1 files changed, 130 insertions, 0 deletions

diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/logger/certificate_request_logger.go b/certServiceK8sExternalProvider/src/cmpv2controller/logger/certificate_request_logger.go
new file mode 100644
index 00000000..da439fb8
--- /dev/null
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/logger/certificate_request_logger.go
@@ -0,0 +1,130 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-k8s-external-provider
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package logger
+
+import (
+	"crypto/x509"
+	"encoding/pem"
+	"net"
+	"net/url"
+	"strconv"
+
+	"github.com/go-logr/logr"
+	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+)
+
+const (
+	CertServiceName = "Cert Service API"
+	CMPv2ServerName = "CMPv2 Server"
+)
+
+func LogCertRequestProperties(log logr.Logger, request *cmapi.CertificateRequest) {
+	logPropertiesOverriddenByCMPv2Server(log, request)
+	logPropertiesNotSupportedByCertService(log, request)
+}
+
+func logPropertiesOverriddenByCMPv2Server(log logr.Logger, request *cmapi.CertificateRequest) {
+	if request.Spec.Duration != nil && len(request.Spec.Duration.String()) > 0 {
+		log.Info(getOverriddenMessage("duration", request.Spec.Duration.Duration.String()))
+	}
+	if request.Spec.Usages != nil && len(request.Spec.Usages) > 0 {
+		log.Info(getOverriddenMessage("usages", extractUsages(request.Spec.Usages)))
+	}
+}
+
+func extractUsages(usages []cmapi.KeyUsage) string {
+	values := ""
+	for _, usage := range usages {
+		values = values + string(usage) + ", "
+	}
+	return values
+}
+
+func getOverriddenMessage(property string, values string) string {
+	return "Property '" + property + "' with value: " + values + ", will be overridden by " + CMPv2ServerName
+}
+
+func logPropertiesNotSupportedByCertService(log logr.Logger, request *cmapi.CertificateRequest) {
+
+	block, _ := pem.Decode(request.Spec.Request)
+	cert, err := x509.ParseCertificateRequest(block.Bytes)
+	if err != nil {
+		log.Error(err, "Cannot parse Certificate Signing Request")
+	}
+	//IP addresses in SANs
+	if len(cert.IPAddresses) > 0 {
+		log.Info(getNotSupportedMessage("ipAddresses", extractIPAddresses(cert.IPAddresses)))
+	}
+	//URIs in SANs
+	if len(cert.URIs) > 0 {
+		log.Info(getNotSupportedMessage("uris", extractURIs(cert.URIs)))
+	}
+
+	//Email addresses in SANs
+	if len(cert.EmailAddresses) > 0 {
+		log.Info(getNotSupportedMessage("emailAddresses", extractStringArray(cert.EmailAddresses)))
+	}
+
+	if request.Spec.IsCA == true {
+		log.Info(getNotSupportedMessage("isCA", strconv.FormatBool(request.Spec.IsCA)))
+	}
+
+	if len(cert.Subject.StreetAddress) > 0 {
+		log.Info(getNotSupportedMessage("subject.streetAddress", extractStringArray(cert.Subject.StreetAddress)))
+	}
+
+	if len(cert.Subject.PostalCode) > 0 {
+		log.Info(getNotSupportedMessage("subject.postalCodes", extractStringArray(cert.Subject.PostalCode)))
+	}
+
+	if len(cert.Subject.SerialNumber) > 0 {
+		log.Info(getNotSupportedMessage("subject.serialNumber", cert.Subject.SerialNumber))
+	}
+
+}
+
+func extractStringArray(strArray []string) string {
+	values := ""
+	for _, emailSANs := range strArray {
+		values = values + emailSANs + ", "
+	}
+	return values
+}
+
+func extractURIs(URIs []*url.URL) string {
+	values := ""
+	for _, uri := range URIs {
+		values = values + uri.String() + ", "
+	}
+	return values
+}
+
+func extractIPAddresses(addresses []net.IP) string {
+	values := ""
+	for _, ipAddress := range addresses {
+		values = values + ipAddress.String() + ", "
+	}
+	return values
+}
+
+func getNotSupportedMessage(property string, values string) string {
+	return "WARNING: Property '" + property + "' with value: " + values + " is not supported by " + CertServiceName
+}