer,
|
||||
duration time.Duration) ([]byte, error) {
|
||||
template, err := pki.GenerateTemplateFromCertificateRequest(cr)
|
||||
template, err := pki.CertificateTemplateFromCertificateRequest(cr)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error generating template: %v", err)
|
||||
}
|
||||
|
||||
@ -211,7 +211,7 @@ func TestSign(t *testing.T) {
|
||||
},
|
||||
}
|
||||
|
||||
template, err := pki.GenerateTemplateFromCertificateRequest(baseCR)
|
||||
template, err := pki.CertificateTemplateFromCertificateRequest(baseCR)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
@ -56,7 +56,7 @@ func mustSelfSignCertificate(t *testing.T, pkBytes []byte) []byte {
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
x509Crt, err := pki.GenerateTemplate(&cmapi.Certificate{
|
||||
x509Crt, err := pki.CertificateTemplateFromCertificate(&cmapi.Certificate{
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
},
|
||||
@ -84,7 +84,7 @@ func mustCert(t *testing.T, commonName string, isCA bool) *keyAndCert {
|
||||
keyPEM, err := pki.EncodePrivateKey(key, cmapi.PKCS8)
|
||||
require.NoError(t, err)
|
||||
|
||||
cert, err := pki.GenerateTemplate(&cmapi.Certificate{
|
||||
cert, err := pki.CertificateTemplateFromCertificate(&cmapi.Certificate{
|
||||
Spec: cmapi.CertificateSpec{
|
||||
CommonName: commonName,
|
||||
IsCA: isCA,
|
||||
|
||||
@ -128,7 +128,7 @@ func createCryptoBundle(originalCert *cmapi.Certificate) (*cryptoBundle, error)
|
||||
},
|
||||
}
|
||||
|
||||
unsignedCert, err := pki.GenerateTemplateFromCertificateRequest(certificateRequest)
|
||||
unsignedCert, err := pki.CertificateTemplateFromCertificateRequest(certificateRequest)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@ -225,7 +225,7 @@ func Test_ProcessItem(t *testing.T) {
|
||||
}),
|
||||
)
|
||||
|
||||
tmpl, err := pki.GenerateTemplateFromCertificateSigningRequest(baseCSR)
|
||||
tmpl, err := pki.CertificateTemplateFromCertificateSigningRequest(baseCSR)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@ -234,7 +234,7 @@ func Test_ProcessItem(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
tmpl, err = pki.GenerateTemplateFromCertificateSigningRequest(gen.CertificateSigningRequestFrom(baseCSR,
|
||||
tmpl, err = pki.CertificateTemplateFromCertificateSigningRequest(gen.CertificateSigningRequestFrom(baseCSR,
|
||||
gen.SetCertificateSigningRequestRequest(csrPEMExampleNotPresent),
|
||||
))
|
||||
if err != nil {
|
||||
|
||||
@ -82,7 +82,7 @@ func NewCA(ctx *controllerpkg.Context) certificatesigningrequests.Signer {
|
||||
certClient: ctx.Client.CertificatesV1().CertificateSigningRequests(),
|
||||
fieldManager: ctx.FieldManager,
|
||||
recorder: ctx.Recorder,
|
||||
templateGenerator: pki.GenerateTemplateFromCertificateSigningRequest,
|
||||
templateGenerator: pki.CertificateTemplateFromCertificateSigningRequest,
|
||||
signingFn: pki.SignCSRTemplate,
|
||||
}
|
||||
}
|
||||
|
||||
@ -166,7 +166,7 @@ func TestSign(t *testing.T) {
|
||||
badDataSecret := ecCASecret.DeepCopy()
|
||||
badDataSecret.Data[corev1.TLSPrivateKeyKey] = []byte("bad key")
|
||||
|
||||
template, err := pki.GenerateTemplateFromCertificateSigningRequest(baseCSR)
|
||||
template, err := pki.CertificateTemplateFromCertificateSigningRequest(baseCSR)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@ -465,7 +465,7 @@ func TestSign(t *testing.T) {
|
||||
templateGenerator: func(csr *certificatesv1.CertificateSigningRequest) (*x509.Certificate, error) {
|
||||
// Pass the given CSR to a "real" template generator to ensure that it
|
||||
// doesn't err. Return the pre-generated template.
