weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,207 Commits 45 Branches 0 Tags 96 MiB
ae4249b9e2
Commit Graph

181 Commits

Author SHA1 Message Date
SpectralHiss
ae4249b9e2 Go style variable rename 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 14:54:08 +00:00
SpectralHiss
2f6dbc85d3 Change openssl SAN order to simplify test assetion 
* Ordering does not matter for the GeneralNames as it is a tagged
  context

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 13:07:34 +00:00
SpectralHiss
8e2365dd54 Add UTF8 marshalling unit tests 
* Add test names to pkg/util/pki/sans_test.go tests

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 11:58:26 +00:00
SpectralHiss
f4bbe66737 Fix IA5String test assertion 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 10:02:53 +00:00
SpectralHiss
c87a2f6691 Add early feedback validation for otherName syntax and tests 
* Fixed warning

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-19 20:02:02 +00:00
SpectralHiss
4bdee5f010 Rename otherNameSANs to otherNames 
* Improve the CRD godoc comments

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 16:21:56 +00:00
SpectralHiss
45a8bb7edf Modified one sans processing test case to make more useful 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:37:25 +00:00
Tim Ramlot
721f71ed60 Refactor the solution 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:37:21 +00:00
Tim Ramlot
7b7912022a Add feature gate 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:16:06 +00:00
Tim Ramlot
bfd9a65160 Add OtherNameSANs field to Certificates 
* Added an otherName SAN extension mechanism
* Can take any otherName OID with String (UTF-8) like value
* cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for
  more info
* otherName is only a subset of GeneralName, our specific need for for
  UserPrincipalName used in Microsoft AD/ LDAP
* We treat UPN special but we might remove this in a later commit

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:12:23 +00:00
Tim Ramlot
849b6bda9e
add tests & final cleanup 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-12 15:57:07 +01:00
Tim Ramlot
cfaf3f338e
cleanup code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-12 13:47:55 +01:00
tanujd11
da84cf5b88 fix: imports 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-12 17:10:32 +05:30
tanujd11
652feb50cc Addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-12 17:05:33 +05:30
tanujd11
5f0a715863 add nameConstraints from openssl 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-12 00:40:45 +05:30
tanujd11
bc75f8488d fix: structure of nameconstraint in CSR 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-11 18:00:15 +05:30
tanujd11
a29a5913d0 addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 23:42:35 +05:30
tanujd11
28ca4312b3 fix: additional review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
8d362439a8 fix UTs 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
84d7dd4aed Addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
d1b3e5ca83 Move critical from NameConstraintItem to NameConstraint and remove validateNameConstraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:29 +05:30
tanujd11
adb9311f56 validate name constraint before signing CSR 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:29:45 +05:30
tanujd11
50d84c1bbc nits: added new line at EOF and comment fix 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:42 +05:30
tanujd11
589030dec1 feature: added name constraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:31 +05:30
Tim Ramlot
767764d598
refactor GenerateCSR and deprecated the helper functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-06 18:16:19 +01:00
jetstack-bot
df4d15ce4a
Merge pull request #6053 from inteon/critical_change 
Make KeyUsage and BasicConstraints Critical extensions in the CSR blob
 2023-10-05 17:13:56 +02:00
jetstack-bot
cce304b9d6
Merge pull request #6293 from SgtCoDFish/ipv6compare 
Fix invalid handling of ip addresses in comparisons
 2023-08-24 16:36:48 +02:00
Ashley Davis
bbbc758ccd
fix invalid handling of ip addresses in comparisons 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-08-24 15:21:42 +01:00
Tim Ramlot
1858ccf369
remove MaxPathLen CSR blob validation logic 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-23 14:24:36 +02:00
Tim Ramlot
5ba29272c0
add validation to pki CertificateTemplate function 
and add support for add DontAllowInsecureCSRUsageDefinition featuregate
to use old behavior in controller

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-05 13:04:21 +02:00
Tim Ramlot
02b008fe6d
improve documentation of ParseSingleCertificateChain 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-22 12:46:08 +02:00
Tim Ramlot
bdb685d62e
ip address is missing from error message 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-14 21:32:13 +02:00
cui fliter
4723347260 fix function name in comments 
Signed-off-by: cui fliter <imcusg@gmail.com>
 2023-06-07 17:17:07 +08:00
jetstack-bot
c5e6bf39d6
Merge pull request #6054 from inteon/correct_versions 
Use Version 3 for *x509.Certificate
 2023-05-26 13:57:32 +01:00
irbekrm
b1a59164e0 Don't import controller's feature gate setup into a shared library 
To prevent controller's feature gates from overwriting other component's feature gates

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-23 12:01:30 +01:00
Tim Ramlot
9606f4d5fe
make KeyUsage and BasicConstraints Critical extensions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-11 10:29:02 +02:00
Tim Ramlot
e7530880ce
use Version 3 for all Certificates and Version 0 for all CertificateRequests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-11 10:21:55 +02:00
Tim Ramlot
20599d1d35
remove CertificateTemplateAddKeyUsages 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-10 19:22:49 +02:00
Tim Ramlot
0cf0f80b40
switch to non-deprecated functions in source code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-10 19:22:49 +02:00
Tim Ramlot
1c2662af82
cleanup CSR & CertificateTemplate util code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-10 19:22:49 +02:00
Tim Ramlot
eaf8844e6d
BUGFIX: when setting a LiteralSubject, the RequestMatchesSpec function does skip too many checks 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-01-27 15:55:12 +01:00
Tim Ramlot
23de5240e9
move utility functions to reduce fragmentation and rename functions for consistency 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-01-23 13:19:39 +01:00
Houssem El Fekih
8af2d64f3b Gofmt files 
Signed-off-by: Houssem El Fekih <houssem.elfekih@jetstack.io>
 2022-11-18 10:55:56 +00:00
Houssem El Fekih
f41cf33efe Add support for required LDAP (rfc4514) RDNs in LiteralSubject 
* Add OID translation for mandatory DC component
* Used extensively in LDAP certificates, also required by rfc5280
* Add support for UID, mentioned in LDAP RFC
* solves https://github.com/cert-manager/cert-manager/issues/5582

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2022-11-18 10:22:39 +00:00
Sathyanarayanan Saravanamuthu
860ba8465a Addressing review comments 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-11-10 14:27:26 +05:30
Sathyanarayanan Saravanamuthu
d4de98d35b Adding unit tests 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-11-06 09:36:26 +05:30
Sathyanarayanan Saravanamuthu
bb39c5cf79 Fixing CA flag in basic constraints extension 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-11-03 15:34:25 +05:30
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
Alessandro Vermeulen
1da01211ee Feature gated support for using literal subjects in Certificates 
Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>
 2022-06-08 20:50:00 +02:00