weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Generate certificates with the new organization field

Browse Source 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
This commit is contained in:
Max Ehrlich 2018-08-18 17:02:34 -04:00
parent b3e9e33e9d
commit 340d2725e7
No known key found for this signature in database
GPG Key ID: 439AC62D3C8A495A
1 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
pkg/util/pki/csr.go
View File

@ -53,17 +53,26 @@ func DNSNamesForCertificate(crt *v1alpha1.Certificate) []string {
return crt.Spec.DNSNames
}
var serialNumberLimit = new(big.Int).Lsh(big.NewInt(1), 128)
// TODO: allow this to be configurable
const defaultOrganization = "cert-manager"
func OrganizationForCertificate(crt *v1alpha1.Certificate) string {
if crt.Spec.Organization != "" {
return crt.Spec.Organization
}
return defaultOrganization
}
var serialNumberLimit = new(big.Int).Lsh(big.NewInt(1), 128)
// default certification duration is 1 year
const defaultNotAfter = time.Hour * 24 * 365
func GenerateCSR(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate) (*x509.CertificateRequest, error) {
commonName := CommonNameForCertificate(crt)
dnsNames := DNSNamesForCertificate(crt)
organization := OrganizationForCertificate(crt)
if len(commonName) == 0 && len(dnsNames) == 0 {
return nil, fmt.Errorf("no domains specified on certificate")
}
@ -77,7 +86,7 @@ func GenerateCSR(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate) (*x50
Version: 3,
SignatureAlgorithm: sigAlgo,
Subject: pkix.Name{
Organization: []string{defaultOrganization},
Organization: []string{organization},
CommonName: commonName,
},
DNSNames: dnsNames,
@ -93,6 +102,8 @@ func GenerateCSR(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate) (*x50
func GenerateTemplate(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate, serialNo *big.Int) (*x509.Certificate, error) {
commonName := CommonNameForCertificate(crt)
dnsNames := DNSNamesForCertificate(crt)
organization := OrganizationForCertificate(crt)
if len(commonName) == 0 && len(dnsNames) == 0 {
return nil, fmt.Errorf("no domains specified on certificate")
}
@ -118,7 +129,7 @@ func GenerateTemplate(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate,
SignatureAlgorithm: sigAlgo,
IsCA: crt.Spec.IsCA,
Subject: pkix.Name{
Organization: []string{defaultOrganization},
Organization: []string{organization},
CommonName: commonName,
},
NotBefore: time.Now(),