Add support for multiple alias and remove duplication of SSL certificates (#4472)
This commit is contained in:
Manuel Alejandro de Brito Fontes
GitHub
parent
4847bb02f0
commit
8def5ef7ca
19 changed files with 190 additions and 101 deletions
|
|
@ -45,6 +45,10 @@ import (
|
|||
"k8s.io/klog"
|
||||
)
|
||||
|
||||
// FakeSSLCertificateUID defines the default UID to use for the fake SSL
|
||||
// certificate generated by the ingress controller
|
||||
var FakeSSLCertificateUID = "00000000-0000-0000-0000-000000000000"
|
||||
|
||||
var (
|
||||
oidExtensionSubjectAltName = asn1.ObjectIdentifier{2, 5, 29, 17}
|
||||
)
|
||||
|
|
@ -75,7 +79,7 @@ func verifyPemCertAgainstRootCA(pemCert *x509.Certificate, ca []byte) error {
|
|||
}
|
||||
|
||||
// CreateSSLCert validates cert and key, extracts common names and returns corresponding SSLCert object
|
||||
func CreateSSLCert(cert, key []byte) (*ingress.SSLCert, error) {
|
||||
func CreateSSLCert(cert, key []byte, uid string) (*ingress.SSLCert, error) {
|
||||
var pemCertBuffer bytes.Buffer
|
||||
pemCertBuffer.Write(cert)
|
||||
|
||||
|
|
@ -139,6 +143,7 @@ func CreateSSLCert(cert, key []byte) (*ingress.SSLCert, error) {
|
|||
CN: cn.List(),
|
||||
ExpireTime: pemCert.NotAfter,
|
||||
PemCertKey: pemCertBuffer.String(),
|
||||
UID: uid,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
|
@ -341,7 +346,7 @@ func AddOrUpdateDHParam(name string, dh []byte) (string, error) {
|
|||
func GetFakeSSLCert() *ingress.SSLCert {
|
||||
cert, key := getFakeHostSSLCert("ingress.local")
|
||||
|
||||
sslCert, err := CreateSSLCert(cert, key)
|
||||
sslCert, err := CreateSSLCert(cert, key, FakeSSLCertificateUID)
|
||||
if err != nil {
|
||||
klog.Fatalf("unexpected error creating fake SSL Cert: %v", err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ func TestStoreSSLCertOnDisk(t *testing.T) {
|
|||
c := encodeCertPEM(cert.Cert)
|
||||
k := encodePrivateKeyPEM(cert.Key)
|
||||
|
||||
sslCert, err := CreateSSLCert(c, k)
|
||||
sslCert, err := CreateSSLCert(c, k, FakeSSLCertificateUID)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error creating SSL certificate: %v", err)
|
||||
}
|
||||
|
|
@ -114,7 +114,7 @@ func TestCACert(t *testing.T) {
|
|||
k := encodePrivateKeyPEM(cert.Key)
|
||||
ca := encodeCertPEM(CA.Cert)
|
||||
|
||||
sslCert, err := CreateSSLCert(c, k)
|
||||
sslCert, err := CreateSSLCert(c, k, FakeSSLCertificateUID)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error creating SSL certificate: %v", err)
|
||||
}
|
||||
|
|
@ -197,7 +197,7 @@ func TestCreateSSLCert(t *testing.T) {
|
|||
c := encodeCertPEM(cert.Cert)
|
||||
k := encodePrivateKeyPEM(cert.Key)
|
||||
|
||||
sslCert, err := CreateSSLCert(c, k)
|
||||
sslCert, err := CreateSSLCert(c, k, FakeSSLCertificateUID)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error checking SSL certificate: %v", err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue