weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
1,372 Commits 45 Branches 0 Tags 96 MiB
c1bd9c4a2e
Commit Graph

56 Commits

Author SHA1 Message Date
James Munnelly
c1bd9c4a2e Add missing call to retryOrder in existing order value for private key check 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-15 23:02:17 +01:00
James Munnelly
965757cce0 Retry order if existing Order certificate is invalid 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-15 23:02:17 +01:00
James Munnelly
403a746bfa Always reset LastFailureTime in retryOrder 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-15 23:02:17 +01:00
James Munnelly
87a479e6cb Add extra comments in ACME Issuer function 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-15 23:02:17 +01:00
James Munnelly
f553f8e8a4 Move existing order checking into own function 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-15 23:02:17 +01:00
James Munnelly
f2551d3832 Reorder checking for existingOrder 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-15 23:02:17 +01:00
James Munnelly
e4399e87c5 Move private key generation to start of Issue 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-15 23:02:17 +01:00
James Munnelly
536b6fd76f Refactor ACME issuer generate private key code 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-15 23:02:17 +01:00
James Munnelly
374db0b458 Refactor ACME issuer cleanup orders code 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-15 23:02:17 +01:00
James Munnelly
d323a1df0d Add unit tests for acmeorders and acmechallenges 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:39 +01:00
James Munnelly
9214615d6e Fix race issues in ACME issue function. Add extended unit tests. 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:39 +01:00
James Munnelly
ad99639b44 Fix failing test 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:38 +01:00
James Munnelly
847d0c6152 Refactor controllers to return Response structures 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:38 +01:00
James Munnelly
f8b1e653f3 Refactor ACME Issuer to create and manage Order resources 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:37 +01:00
Max Ehrlich
511650ca82
ACME issuers currently will not support getting the CA certificate 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-09-13 17:07:14 -04:00
James Munnelly
51195e4c5f Update license header and add header to every file 
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
 2018-08-13 15:53:37 +01:00
James Munnelly
c169a1ffc1 Catch edge case where the CN and DNSNames on a Certificate have been reordered 2018-08-08 20:19:16 +01:00
James Munnelly
0dd3155fb2 Add logic to handle ready vs valid ACME orders 2018-08-08 13:39:34 +01:00
James Munnelly
2fcbee05b7 Update ACME issuer 2018-08-07 16:13:46 +01:00
James Munnelly
36f9f356cd Refactor ACME client construction into dedicated ACME package 2018-08-07 15:22:53 +01:00
James Munnelly
686e9159e5 Wait for ACME Orders to be in 'ready' state before attempting finalization 2018-07-25 18:05:45 +01:00
Afolabi Badmos
445e522432 Add support for EC keys 
- This PR adds two fields to CertificateSpec:
  - `keyAlgorithm`, denotes which algorithm to use when generating
    a private key. Can be either `rsa` or `ecdsa`. When not set, the
    default algorithm used `rsa`.
  - `keySize`, denotes the key size of the private key being generated.
    For `rsa`, minimum key size is 2048 and maximum is 8192.
    For `ecdsa`, sizes 224, 256, 384 & 521 are supported.
    See https://golang.org/pkg/crypto/elliptic

- `keySize` can be set without being explicit about `keyAlgorithm`.
  - If `keySize` is specified and `keyAlgorithm` is not provided, `rsa` will
    be used as the key algorithm.

- `keyAlgorithm` can be set without being explicit about `keySize`.
  - If `keyAlgorithm` is specified and `keySize` is not provided, key size
    key size of `256` will be used for `ecdsa` key algorithm and
    key size of `2048` will be used for `rsa` key algorithm.

- helper functions in `pki` package now return crypto.PrivateKey
 2018-07-17 12:42:07 -04:00
James Munnelly
1fd8cdf13e Create common GenerateCSR and GenerateTemplate methods for creating Certificate/CertificateRequest 2018-06-08 15:15:27 +01:00
James Munnelly
0a960d46b2 Fix bug in issue method preventing cert issuance 2018-04-12 16:50:03 +01:00
James Munnelly
70dde521a1 Set status conditions on validation success. Call WaitOrder instead of GetOrder in issue. 2018-04-11 23:30:54 +01:00
James Munnelly
1d52cbeec7 Remove unused strings and standardise event reasons 2018-04-09 21:26:38 +01:00
James Munnelly
d197817fa7 Improve error reporting and use of status conditions 2018-04-09 21:17:51 +01:00
James Munnelly
1485546ed5 Clear ACME order URL if FinalizeOrder fails with 4xx error 2018-04-09 20:02:26 +01:00
James Munnelly
4b361348ef Rewrite ACME issuer to use new ACMEOrderChallenge struct 2018-04-09 15:40:32 +01:00
James Munnelly
f2ddd1d111 Change DNSNames/CommonNameForCertificate function to not return an error 2018-04-04 23:37:37 +01:00
James Munnelly
e91dfc40af Fix ACME CSR generation 2018-03-23 18:50:46 +00:00
James Munnelly
0a0747dac7 Move OrderURL into OrderStatus struct and fix up http solver 2018-03-23 18:50:45 +00:00
James Munnelly
8542e1c3a4 Use order finalize url when finalizing 2018-03-23 18:50:45 +00:00
James Munnelly
7dc50cdea6 Rewrite acme issuer for acme v2 2018-03-23 18:50:44 +00:00
James Munnelly
fa7e052ac1 Move to github.com/jetstack/cert-manager repo 2017-11-03 16:41:39 +00:00
James Munnelly
a4a40bdf2d Fix checking for invalid data in issuer secrets 2017-10-26 22:47:17 +01:00
James Munnelly
9d933d9e11 Only update certificate status in the controller package to stop conflicts 2017-10-13 20:15:29 +01:00
James Munnelly
2600cb8e14 Fix up altName->dnsName change 2017-10-13 14:04:14 +01:00
James Munnelly
a4b1d346c7 Fix invalid check for empty certificate domains 2017-10-13 13:05:21 +01:00
James Munnelly
f8107e6fcc Use CommonName and AltNames fields on Certificate resource 2017-10-13 12:50:07 +01:00
James Munnelly
a2d9733f21 Update implementation for new field names/types 2017-10-13 11:43:52 +01:00
James Munnelly
852e250a69 Add clusterissuer controller 2017-09-22 00:10:42 +01:00
James Munnelly
7c425ee86f Switch issuer implementations to use GenericIssuer 2017-09-21 23:27:41 +01:00
James Munnelly
c4980baaca Use context throughout issuer implementation 2017-09-21 20:45:43 +01:00
James Munnelly
d506d35cf1 Don't log issuance & renew success/failure twice 2017-09-11 10:47:59 +01:00
James Munnelly
9ba1a35fa1 Update ACME Issue & Renew methods 2017-09-11 10:47:59 +01:00
James Munnelly
89588bb281 Split GetKeyPair method into two methods 2017-09-10 22:54:55 +01:00
James Munnelly
2e551f58b5 Update ACME implementation for new structure. Add util/pki. 2017-09-10 21:13:37 +01:00
James Munnelly
00389b6da3 Refactor Issuer interface to allow returning updated Status 2017-09-08 21:41:15 +01:00
James Munnelly
7937b0384c Update import paths 2017-08-07 14:46:58 +01:00