weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,918 Commits 45 Branches 0 Tags 96 MiB
4cec43bf93
Commit Graph

234 Commits

Author SHA1 Message Date
Tim Ramlot
c58b08e7b7
pki match: remove return values that are always nil 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-07-02 13:38:35 +02:00
cert-manager-prow[bot]
50abeda40d
Merge pull request #6987 from cbroglie/renew-before-pct 
feat: Add renewBeforePercentage alternative to renewBefore
 2024-07-01 09:45:23 +00:00
Christopher Broglie
0f74d7536e Add renewBeforePercentage alternative to renewBefore 
Since the actual duration is unknown until a cert has been issued,
providing an absolute duration for renewBefore can result in accidental
renewal loops. The new renewBeforePercentage field computes the
effective renewBefore using the actual duration, allowing users to
better express intent while maintaining backwards compatibility.

Fixes #4423, resolves #5821

Signed-off-by: Christopher Broglie <cbroglie@cloudflare.com>
 2024-06-29 21:18:15 -07:00
Tim Ramlot
e0cdfd37bf
introduce gen.CSRForCertificate and gen.CSRWithSignerForCertificate and use it to deduplicate test code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-14 15:53:18 +02:00
Tim Ramlot
0a45298971
improve tests based on review 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-10 20:44:07 +02:00
Tim Ramlot
9d1c959a1e
LiteralSubject: add support for literal oid type values 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-10 20:44:07 +02:00
Tim Ramlot
81232c2fe3
revert in-tree ParseDN function now that upstream ParseDN function has been fixed 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-09 21:41:09 +02:00
Tim Ramlot
d0e635fc36
remove deprecated ParseSubjectStringToRawDERBytes function & refactor and move tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-08 18:05:25 +02:00
Tim Ramlot
dd4f5f4e39
fix unparam linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-30 10:47:21 +02:00
Tim Ramlot
8ea7cbc362
fix forbidigo linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-30 10:01:34 +02:00
Tim Ramlot
ae98ba806b
fix gocritic linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:50:47 +02:00
Tim Ramlot
8bec192b90
fix unconvert linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:30:30 +02:00
Tim Ramlot
042f59d283
fix unused linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:29:00 +02:00
Tim Ramlot
a8b5178fc5
fix dupword linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 13:47:25 +02:00
Tim Ramlot
9db044b232
fix gci linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 13:47:25 +02:00
Tim Ramlot
38cd0accdb
graduate 'DisallowInsecureCSRUsageDefinition' to GA 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-26 16:14:31 +02:00
jetstack-bot
99fc8fb5f8
Merge pull request #6723 from inteon/add_generate_csr_test 
Add new testcase that generates a non-critical SAN extension to the GenerateCSR tests
 2024-03-22 21:51:34 +01:00
jetstack-bot
f56fc1ed1a
Merge pull request #6792 from inteon/bugfix_literalsubject 
bugfix: LiteralSubject match function reports incorrect mismatch
 2024-03-15 10:54:01 +01:00
Bill Waldrep
bf3d202c72
add new utility method to clarify cert decoding semantics 
Signed-off-by: Bill Waldrep <bwaldrep@palantir.com>
 2024-03-04 12:47:27 -05:00
Tim Ramlot
48759b271c
bugfix: LiteralSubject match function was broken 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-22 15:51:25 +01:00
Tim Ramlot
ed280d28cd
update test, with new error message 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-20 08:34:53 +01:00
Tim Ramlot
99942446ff
add benchmark 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-20 08:34:53 +01:00
Tim Ramlot
0f078859de
add error case to DNParse tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-20 08:34:53 +01:00
Tim Ramlot
a2b3cc81c3
stop using github.com/go-ldap/ldap/v3 ParseDN and use a custom ParseDN function instead 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-20 08:34:53 +01:00
jetstack-bot
d642df3b5f
Merge pull request #6770 from inteon/dn_parse_quick_fix 
Fix a memory bug in ldap's ParseDN function by disabling part of the functionality
 2024-02-19 15:02:30 +00:00
Tim Ramlot
4a8b8c4e09
Fix a memory bug in ldap's ParseDN function by disabling part of the functionality 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-19 12:55:06 +01:00
Yuedong Wu
baa73aa8ee fix webhook validation error msg 
and use commonName variable value

Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
 2024-02-19 10:16:38 +08:00
Tim Ramlot
ffb47e52fa
remove dead & deprecated code from cert-manager codebase 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-10 17:22:23 +01:00
Tim Ramlot
04220447bc
remove deprecated files and functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-08 10:45:06 +01:00
Tim Ramlot
0acde5b1a4
fix changed behavior: set critical flag of SANs extension based on subject 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-07 11:01:34 +01:00
Tim Ramlot
ed80c5be90
add new testcase that generates a non-critical SAN extension to the GenerateCSR tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-07 09:39:36 +01:00
SpectralHiss
892e6eef01 Fix OtherName Value UniversalValue .Type() detection 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-10 10:35:43 +00:00
SpectralHiss
0b83f78fff Remove redundant otherName match tests 
* We do not need to include otherName in fuzzy certificate detection
  checks

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 17:02:24 +00:00
Tim Ramlot
3dad3f320b
don't check OtherNames when fuzzy matching 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-09 16:41:13 +01:00
Tim Ramlot
736896d264
introduce UniversalValue 'Type()' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-09 16:40:32 +01:00
SpectralHiss
38c2b33a71 Add otherName detection to TestSecretDataAltNamesMatchSpec 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 14:01:09 +00:00
SpectralHiss
b6fdcede90 Add test for different order OtherName value 
* Simplify sorting implementation for OtherName slice equality

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 11:39:17 +00:00
SpectralHiss
7b13c72fed Detect otherName changes to CR trigger reissuance 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 09:58:43 +00:00
SpectralHiss
d186b61414 Add attribution to pkg/util/pki/asn1_util.go 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-08 13:34:09 +00:00
SpectralHiss
d07dd3de5f Fix OtherName feature flag validation logic 
* Improve test comments for UniversalValue

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-08 13:34:09 +00:00
Tim Ramlot
a49bc65b03
deprecate URLsFromStrings which is only used in other deprecated functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 11:50:13 +01:00
jetstack-bot
24d0fddec5
Merge pull request #6593 from inteon/use_slices 
Use slices go library
 2024-01-04 13:36:02 +00:00
Tim Ramlot
950948e465
start using the new 'slices' library and deprecate old util functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 09:32:17 +01:00
Tim Ramlot
9547fbdf94
add tests for the improvements made in #6561 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 17:25:15 +01:00
Tim Ramlot
41404a7fd7
rename UseCertificateRequestNameConstraints to NameConstraints 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 15:49:18 +01:00
jetstack-bot
cc8925ae9f
Merge pull request #6404 from SpectralHiss/hef/otherNameSANs 
Other name sans support in Certificates
 2024-01-03 14:16:23 +00:00
Houssem El Fekih
ddc1dffe87
Update pkg/util/pki/asn1_util.go 
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: Houssem El Fekih <hassoum92@hotmail.com>
 2024-01-03 13:30:42 +00:00
Richard Wall
036e3a8e74 Replace all uses of sets.String with the generic sets.Set 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-02 17:24:38 +00:00
SpectralHiss
1b48cb664b Fix csr_test.go critical SAN on tests without Subjects 
* Also fixed the conformance e2e test by including a Subject and
  matching the values

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 18:44:49 +00:00
SpectralHiss
c59037a19b Simplify e2e test fixture for otherName 
* Fix Bug in critical on empty subject logic

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 17:48:50 +00:00