|
||||
_, err := pki.GenerateTemplateFromCertificateSigningRequest(csr)
|
||||
_, err := pki.CertificateTemplateFromCertificateSigningRequest(csr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -743,7 +743,7 @@ func TestCA_Sign(t *testing.T) {
|
||||
secretsLister: testlisters.FakeSecretListerFrom(testlisters.NewFakeSecretLister(),
|
||||
testlisters.SetFakeSecretNamespaceListerGet(test.givenCASecret, nil),
|
||||
),
|
||||
templateGenerator: pki.GenerateTemplateFromCertificateSigningRequest,
|
||||
templateGenerator: pki.CertificateTemplateFromCertificateSigningRequest,
|
||||
signingFn: pki.SignCSRTemplate,
|
||||
}
|
||||
|
||||
|
||||
@ -160,7 +160,7 @@ func (s *SelfSigned) Sign(ctx context.Context, csr *certificatesv1.CertificateSi
|
||||
return err
|
||||
}
|
||||
|
||||
template, err := pki.GenerateTemplateFromCertificateSigningRequest(csr)
|
||||
template, err := pki.CertificateTemplateFromCertificateSigningRequest(csr)
|
||||
if err != nil {
|
||||
message := fmt.Sprintf("Error generating certificate template: %s", err)
|
||||
log.Error(err, message)
|
||||
|
||||
@ -320,7 +320,7 @@ func TestProcessItem(t *testing.T) {
|
||||
CertManagerObjects: []runtime.Object{baseIssuer.DeepCopy()},
|
||||
KubeObjects: []runtime.Object{csrBundle.secret},
|
||||
ExpectedEvents: []string{
|
||||
"Warning ErrorGenerating Error generating certificate template: failed to decode csr",
|
||||
"Warning ErrorGenerating Error generating certificate template: error decoding certificate request PEM block",
|
||||
},
|
||||
|
||||
ExpectedActions: []testpkg.Action{
|
||||
@ -364,7 +364,7 @@ func TestProcessItem(t *testing.T) {
|
||||
Type: certificatesv1.CertificateFailed,
|
||||
Status: corev1.ConditionTrue,
|
||||
Reason: "ErrorGenerating",
|
||||
Message: "Error generating certificate template: failed to decode csr",
|
||||
Message: "Error generating certificate template: error decoding certificate request PEM block",
|
||||
LastTransitionTime: metaFixedClockStart,
|
||||
LastUpdateTime: metaFixedClockStart,
|
||||
}),
|
||||
|
||||
@ -69,7 +69,12 @@ func TestProcessItem(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
rootTmpl, err := pki.GenerateTemplateFromCSRPEM(rootCSRPEM, time.Hour, true)
|
||||
rootTmpl, err := pki.CertificateTemplateFromCSRPEM(
|
||||
rootCSRPEM,
|
||||
pki.CertificateTemplateOverrideDuration(time.Hour),
|
||||
pki.CertificateTemplateOverrideBasicConstraints(true, nil),
|
||||
pki.CertificateTemplateOverrideKeyUsages(0, nil),
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@ -84,7 +89,12 @@ func TestProcessItem(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
leafTmpl, err := pki.GenerateTemplateFromCSRPEM(leafCSRPEM, time.Hour, false)
|
||||
leafTmpl, err := pki.CertificateTemplateFromCSRPEM(
|
||||
leafCSRPEM,
|
||||
pki.CertificateTemplateOverrideDuration(time.Hour),
|
||||
pki.CertificateTemplateOverrideBasicConstraints(false, nil),
|
||||
pki.CertificateTemplateOverrideKeyUsages(0, nil),
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
@ -83,7 +83,12 @@ func (v *Venafi) buildVReq(csrPEM []byte, duration time.Duration, customFields [
|
||||
return nil, err
|
||||
}
|
||||
|
||||
tmpl, err := pki.GenerateTemplateFromCSRPEM(csrPEM, duration, false)
|
||||
tmpl, err := pki.CertificateTemplateFromCSRPEM(
|
||||
csrPEM,
|
||||
pki.CertificateTemplateOverrideDuration(duration),
|
||||
pki.CertificateTemplateOverrideBasicConstraints(false, nil),
|
||||
pki.CertificateTemplateOverrideKeyUsages(0, nil),
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@ -30,7 +30,7 @@ import (
|
||||
"github.com/cert-manager/cert-manager/test/unit/gen"
|
||||
)
|
||||
|
||||
func TestGenerateTemplateFromCertificateSigningRequest(t *testing.T) {
|
||||
func TestCertificateTemplateFromCertificateSigningRequest(t *testing.T) {
|
||||
csr, pk, err := gen.CSR(x509.RSA, gen.SetCSRCommonName("example.com"), gen.SetCSRDNSNames("example.com", "foo.example.com"))
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
