Tim Ramlot
|
18b701b73e
|
overhaul of startupapicheck: add checks that mutation and validation work and add extensive testing
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-05-30 15:54:08 +02:00 |
|
Tim Ramlot
|
0a45298971
|
improve tests based on review
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-05-10 20:44:07 +02:00 |
|
Tim Ramlot
|
9d1c959a1e
|
LiteralSubject: add support for literal oid type values
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-05-10 20:44:07 +02:00 |
|
Tim Ramlot
|
81232c2fe3
|
revert in-tree ParseDN function now that upstream ParseDN function has been fixed
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-05-09 21:41:09 +02:00 |
|
Tim Ramlot
|
d0e635fc36
|
remove deprecated ParseSubjectStringToRawDERBytes function & refactor and move tests
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-05-08 18:05:25 +02:00 |
|
Tim Ramlot
|
dd4f5f4e39
|
fix unparam linter
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-04-30 10:47:21 +02:00 |
|
Tim Ramlot
|
8ea7cbc362
|
fix forbidigo linter
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-04-30 10:01:34 +02:00 |
|
Tim Ramlot
|
ae98ba806b
|
fix gocritic linter
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-04-29 15:50:47 +02:00 |
|
Tim Ramlot
|
8bec192b90
|
fix unconvert linter
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-04-29 15:30:30 +02:00 |
|
Tim Ramlot
|
042f59d283
|
fix unused linter
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-04-29 15:29:00 +02:00 |
|
Tim Ramlot
|
a8b5178fc5
|
fix dupword linter
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-04-29 13:47:25 +02:00 |
|
Tim Ramlot
|
9db044b232
|
fix gci linter
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-04-29 13:47:25 +02:00 |
|
Tim Ramlot
|
38cd0accdb
|
graduate 'DisallowInsecureCSRUsageDefinition' to GA
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-04-26 16:14:31 +02:00 |
|
jetstack-bot
|
b61de55abd
|
Merge pull request #6865 from wallrj/5803-cert-manager-user-agent-venafi-issuer
Add user-agent header in requests to Venafi API
|
2024-03-27 15:33:00 +01:00 |
|
jetstack-bot
|
99fc8fb5f8
|
Merge pull request #6723 from inteon/add_generate_csr_test
Add new testcase that generates a non-critical SAN extension to the GenerateCSR tests
|
2024-03-22 21:51:34 +01:00 |
|
Richard Wall
|
112c7b2e9e
|
An http.RoundTripper which adds the HTTP User-Agent header to all requests
This code existed in cert-manager once before and I'm reviving it.
Here's the history:
* Added:
https://github.com/cert-manager/cert-manager/pull/422
* Moved: https://github.com/cert-manager/cert-manager/pull/432
* Obsoleted: https://github.com/cert-manager/cert-manager/pull/797
* Deleted: https://github.com/cert-manager/cert-manager/pull/966
Signed-off-by: Richard Wall <richard.wall@venafi.com>
|
2024-03-20 10:24:47 +00:00 |
|
jetstack-bot
|
f56fc1ed1a
|
Merge pull request #6792 from inteon/bugfix_literalsubject
bugfix: LiteralSubject match function reports incorrect mismatch
|
2024-03-15 10:54:01 +01:00 |
|
Bill Waldrep
|
bf3d202c72
|
add new utility method to clarify cert decoding semantics
Signed-off-by: Bill Waldrep <bwaldrep@palantir.com>
|
2024-03-04 12:47:27 -05:00 |
|
Tim Ramlot
|
48759b271c
|
bugfix: LiteralSubject match function was broken
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-02-22 15:51:25 +01:00 |
|
Tim Ramlot
|
ed280d28cd
|
update test, with new error message
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-02-20 08:34:53 +01:00 |
|
Tim Ramlot
|
99942446ff
|
add benchmark
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-02-20 08:34:53 +01:00 |
|
Tim Ramlot
|
0f078859de
|
add error case to DNParse tests
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-02-20 08:34:53 +01:00 |
|
Tim Ramlot
|
a2b3cc81c3
|
stop using github.com/go-ldap/ldap/v3 ParseDN and use a custom ParseDN function instead
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-02-20 08:34:53 +01:00 |
|
jetstack-bot
|
d642df3b5f
|
Merge pull request #6770 from inteon/dn_parse_quick_fix
Fix a memory bug in ldap's ParseDN function by disabling part of the functionality
|
2024-02-19 15:02:30 +00:00 |
|
Tim Ramlot
|
4a8b8c4e09
|
Fix a memory bug in ldap's ParseDN function by disabling part of the functionality
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-02-19 12:55:06 +01:00 |
