aboutsummaryrefslogtreecommitdiffstats
path: root/certServiceK8sExternalProvider/src/cmpv2provisioner
diff options
context:
space:
mode:
authorJan Malkiewicz <jan.malkiewicz@nokia.com>2020-10-28 08:19:08 +0100
committerJan Malkiewicz <jan.malkiewicz@nokia.com>2020-10-29 11:14:03 +0100
commit8795295e7783695618ebaa25951b8eb2e35f4333 (patch)
treeaeecdefc6f9495d1c195e56844edbdc32b0f3e47 /certServiceK8sExternalProvider/src/cmpv2provisioner
parent1b1eddbac8e25d90c4ff2dd08445606abab2670d (diff)
[OOM-K8S-CERT-EXTERNAL-PROVIDER] Add logging of supported CSR properties
Issue-ID: OOM-2559 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: I8e6a55eea3d87b6bb5f3a26ca9a11d618bb61a77
Diffstat (limited to 'certServiceK8sExternalProvider/src/cmpv2provisioner')
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go37
1 files changed, 3 insertions, 34 deletions
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
index c0304d7d..6e09e683 100644
--- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
@@ -26,11 +26,8 @@
package cmpv2provisioner
import (
- "bytes"
"context"
"crypto/x509"
- "encoding/pem"
- "fmt"
"sync"
certmanager "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
@@ -39,6 +36,7 @@ import (
"onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+ x509utils "onap.org/oom-certservice/k8s-external-provider/src/x509"
)
var collection = new(sync.Map)
@@ -96,7 +94,7 @@ func (ca *CertServiceCA) Sign(ctx context.Context, certificateRequest *certmanag
csrBytes := certificateRequest.Spec.Request
log.Info("Csr PEM: ", "bytes", csrBytes)
- csr, err := decodeCSR(csrBytes)
+ csr, err := x509utils.DecodeCSR(csrBytes)
if err != nil {
return nil, nil, err
}
@@ -113,7 +111,7 @@ func (ca *CertServiceCA) Sign(ctx context.Context, certificateRequest *certmanag
// stored response as PEM
cert := x509.Certificate{}
cert.Raw = csr.Raw
- encodedPEM, err := encodeX509(&cert)
+ encodedPEM, err := x509utils.EncodeX509(&cert)
if err != nil {
return nil, nil, err
}
@@ -128,32 +126,3 @@ func (ca *CertServiceCA) Sign(ctx context.Context, certificateRequest *certmanag
return signedPEM, trustedCA, nil
}
-
-// decodeCSR decodes a certificate request in PEM format and returns the
-func decodeCSR(data []byte) (*x509.CertificateRequest, error) {
- block, rest := pem.Decode(data)
- if block == nil || len(rest) > 0 {
- return nil, fmt.Errorf("unexpected CSR PEM on sign request")
- }
- if block.Type != "CERTIFICATE REQUEST" {
- return nil, fmt.Errorf("PEM is not a certificate request")
- }
- csr, err := x509.ParseCertificateRequest(block.Bytes)
- if err != nil {
- return nil, fmt.Errorf("error parsing certificate request: %v", err)
- }
- if err := csr.CheckSignature(); err != nil {
- return nil, fmt.Errorf("error checking certificate request signature: %v", err)
- }
- return csr, nil
-}
-
-// encodeX509 will encode a *x509.Certificate into PEM format.
-func encodeX509(cert *x509.Certificate) ([]byte, error) {
- caPem := bytes.NewBuffer([]byte{})
- err := pem.Encode(caPem, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})
- if err != nil {
- return nil, err
- }
- return caPem.Bytes(), nil
-}