@ -202,7 +202,7 @@ func TestGenerateTemplateFromCertificateSigningRequest(t *testing.T) {
|
||||
|
||||
for name, test := range tests {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
templ, err := pki.GenerateTemplateFromCertificateSigningRequest(test.csr)
|
||||
templ, err := pki.CertificateTemplateFromCertificateSigningRequest(test.csr)
|
||||
assert.Equal(t, test.expErr, err != nil)
|
||||
|
||||
if err == nil {
|
||||
|
||||
@ -277,7 +277,7 @@ func selfSignCertificate(t *testing.T, spec cmapi.CertificateSpec) []byte {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
template, err := GenerateTemplate(&cmapi.Certificate{Spec: spec})
|
||||
template, err := CertificateTemplateFromCertificate(&cmapi.Certificate{Spec: spec})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
@ -33,7 +33,7 @@ func GenerateLocallySignedTemporaryCertificate(crt *cmapi.Certificate, pkData []
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
caCertTemplate, err := GenerateTemplate(&cmapi.Certificate{
|
||||
caCertTemplate, err := CertificateTemplateFromCertificate(&cmapi.Certificate{
|
||||
Spec: cmapi.CertificateSpec{
|
||||
CommonName: "cert-manager.local",
|
||||
IsCA: true,
|
||||
@ -48,7 +48,7 @@ func GenerateLocallySignedTemporaryCertificate(crt *cmapi.Certificate, pkData []
|
||||
}
|
||||
|
||||
// sign a temporary certificate using the root CA
|
||||
template, err := GenerateTemplate(crt)
|
||||
template, err := CertificateTemplateFromCertificate(crt)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@ -168,7 +168,7 @@ func TestIssuingController(t *testing.T) {
|
||||
})
|
||||
|
||||
// Sign Certificate
|
||||
certTemplate, err := utilpki.GenerateTemplate(crt)
|
||||
certTemplate, err := utilpki.CertificateTemplateFromCertificate(crt)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@ -391,7 +391,7 @@ func TestIssuingController_PKCS8_PrivateKey(t *testing.T) {
|
||||
})
|
||||
|
||||
// Sign Certificate
|
||||
certTemplate, err := utilpki.GenerateTemplate(crt)
|
||||
certTemplate, err := utilpki.CertificateTemplateFromCertificate(crt)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@ -609,7 +609,7 @@ func Test_IssuingController_SecretTemplate(t *testing.T) {
|
||||
})
|
||||
|
||||
// Sign Certificate
|
||||
certTemplate, err := utilpki.GenerateTemplate(crt)
|
||||
certTemplate, err := utilpki.CertificateTemplateFromCertificate(crt)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@ -858,7 +858,7 @@ func Test_IssuingController_AdditionalOutputFormats(t *testing.T) {
|
||||
})
|
||||
|
||||
// Sign Certificate
|
||||
certTemplate, err := utilpki.GenerateTemplate(crt)
|
||||
certTemplate, err := utilpki.CertificateTemplateFromCertificate(crt)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
@ -393,7 +393,7 @@ func selfSignCertificateWithNotBeforeAfter(t *testing.T, pkData []byte, spec *cm
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
template, err := pki.GenerateTemplate(spec)
|
||||
template, err := pki.CertificateTemplateFromCertificate(spec)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
@ -135,7 +135,7 @@ func CreateCryptoBundle(originalCert *cmapi.Certificate, clock clock.Clock) (*Cr
|
||||
},
|
||||
}
|
||||
|
||||
unsignedCert, err := pki.GenerateTemplateFromCertificateRequest(certificateRequest)
|
||||
unsignedCert, err := pki.CertificateTemplateFromCertificateRequest(certificateRequest)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -255,7 +255,7 @@ func MustCreateCertWithNotBeforeAfter(t *testing.T, pkData []byte, spec *cmapi.C
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
template, err := pki.GenerateTemplate(spec)
|
||||
template, err := pki.CertificateTemplateFromCertificate(spec)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@ -278,7 +278,7 @@ func MustCreateCert(t *testing.T, pkData []byte, spec *cmapi.Certificate) []byte
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
template, err := pki.GenerateTemplate(spec)
|
||||
template, err := pki.CertificateTemplateFromCertificate(spec)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user