weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,209 Commits 45 Branches 0 Tags 96 MiB
1b48cb664b
Commit Graph

8209 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
SpectralHiss
1b48cb664b Fix csr_test.go critical SAN on tests without Subjects 
* Also fixed the conformance e2e test by including a Subject and
  matching the values

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 18:44:49 +00:00
SpectralHiss
c59037a19b Simplify e2e test fixture for otherName 
* Fix Bug in critical on empty subject logic

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 17:48:50 +00:00
SpectralHiss
ae4249b9e2 Go style variable rename 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 14:54:08 +00:00
SpectralHiss
2f6dbc85d3 Change openssl SAN order to simplify test assetion 
* Ordering does not matter for the GeneralNames as it is a tagged
  context

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 13:07:34 +00:00
SpectralHiss
120240fec2 Add critical extension to only SAN 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 12:06:33 +00:00
SpectralHiss
8e2365dd54 Add UTF8 marshalling unit tests 
* Add test names to pkg/util/pki/sans_test.go tests

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 11:58:26 +00:00
SpectralHiss
f4bbe66737 Fix IA5String test assertion 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 10:02:53 +00:00
SpectralHiss
78d6e1b491 Add OtherNames e2e test to conformance suite 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 15:29:31 +00:00
SpectralHiss
e7f29f8bb3 UTF8Value -> utf8Value in CRD JSON schema 
* Still following Go standard with UTF8Value for struct field name

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 08:30:54 +00:00
SpectralHiss
c87a2f6691 Add early feedback validation for otherName syntax and tests 
* Fixed warning

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-19 20:02:02 +00:00
SpectralHiss
95b9345a5d Make UTF8Value godoc comment more clear 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 17:05:12 +00:00
SpectralHiss
4bdee5f010 Rename otherNameSANs to otherNames 
* Improve the CRD godoc comments

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 16:21:56 +00:00
SpectralHiss
45a8bb7edf Modified one sans processing test case to make more useful 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:37:25 +00:00
Tim Ramlot
721f71ed60 Refactor the solution 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:37:21 +00:00
Tim Ramlot
7b7912022a Add feature gate 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:16:06 +00:00
Tim Ramlot
bfd9a65160 Add OtherNameSANs field to Certificates 
* Added an otherName SAN extension mechanism
* Can take any otherName OID with String (UTF-8) like value
* cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for
  more info
* otherName is only a subset of GeneralName, our specific need for for
  UserPrincipalName used in Microsoft AD/ LDAP
* We treat UPN special but we might remove this in a later commit

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:12:23 +00:00
jetstack-bot
8da699a735
Merge pull request #6542 from tanujd11/fix/name-constraints-csr-structure 
fix: structure of nameconstraint in CSR
 2023-12-12 16:07:16 +00:00
jetstack-bot
4ae25789a2
Merge pull request #6537 from wallrj/golangci-lint 
Add the golangci-lint GitHub action
 2023-12-12 15:22:03 +00:00
Tim Ramlot
849b6bda9e
add tests & final cleanup 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-12 15:57:07 +01:00
Tim Ramlot
cfaf3f338e
cleanup code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-12 13:47:55 +01:00
tanujd11
da84cf5b88 fix: imports 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-12 17:10:32 +05:30
tanujd11
652feb50cc Addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-12 17:05:33 +05:30
tanujd11
5f0a715863 add nameConstraints from openssl 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-12 00:40:45 +05:30
jetstack-bot
37e425c4da
Merge pull request #6545 from wallrj/bump-go 
Bump Go to 1.21.5
 2023-12-11 18:05:47 +00:00
Richard Wall
f3a91ac8aa Bump Go to 1.21.5 
- go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages.
- go1.21.5 (released 2023-12-05) includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler, the go command, the runtime, and the crypto/rand, net, os, and syscall packages.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-11 17:27:09 +00:00
tanujd11
bc75f8488d fix: structure of nameconstraint in CSR 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-11 18:00:15 +05:30
jetstack-bot
e8d279025c
Merge pull request #6500 from tanujd11/feature/ca-cert-name-constraint 
feature: added name constraints in certs with isCA enabled
 2023-12-08 12:18:42 +00:00
tanujd11
a29a5913d0 addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 23:42:35 +05:30
Richard Wall
70cf0d200b Add the golangci-lint GitHub action 
Initially we enable only the gosec linter and only check G112
because that has been addressed in #6534.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-07 18:03:04 +00:00
tanujd11
28ca4312b3 fix: additional review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
8d362439a8 fix UTs 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
84d7dd4aed Addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
d1b3e5ca83 Move critical from NameConstraintItem to NameConstraint and remove validateNameConstraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:29 +05:30
tanujd11
adb9311f56 validate name constraint before signing CSR 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:29:45 +05:30
tanujd11
50d84c1bbc nits: added new line at EOF and comment fix 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:42 +05:30
tanujd11
589030dec1 feature: added name constraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:31 +05:30
jetstack-bot
e7e3e5f4de
Merge pull request #6534 from wallrj/server-timeout 
Mitigate potential Slowloris attacks by setting ReadHeaderTimeout in all http.Server instances
 2023-12-07 13:28:05 +01:00
jetstack-bot
5484a92df8
Merge pull request #6535 from inteon/cleanup_generate_csr 
Refactor GenerateCSR and deprecate the helper functions
 2023-12-07 13:15:05 +01:00
Richard Wall
8bed166858 Add ReadHeaderTimeout to all http.Server where that setting is missing 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-07 11:42:22 +00:00
Tim Ramlot
767764d598
refactor GenerateCSR and deprecated the helper functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-06 18:16:19 +01:00
jetstack-bot
4209de2371
Merge pull request #6533 from inteon/cleanup_literal_subject_validation 
BUGFIX: LiteralCertificateSubject webhook logic
 2023-12-06 16:24:44 +01:00
Tim Ramlot
c5d7f15aa1
LiteralCertificateSubject: improve webhook logic 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-06 16:09:06 +01:00
jetstack-bot
40951826ab
Merge pull request #6531 from inteon/rename_fields_internal_api 
Rename internal API fields to match the field names in the public API
 2023-12-06 14:46:43 +01:00
Tim Ramlot
25eec9514a
rename internal API fields to match the fieldnames in the public API 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-06 13:59:59 +01:00
jetstack-bot
202a80e218
Merge pull request #6519 from JoeNorth/master 
Update AWS SDK for Go to 1.48.7
 2023-11-29 15:12:49 +01:00
Tim Ramlot
63c1636a83
run 'make tidy' and 'make update-licenses' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-29 13:41:46 +01:00
Joe North
4e03eb1283 Update AWS SDK for Go version 
Signed-off-by: Joe North <jbnorth@amazon.com>
 2023-11-28 19:55:23 +00:00
jetstack-bot
e47444db80
Merge pull request #6491 from inteon/pprof_non_leaders 
BUGFIX: run pprof server on non-leaderelected replicas
 2023-11-27 19:52:06 +01:00
jetstack-bot
554ceac1c8
Merge pull request #6517 from inteon/use_pkcs12_legacyrc2 
Replace deprecated pkcs12 function call with pkcs12.LegacyRC2
 2023-11-27 17:34:06 +01:00
Tim Ramlot
6f7ebbed7b
replace deprecated pkcs12 function call with pkcs12.LegacyRC2 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-27 12:32:19 +01:00