From e9dfbb7a1a11956391a50155beb64f8bf6c142f6 Mon Sep 17 00:00:00 2001 From: exceptionfactory Date: Tue, 8 Dec 2020 11:23:16 -0500 Subject: [PATCH] Updated PKCS12 API docs and corrected code formatting #3373 Signed-off-by: David Handermann --- pkg/apis/certmanager/v1/types_certificate.go | 6 ++++++ .../certificates/internal/secretsmanager/keystore.go | 6 ++++-- .../internal/secretsmanager/keystore_test.go | 10 +++++----- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/pkg/apis/certmanager/v1/types_certificate.go b/pkg/apis/certmanager/v1/types_certificate.go index 9a53c2c46..8135234cd 100644 --- a/pkg/apis/certmanager/v1/types_certificate.go +++ b/pkg/apis/certmanager/v1/types_certificate.go @@ -279,6 +279,9 @@ type JKSKeystore struct { // Secret resource, encrypted using the password stored in // `passwordSecretRef`. // The keystore file will only be updated upon re-issuance. + // A file named `truststore.jks` will also be created in the target + // Secret resource, encrypted using the password stored in + // `passwordSecretRef` containing the issuing Certificate Authority Create bool `json:"create"` // PasswordSecretRef is a reference to a key in a Secret resource @@ -294,6 +297,9 @@ type PKCS12Keystore struct { // Secret resource, encrypted using the password stored in // `passwordSecretRef`. // The keystore file will only be updated upon re-issuance. + // A file named `truststore.p12` will also be created in the target + // Secret resource, encrypted using the password stored in + // `passwordSecretRef` containing the issuing Certificate Authority Create bool `json:"create"` // PasswordSecretRef is a reference to a key in a Secret resource diff --git a/pkg/controller/certificates/internal/secretsmanager/keystore.go b/pkg/controller/certificates/internal/secretsmanager/keystore.go index d4a3c900c..3107b89dd 100644 --- a/pkg/controller/certificates/internal/secretsmanager/keystore.go +++ b/pkg/controller/certificates/internal/secretsmanager/keystore.go @@ -37,12 +37,14 @@ import ( const ( // pkcs12SecretKey is the name of the data entry in the Secret resource // used to store the p12 file. - pkcs12SecretKey = "keystore.p12" + pkcs12SecretKey = "keystore.p12" + // Data Entry Name in the Secret resource for PKCS12 containing Certificate Authority pkcs12TruststoreKey = "truststore.p12" // jksSecretKey is the name of the data entry in the Secret resource // used to store the jks file. - jksSecretKey = "keystore.jks" + jksSecretKey = "keystore.jks" + // Data Entry Name in the Secret resource for JKS containing Certificate Authority jksTruststoreKey = "truststore.jks" ) diff --git a/pkg/controller/certificates/internal/secretsmanager/keystore_test.go b/pkg/controller/certificates/internal/secretsmanager/keystore_test.go index 3a92a4fd8..ecc53f5c3 100644 --- a/pkg/controller/certificates/internal/secretsmanager/keystore_test.go +++ b/pkg/controller/certificates/internal/secretsmanager/keystore_test.go @@ -347,14 +347,14 @@ func TestEncodePKCS12Keystore(t *testing.T) { func TestEncodePKCS12Truststore(t *testing.T) { tests := map[string]struct { - password string - caPEM []byte - verify func(t *testing.T, caPEM []byte, out []byte, err error) - run func(t testing.T) + password string + caPEM []byte + verify func(t *testing.T, caPEM []byte, out []byte, err error) + run func(t testing.T) }{ "encode a PKCS12 bundle for a CA": { password: "password", - caPEM: mustSelfSignCertificate(t, nil), + caPEM: mustSelfSignCertificate(t, nil), verify: func(t *testing.T, caPEM []byte, out []byte, err error) { if err != nil { t.Errorf("expected no error but got: %v", err)