cert-manager

Author	SHA1	Message	Date
Tim Ramlot	e157729991	fix typo in name and add comment explaining genericEqualUnsorted Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-04 14:02:36 +01:00
Tim Ramlot	950948e465	start using the new 'slices' library and deprecate old util functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-04 09:32:17 +01:00
Tim Ramlot	41404a7fd7	rename UseCertificateRequestNameConstraints to NameConstraints Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 15:49:18 +01:00
jetstack-bot	cc8925ae9f	Merge pull request #6404 from SpectralHiss/hef/otherNameSANs Other name sans support in Certificates	2024-01-03 14:16:23 +00:00
Houssem El Fekih	ddc1dffe87	Update pkg/util/pki/asn1_util.go Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com> Signed-off-by: Houssem El Fekih <hassoum92@hotmail.com>	2024-01-03 13:30:42 +00:00
Richard Wall	036e3a8e74	Replace all uses of sets.String with the generic sets.Set Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-02 17:24:38 +00:00
Richard Wall	4aa373b733	Deprecate RandStringBytes and RandStringRunes Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-02 15:02:14 +00:00
Richard Wall	d468830b23	Fix gosec G404 Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-02 12:33:46 +00:00
jetstack-bot	5e09dd3059	Merge pull request #6561 from inteon/parse_certificate_chain Certificate chain parsing	2023-12-27 09:59:53 +00:00
SpectralHiss	1b48cb664b	Fix csr_test.go critical SAN on tests without Subjects * Also fixed the conformance e2e test by including a Subject and matching the values Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-21 18:44:49 +00:00
SpectralHiss	c59037a19b	Simplify e2e test fixture for otherName * Fix Bug in critical on empty subject logic Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-21 17:48:50 +00:00
SpectralHiss	ae4249b9e2	Go style variable rename Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-21 14:54:08 +00:00
SpectralHiss	2f6dbc85d3	Change openssl SAN order to simplify test assetion * Ordering does not matter for the GeneralNames as it is a tagged context Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-21 13:07:34 +00:00
SpectralHiss	8e2365dd54	Add UTF8 marshalling unit tests * Add test names to pkg/util/pki/sans_test.go tests Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-21 11:58:26 +00:00
SpectralHiss	f4bbe66737	Fix IA5String test assertion Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-21 10:02:53 +00:00
Richard Wall	4de9e956e5	Fix gosec G601: Implicit memory aliasing of items from a range statement Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-12-20 17:25:41 +00:00
Tim Ramlot	f2af5672ee	add additional validation checks Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-20 10:13:11 +01:00
Tim Ramlot	cd58042746	improve the algorithm and add prevent DOS Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-20 10:13:11 +01:00
Tim Ramlot	c81609cdef	move certificate chain parsing to seperate file Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-20 10:13:07 +01:00
SpectralHiss	c87a2f6691	Add early feedback validation for otherName syntax and tests * Fixed warning Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-19 20:02:02 +00:00
SpectralHiss	4bdee5f010	Rename otherNameSANs to otherNames * Improve the CRD godoc comments Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-13 16:21:56 +00:00
SpectralHiss	45a8bb7edf	Modified one sans processing test case to make more useful Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-13 09:37:25 +00:00
Tim Ramlot	721f71ed60	Refactor the solution Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-13 09:37:21 +00:00
Tim Ramlot	7b7912022a	Add feature gate Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-13 09:16:06 +00:00
Tim Ramlot	bfd9a65160	Add OtherNameSANs field to Certificates * Added an otherName SAN extension mechanism * Can take any otherName OID with String (UTF-8) like value * cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for more info * otherName is only a subset of GeneralName, our specific need for for UserPrincipalName used in Microsoft AD/ LDAP * We treat UPN special but we might remove this in a later commit Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-13 09:12:23 +00:00
Tim Ramlot	849b6bda9e	add tests & final cleanup Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-12 15:57:07 +01:00
Tim Ramlot	cfaf3f338e	cleanup code Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-12 13:47:55 +01:00
tanujd11	da84cf5b88	fix: imports Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-12 17:10:32 +05:30
tanujd11	652feb50cc	Addressed review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-12 17:05:33 +05:30
tanujd11	5f0a715863	add nameConstraints from openssl Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-12 00:40:45 +05:30
tanujd11	bc75f8488d	fix: structure of nameconstraint in CSR Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-11 18:00:15 +05:30
tanujd11	a29a5913d0	addressed review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 23:42:35 +05:30
tanujd11	28ca4312b3	fix: additional review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	8d362439a8	fix UTs Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	84d7dd4aed	Addressed review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	d1b3e5ca83	Move critical from NameConstraintItem to NameConstraint and remove validateNameConstraints Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:29 +05:30
tanujd11	adb9311f56	validate name constraint before signing CSR Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:29:45 +05:30
tanujd11	50d84c1bbc	nits: added new line at EOF and comment fix Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:27:42 +05:30
tanujd11	589030dec1	feature: added name constraints Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:27:31 +05:30
Tim Ramlot	767764d598	refactor GenerateCSR and deprecated the helper functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-06 18:16:19 +01:00
jetstack-bot	df4d15ce4a	Merge pull request #6053 from inteon/critical_change Make KeyUsage and BasicConstraints Critical extensions in the CSR blob	2023-10-05 17:13:56 +02:00
Tim Ramlot	cf8e37291a	replace k8s.io/utils/pointer with k8s.io/utils/ptr Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-28 09:33:10 +02:00
Tim Ramlot	6a159bb2d7	fix changed slices.SortFunc signature Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-24 19:54:30 +02:00
jetstack-bot	cce304b9d6	Merge pull request #6293 from SgtCoDFish/ipv6compare Fix invalid handling of ip addresses in comparisons	2023-08-24 16:36:48 +02:00
Ashley Davis	bbbc758ccd	fix invalid handling of ip addresses in comparisons Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2023-08-24 15:21:42 +01:00
Tim Ramlot	1858ccf369	remove MaxPathLen CSR blob validation logic Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-23 14:24:36 +02:00
Tim Ramlot	ae287461d0	prepare cmctl improvements Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-01 10:32:35 +02:00
Cody W. Eilar	1243fe285b	Add to ability to start controller with config file Signed-off-by: Cody W. Eilar <ecody@vmware.com>	2023-07-27 16:44:38 -07:00
jetstack-bot	9de9809ac5	Merge pull request #6108 from inteon/ctl_logging Use logging library with json support in cmctl (part 1)	2023-07-27 17:54:51 +02:00
Tim Ramlot	5ba29272c0	add validation to pki CertificateTemplate function and add support for add DontAllowInsecureCSRUsageDefinition featuregate to use old behavior in controller Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-07-05 13:04:21 +02:00

1 2 3 4 5 ...

310 Commits