weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Fix OtherName feature flag validation logic

Browse Source 
* Improve test comments for UniversalValue

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
This commit is contained in:
SpectralHiss 2024-01-03 13:53:49 +00:00
parent 3234974a38
commit d07dd3de5f
2 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
internal/apis/certmanager/validation/certificate.go
View File

@ -21,6 +21,7 @@ import (
"net"
"net/mail"
"strings"
"unicode/utf8"
admissionv1 "k8s.io/api/admission/v1"
apivalidation "k8s.io/apimachinery/pkg/api/validation"
@ -126,19 +127,19 @@ func ValidateCertificateSpec(crt *internalcmapi.CertificateSpec, fldPath *field.
if len(crt.OtherNames) > 0 {
if !utilfeature.DefaultFeatureGate.Enabled(feature.OtherNames) {
el = append(el, field.Forbidden(fldPath.Child("OtherNames"), "Feature gate OtherNames must be enabled on both webhook and controller to use the alpha `otherNames` field"))
}
} else {
for i, otherName := range crt.OtherNames {
if otherName.OID == "" {
el = append(el, field.Required(fldPath.Child("otherNames").Index(i).Child("oid"), "must be specified"))
}
for i, otherName := range crt.OtherNames {
if otherName.OID == "" {
el = append(el, field.Required(fldPath.Child("otherNames").Index(i).Child("oid"), "must be specified"))
}
if _, err := pki.ParseObjectIdentifier(otherName.OID); err != nil {
el = append(el, field.Invalid(fldPath.Child("otherNames").Index(i).Child("oid"), otherName.OID, "oid syntax invalid"))
}
if _, err := pki.ParseObjectIdentifier(otherName.OID); err != nil {
el = append(el, field.Invalid(fldPath.Child("otherNames").Index(i).Child("oid"), otherName.OID, "oid syntax invalid"))
}
if otherName.UTF8Value == "" {
el = append(el, field.Required(fldPath.Child("otherNames").Index(i).Child("utf8Value"), "must be specified"))
if otherName.UTF8Value == "" || !utf8.ValidString(otherName.UTF8Value) {
el = append(el, field.Required(fldPath.Child("otherNames").Index(i).Child("utf8Value"), "must be set to a valid non-empty UTF8 string"))
}
}
}
}

2
pkg/util/pki/asn1_util_test.go
View File

@ -123,6 +123,8 @@ func TestMarshalAndUnmarshalUniversalValue(t *testing.T) {
{
name: "Test with Bytes",
uv: UniversalValue{
// Ia5String byte array with value "test"
// https://lapo.it/asn1js/#FgR0ZXN0
Bytes: []byte{0x16, 0x04, 0x74, 0x65, 0x73, 0x74},
},
overrideRoundtripUv: &UniversalValue{