weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Require altName or subject name are specified in CA issuer

Browse Source
This commit is contained in:
James Munnelly 2017-10-13 12:45:22 +01:00
parent ae1173dcec
commit 489f073d3a
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/issuer/ca/issue.go
View File

@ -64,20 +64,23 @@ func (c *CA) Issue(ctx context.Context, crt *v1alpha1.Certificate) (v1alpha1.Cer
}
func (c *CA) obtainCertificate(crt *v1alpha1.Certificate, signeeKey interface{}) ([]byte, error) {
signerCert, err := kube.SecretTLSCert(c.secretsLister, c.resourceNamespace, c.issuer.GetSpec().CA.SecretName)
commonName := crt.Spec.CommonName
altNames := crt.Spec.AltNames
if len(commonName) == 0 || len(altNames) == 0 {
return nil, fmt.Errorf("no domains specified on certificate")
}
signerCert, err := kube.SecretTLSCert(c.secretsLister, c.resourceNamespace, c.issuer.GetSpec().CA.SecretName)
if err != nil {
return nil, fmt.Errorf("error getting issuer certificate: %s", err.Error())
}
signerKey, err := kube.SecretTLSKey(c.secretsLister, c.resourceNamespace, c.issuer.GetSpec().CA.SecretName)
if err != nil {
return nil, fmt.Errorf("error getting issuer private key: %s", err.Error())
}
crtPem, _, err := signCertificate(crt, signerCert, signeeKey, signerKey)
if err != nil {
return nil, err
}