Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 12 for IsCA (0.12 sec)

  2. github.com/istio/istio

    security/pkg/pki/util/verify_cert.go 

    			return fmt.Errorf("unexpected value for 'KeyUsage' field: want %v but got %v", ku, cert.KeyUsage)
		}

		if isCA := expectedFields.IsCA; isCA != cert.IsCA {
			return fmt.Errorf("unexpected value for 'IsCA' field: want %t but got %t", isCA, cert.IsCA)
		}

		if org := expectedFields.Org; org != "" && !reflect.DeepEqual([]string{org}, cert.Issuer.Organization) {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Sep 05 10:37:29 UTC 2022
    - 5.9K bytes
    - Viewed (0)
  3. github.com/istio/istio

    security/pkg/pki/util/verify_cert_test.go 

    			expectedFields: keyUsage,
			expectedErr:    "unexpected value for 'KeyUsage' field",
		},
		"IsCA error": {
			privPem:        []byte(key),
			certChainPem:   []byte(certChain),
			rootCertPem:    []byte(rootCert),
			expectedFields: isCA,
			expectedErr:    "unexpected value for 'IsCA' field",
		},
		"Org error": {
			privPem:        []byte(key),
			certChainPem:   []byte(certChain),
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Aug 16 14:56:37 UTC 2022
    - 6.5K bytes
    - Viewed (0)
  4. github.com/golang/go

    src/crypto/tls/generate_cert.go 

    		if ip := net.ParseIP(h); ip != nil {
			template.IPAddresses = append(template.IPAddresses, ip)
		} else {
			template.DNSNames = append(template.DNSNames, h)
		}
	}

	if *isCA {
		template.IsCA = true
		template.KeyUsage |= x509.KeyUsageCertSign
	}

	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
	if err != nil {
    Registered: Wed Jun 12 16:32:35 UTC 2024
    - Last Modified: Mon Aug 08 15:22:02 UTC 2022
    - 4.8K bytes
    - Viewed (0)
  5. github.com/istio/istio

    security/tools/generate_cert/main.go 

    	}

	opts := util.CertOptions{
		Host:         *host,
		NotBefore:    getNotBefore(),
		TTL:          *validFor,
		SignerCert:   signerCert,
		SignerPriv:   signerPriv,
		Org:          *org,
		IsCA:         *isCA,
		IsSelfSigned: *mode == selfSignedMode,
		IsClient:     *isClient,
		RSAKeySize:   *keySize,
		IsServer:     *isServer,
		ECSigAlg:     util.SupportedECSignatureAlgorithms(*ec),
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Apr 28 16:21:30 UTC 2023
    - 5.7K bytes
    - Viewed (0)
  6. github.com/istio/istio

    tests/integration/security/util/secret/secret.go 

    		}
	}

	verifyFields := &util.VerifyFields{
		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
		KeyUsage:    x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
		IsCA:        false,
		Host:        expectedID,
	}

	if err := util.VerifyCertificate(secret.Data[ca.PrivateKeyFile],
		secret.Data[ca.CertChainFile], secret.Data[ca.RootCertFile],
		verifyFields); err != nil {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon May 22 04:04:14 UTC 2023
    - 2.3K bytes
    - Viewed (0)
  7. github.com/istio/istio

    pkg/test/csrctrl/authority/policies.go 

    //   - It sets allowed usages as configured in the policy.
//   - It sets NotAfter based on the TTL configured in the policy.
//   - It zeros all extensions.
//   - It sets BasicConstraints to true.
//   - It sets IsCA to false.
type PermissiveSigningPolicy struct {
	// TTL is the certificate TTL. It's used to calculate the NotAfter value of
	// the certificate.
	TTL time.Duration
	// Usages are the allowed usages of a certificate.
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Aug 03 17:06:22 UTC 2022
    - 4.5K bytes
    - Viewed (0)
  8. github.com/golang/go

    src/crypto/x509/boring_test.go 

    		BasicConstraintsValid: true,
	}
	if mode&^boringCertFIPSOK == boringCertLeaf {
		tmpl.DNSNames = []string{"example.com"}
	} else {
		tmpl.IsCA = true
		tmpl.KeyUsage |= KeyUsageCertSign
	}

	var pcert *Certificate
	var pkey interface{}
	if parent != nil {
		pcert = parent.cert
		pkey = parent.key
	} else {
		pcert = tmpl
		pkey = key
    Registered: Wed Jun 12 16:32:35 UTC 2024
    - Last Modified: Thu Nov 17 17:38:47 UTC 2022
    - 3.7K bytes
    - Viewed (0)
  9. github.com/kubernetes/kubernetes

    pkg/controller/certificates/authority/policies.go 

    // signer.
//
//   - It forwards all SANs from the original signing request.
//   - It sets allowed usages as configured in the policy.
//   - It zeros all extensions.
//   - It sets BasicConstraints to true.
//   - It sets IsCA to false.
//   - It validates that the signer has not expired.
//   - It sets NotBefore and NotAfter:
//     All certificates set NotBefore = Now() - Backdate.
//     Long-lived certificates set NotAfter = Now() + TTL - Backdate.
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue Jul 26 17:14:05 UTC 2022
    - 5.7K bytes
    - Viewed (0)
  10. github.com/golang/go

    src/crypto/x509/hybrid_pool_test.go 

    	}
	googChain := c.ConnectionState().PeerCertificates

	rootTmpl := &x509.Certificate{
		SerialNumber:          big.NewInt(1),
		Subject:               pkix.Name{CommonName: "Go test root"},
		IsCA:                  true,
		BasicConstraintsValid: true,
		NotBefore:             time.Now().Add(-time.Hour),
		NotAfter:              time.Now().Add(time.Hour * 10),
	}
	k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
    Registered: Wed Jun 12 16:32:35 UTC 2024
    - Last Modified: Mon Feb 26 20:48:11 UTC 2024
    - 3.7K bytes
    - Viewed (0)
  11. github.com/istio/istio

    istioctl/pkg/writer/compare/sds/util.go 

    		return SecretMeta{}, fmt.Errorf("failed to parse certificate PEM")
	}
	cert, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
		return SecretMeta{}, err
	}
	var certType string
	if cert.IsCA {
		certType = "CA"
	} else {
		certType = "Cert Chain"
	}

	today := time.Now()
	return SecretMeta{
		SerialNumber: fmt.Sprintf("%x", cert.SerialNumber),
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Jun 06 15:14:48 UTC 2023
    - 6.6K bytes
    - Viewed (0)
Back to top