weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
1,414 Commits 45 Branches 0 Tags 96 MiB
0478694963
Commit Graph

57 Commits

Author SHA1 Message Date
jetstack-bot
500957f37e
Merge pull request #968 from munnerz/sig-algo 
Update SignatureAlgorithm function to also return PublicKey type
 2018-10-16 15:03:37 +01:00
jetstack-bot
9eab875005
Merge pull request #967 from munnerz/unused-args 
Remove unused arg from GenerateTemplate
 2018-10-16 14:36:36 +01:00
James Munnelly
3b81bb594d Update unit tests 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-16 12:41:29 +01:00
James Munnelly
293bfd412f Update SignatureAlgorithm function to also return PublicKey type 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-16 12:31:24 +01:00
James Munnelly
03c6f1229f Remove unused arg from GenerateTemplate 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-16 12:29:38 +01:00
James Munnelly
09e0f1f188 Run //hack:update-bazel 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-16 10:27:04 +01:00
James Munnelly
f33561741f Remove unused/dead code 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-16 10:23:47 +01:00
James Munnelly
420683609b Add comments to pkg/util functions 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-16 10:16:34 +01:00
James Munnelly
84978d88d8 Add extra comments to acme and pki package 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-13 21:05:18 +01:00
James Munnelly
847d0c6152 Refactor controllers to return Response structures 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:38 +01:00
Max Ehrlich
41c7def791
Helper function to get PEM encoded bytes of x509 certs 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-09-13 17:07:14 -04:00
James Munnelly
b1f145625e Set up Bazel workspace with git status and pass ldflags 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-09-13 11:24:52 +01:00
James Munnelly
db65d6a170 run //hack:update-bazel 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-09-13 11:24:48 +01:00
Max Ehrlich
6a9f1d2348
Update code to allow setting multiple organizations 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-09-08 16:21:13 -04:00
Max Ehrlich
340d2725e7
Generate certificates with the new organization field 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-09-08 16:21:12 -04:00
James Munnelly
8d3d095a29 Add 'isCA' field to Certificate spec 
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
 2018-08-14 10:32:48 +01:00
James Munnelly
51195e4c5f Update license header and add header to every file 
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
 2018-08-13 15:53:37 +01:00
James Munnelly
2110aacc3b
Don't bundle the CA certificate when selfsigned 2018-08-09 16:32:10 +01:00
James Munnelly
503186c2d2 Add unit test for PublicKeyMatchesCertificate 2018-08-08 13:39:34 +01:00
James Munnelly
0dd3155fb2 Add logic to handle ready vs valid ACME orders 2018-08-08 13:39:34 +01:00
jetstack-bot
6348c6ffca
Merge pull request #722 from autonomic-ai/support-ec-keys 
Add keyAlgorithm and keySize fields to Certificates, and support ECDSA keys
 2018-07-18 10:00:36 +01:00
Afolabi Badmos
445e522432 Add support for EC keys 
- This PR adds two fields to CertificateSpec:
  - `keyAlgorithm`, denotes which algorithm to use when generating
    a private key. Can be either `rsa` or `ecdsa`. When not set, the
    default algorithm used `rsa`.
  - `keySize`, denotes the key size of the private key being generated.
    For `rsa`, minimum key size is 2048 and maximum is 8192.
    For `ecdsa`, sizes 224, 256, 384 & 521 are supported.
    See https://golang.org/pkg/crypto/elliptic

- `keySize` can be set without being explicit about `keyAlgorithm`.
  - If `keySize` is specified and `keyAlgorithm` is not provided, `rsa` will
    be used as the key algorithm.

- `keyAlgorithm` can be set without being explicit about `keySize`.
  - If `keyAlgorithm` is specified and `keySize` is not provided, key size
    key size of `256` will be used for `ecdsa` key algorithm and
    key size of `2048` will be used for `rsa` key algorithm.