|
Yuedong Wu
|
baa73aa8ee
|
fix webhook validation error msg
and use commonName variable value
Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
|
2024-02-19 10:16:38 +08:00 |
|
Tim Ramlot
|
ffb47e52fa
|
remove dead & deprecated code from cert-manager codebase
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-02-10 17:22:23 +01:00 |
|
Tim Ramlot
|
04220447bc
|
remove deprecated files and functions
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-02-08 10:45:06 +01:00 |
|
Tim Ramlot
|
0acde5b1a4
|
fix changed behavior: set critical flag of SANs extension based on subject
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-02-07 11:01:34 +01:00 |
|
Tim Ramlot
|
ed80c5be90
|
add new testcase that generates a non-critical SAN extension to the GenerateCSR tests
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-02-07 09:39:36 +01:00 |
|
Tim Ramlot
|
5ac022ad70
|
remove versionchecker, because it was moved to cert-manager/cmctl
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-01-29 11:50:09 +01:00 |
|
SpectralHiss
|
892e6eef01
|
Fix OtherName Value UniversalValue .Type() detection
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
|
2024-01-10 10:35:43 +00:00 |
|
SpectralHiss
|
0b83f78fff
|
Remove redundant otherName match tests
* We do not need to include otherName in fuzzy certificate detection
checks
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
|
2024-01-09 17:02:24 +00:00 |
|
Tim Ramlot
|
3dad3f320b
|
don't check OtherNames when fuzzy matching
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-01-09 16:41:13 +01:00 |
|
Tim Ramlot
|
736896d264
|
introduce UniversalValue 'Type()'
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-01-09 16:40:32 +01:00 |
|
SpectralHiss
|
38c2b33a71
|
Add otherName detection to TestSecretDataAltNamesMatchSpec
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
|
2024-01-09 14:01:09 +00:00 |
|
SpectralHiss
|
b6fdcede90
|
Add test for different order OtherName value
* Simplify sorting implementation for OtherName slice equality
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
|
2024-01-09 11:39:17 +00:00 |
|
SpectralHiss
|
7b13c72fed
|
Detect otherName changes to CR trigger reissuance
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
|
2024-01-09 09:58:43 +00:00 |
|
SpectralHiss
|
d186b61414
|
Add attribution to pkg/util/pki/asn1_util.go
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
|
2024-01-08 13:34:09 +00:00 |
|
SpectralHiss
|
d07dd3de5f
|
Fix OtherName feature flag validation logic
* Improve test comments for UniversalValue
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
|
2024-01-08 13:34:09 +00:00 |
|
Tim Ramlot
|
a49bc65b03
|
deprecate URLsFromStrings which is only used in other deprecated functions
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-01-05 11:50:13 +01:00 |
|
Tim Ramlot
|
8ca617a8ea
|
replace custom util function with k8s.io/apimachinery/util/sets
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-01-04 14:38:30 +01:00 |
|
jetstack-bot
|
24d0fddec5
|
Merge pull request #6593 from inteon/use_slices
Use slices go library
|
2024-01-04 13:36:02 +00:00 |
|
Tim Ramlot
|
e157729991
|
fix typo in name and add comment explaining genericEqualUnsorted
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-01-04 14:02:36 +01:00 |
|
Tim Ramlot
|
950948e465
|
start using the new 'slices' library and deprecate old util functions
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-01-04 09:32:17 +01:00 |
|
Tim Ramlot
|
9547fbdf94
|
add tests for the improvements made in #6561
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-01-03 17:25:15 +01:00 |
|
Tim Ramlot
|
41404a7fd7
|
rename UseCertificateRequestNameConstraints to NameConstraints
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
2024-01-03 15:49:18 +01:00 |
|
jetstack-bot
|
cc8925ae9f
|
Merge pull request #6404 from SpectralHiss/hef/otherNameSANs
Other name sans support in Certificates
|
2024-01-03 14:16:23 +00:00 |
|
Houssem El Fekih
|
ddc1dffe87
|
Update pkg/util/pki/asn1_util.go
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: Houssem El Fekih <hassoum92@hotmail.com>
|
2024-01-03 13:30:42 +00:00 |
|
Richard Wall
|
036e3a8e74
|
Replace all uses of sets.String with the generic sets.Set
Signed-off-by: Richard Wall <richard.wall@venafi.com>
|
2024-01-02 17:24:38 +00:00 |
|