diff options
| author |   Remigiusz Janeczek <remigiusz.janeczek@nokia.com> | 2020-10-29 14:03:25 +0100 |
|---|---|---|
| committer | Remigiusz Janeczek <remigiusz.janeczek@nokia.com> | 2020-11-02 15:15:18 +0100 |
| commit | 9879e0147fc076114c7226bd6130d25c14770639 (patch) | |
| tree | 2a43ea6723cfc4e4caf325155061bdb90d5990e1 /certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr.go | |
| parent | a622e8871c9bea86aff16ffe5ae021abe08326fe (diff) | |
[OOM-K8S-CERT-EXTERNAL-PROVIDER] Filter not supported CSR properties
Align EJBCA config with OOM
Issue-ID: OOM-2559
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I8ab73c84415e1ea1b09b6210ffbf84386315f9eb
Diffstat (limited to 'certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr.go')
| -rw-r--r-- | certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr.go | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr.go new file mode 100644 index 00000000..1a86866b --- /dev/null +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr.go @@ -0,0 +1,62 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-k8s-external-provider + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package csr + +import ( + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + + x509utils "onap.org/oom-certservice/k8s-external-provider/src/x509" +) + +func FilterFieldsFromCSR(csrBytes []byte, privateKeyBytes []byte) ([]byte, error) { + csr, err := x509utils.DecodeCSR(csrBytes) + if err != nil { + return nil, err + } + + key, err := x509utils.DecodePrivateKey(privateKeyBytes) + if err != nil { + return nil, err + } + + filteredSubject := filterFieldsFromSubject(csr.Subject) + + filteredCsr, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{ + Subject: filteredSubject, + DNSNames: csr.DNSNames, + }, key) + if err != nil { + return nil, err + } + + csrBytes = pem.EncodeToMemory(&pem.Block{Type: x509utils.PemCsrType, Bytes: filteredCsr}) + return csrBytes, nil +} + +func filterFieldsFromSubject(subject pkix.Name) pkix.Name { + subject.StreetAddress = []string{} + subject.SerialNumber = "" + subject.PostalCode = []string{} + return subject +} |