- helper functions in `pki` package now return crypto.PrivateKey
 2018-07-17 12:42:07 -04:00
Louis Taylor
969c4530a0
Add Contains util function 2018-07-12 10:27:05 +01:00
James Munnelly
1fd8cdf13e Create common GenerateCSR and GenerateTemplate methods for creating Certificate/CertificateRequest 2018-06-08 15:15:27 +01:00
James Munnelly
b934852775 Merge branch 'master' into acmev2 2018-04-09 16:52:34 +01:00
Euan Kemp
6b4e33a483 util/useragent: use more verbose version 2018-04-06 18:09:52 -07:00
Euan Kemp
9c3b4e83b4 pkg/util/kube: set user-agent 
This should make it slightly easier to filter api-server logs for
cert-manager activity
 2018-04-06 18:09:17 -07:00
Euan Kemp
7f12fb346c issuer/acme: move 'user-agent' logic to util 
This logic should be shared by things like the aws client as well.
 2018-04-06 18:09:11 -07:00
James Munnelly
b866b8cdf4 Fix bug in EqualUnsorted when comparing lists of the same length 2018-04-04 23:40:08 +01:00
James Munnelly
f2ddd1d111 Change DNSNames/CommonNameForCertificate function to not return an error 2018-04-04 23:37:37 +01:00
James Munnelly
c3be0f204e Add ingress-shim controller to create Certificates based on annotations on ingress resources 2017-11-30 22:53:54 +00:00
jetstack-bot
e32147b695
Merge pull request #183 from munnerz/fix-issue-loop 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Improve validation of certificates. Fix bug in checking certificate validity

**What this PR does / why we need it**:

Improves the validation of dnsNames and commonNames on certificate resources.
Fixes a bug in checking certificate validity.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

Fixes #176, fixes #175

**Release note**:
```release-note
Fix a bug in checking certificate validity and improve validation of dnsNames and commonName
```
 2017-11-04 01:00:30 +00:00
James Munnelly
ffbfe2da3d Use ordered RemoveDuplicates. Add additional test cases. 2017-11-04 00:44:08 +00:00
James Munnelly
74d711ceef Add unit tests for cert->dnsName and cert->CN functions 2017-11-04 00:10:42 +00:00
James Munnelly
f3db0df7b6 Add RemoveDuplicates unit test 2017-11-03 23:58:25 +00:00
James Munnelly
6ac437699d Improve validation of certificates. Fix bug in checking certificate validity 2017-11-03 23:48:18 +00:00
James Munnelly
422f8fc4be Add basic validation to ACME issuer 2017-11-03 23:35:58 +00:00
James Munnelly
fa7e052ac1 Move to github.com/jetstack/cert-manager repo 2017-11-03 16:41:39 +00:00
James Munnelly
eb4be6859e Update controllers and issuers for new SharedInformerFactory 2017-11-03 15:26:19 +00:00
James Munnelly
9d933d9e11 Only update certificate status in the controller package to stop conflicts 2017-10-13 20:15:29 +01:00
James Munnelly
01e5833825 Make acmesolver image configurable through CLI. Use tagged version as default. 2017-10-13 16:39:06 +01:00
James Munnelly
187e91f9ae Default commonName to first altName if not specified 2017-10-13 12:50:07 +01:00
James Munnelly
f8107e6fcc Use CommonName and AltNames fields on Certificate resource 2017-10-13 12:50:07 +01:00
James Munnelly
a2d9733f21 Update implementation for new field names/types 2017-10-13 11:43:52 +01:00
James Munnelly
852e250a69 Add clusterissuer controller 2017-09-22 00:10:42 +01:00
James Munnelly
940b26127b Create context for each resource to be processed 2017-09-21 20:26:27 +01:00
James Munnelly
89588bb281 Split GetKeyPair method into two methods 2017-09-10 22:54:55 +01:00
James Munnelly
2e551f58b5 Update ACME implementation for new structure. Add util/pki. 2017-09-10 21:13:37 +01:00
James Munnelly
dc4335754f Move kube related utilities out of cmd 2017-09-10 21:11:34 +01:00
James Munnelly
f66855bd03 Add event recording. Split out cmd entrypoint. 2017-09-09 18:27:35 +01:00