Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 9 of 9 for CertOptions (0.22 sec)

  2. github.com/istio/istio

    security/pkg/pki/util/generate_csr_test.go 

    func TestGenCSR(t *testing.T) {
	// Options to generate a CSR.
	cases := map[string]struct {
		csrOptions CertOptions
		err        error
	}{
		"GenCSR with RSA": {
			csrOptions: CertOptions{
				Host:       "test_ca.com",
				Org:        "MyOrg",
				RSAKeySize: 2048,
			},
		},
		"GenCSR with EC": {
			csrOptions: CertOptions{
				Host:     "test_ca.com",
				Org:      "MyOrg",
				ECSigAlg: EcdsaSigAlg,
			},
		},
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Feb 25 09:40:13 UTC 2022
    - 5.5K bytes
    - Viewed (0)
  3. github.com/istio/istio

    tests/fuzz/security_fuzzer.go 

    	"istio.io/istio/security/pkg/server/ca/authenticate"
)

func FuzzGenCSR(data []byte) int {
	f := fuzz.NewConsumer(data)
	certOptions := util.CertOptions{}
	err := f.GenerateStruct(&certOptions)
	if err != nil {
		return 0
	}
	_, _, _ = util.GenCSR(certOptions)
	return 1
}

func fuzzedCertChain(f *fuzz.ConsumeFuzzer) ([][]*x509.Certificate, error) {
	certChain := [][]*x509.Certificate{}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Feb 28 16:41:38 UTC 2024
    - 3.2K bytes
    - Viewed (0)
  4. github.com/istio/istio

    security/pkg/pki/ra/k8s_ra_test.go 

    			certOptions := ca.CertOpts{
				SubjectIDs: []string{subjectID},
				TTL:        60 * time.Second, ForCA: false,
				CertSigner: "kube-apiserver-client",
			}
			_, err = ra.SignWithCertChain(csrPEM, certOptions)
			if (tc.expectedFail && err == nil) || (!tc.expectedFail && err != nil) {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Sep 27 00:44:54 UTC 2023
    - 9.7K bytes
    - Viewed (0)
  5. github.com/istio/istio

    security/tools/generate_csr/main.go 

    	err = os.WriteFile(*outPriv, privPem, 0o600)
	if err != nil {
		log.Fatalf("Could not write output private key: %s.", err)
	}
}

func main() {
	flag.Parse()

	csrPem, privPem, err := util.GenCSR(util.CertOptions{
		Host:       *host,
		Org:        *org,
		RSAKeySize: *keySize,
		ECSigAlg:   util.SupportedECSignatureAlgorithms(*ec),
		ECCCurve:   util.SupportedEllipticCurves(*curve),
	})
	if err != nil {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue May 23 17:08:31 UTC 2023
    - 2.1K bytes
    - Viewed (0)
  6. github.com/istio/istio

    security/pkg/pki/util/generate_csr.go 

    // to ensure proper security
const minimumRsaKeySize = 2048

// GenCSR generates a X.509 certificate sign request and private key with the given options.
func GenCSR(options CertOptions) ([]byte, []byte, error) {
	var priv any
	var err error
	if options.ECSigAlg != "" {
		switch options.ECSigAlg {
		case EcdsaSigAlg:
			var curve elliptic.Curve
			switch options.ECCCurve {
			case P384Curve:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Nov 06 12:48:53 UTC 2023
    - 4.1K bytes
    - Viewed (0)
  7. github.com/istio/istio

    pkg/test/framework/components/istio/ca.go 

    	if err != nil {
		return Cert{}, err
	}

	san := fmt.Sprintf("spiffe://%s/ns/%s/sa/%s", "cluster.local", namespace, serviceAccount)
	options := pkiutil.CertOptions{
		Host:       san,
		RSAKeySize: 2048,
	}
	// Generate the cert/key, send CSR to CA.
	csrPEM, keyPEM, err := pkiutil.GenCSR(options)
	if err != nil {
		return Cert{}, err
	}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Mar 27 16:59:05 UTC 2024
    - 4.5K bytes
    - Viewed (0)
  8. github.com/istio/istio

    tests/fuzz/pki_fuzzer.go 

    	if err != nil {
		return 0
	}
	bundle, err := util.NewVerifiedKeyCertBundleFromFile("certfile", "privKeyFile", []string{"certChainFile"}, "rootCertFile")
	if err != nil {
		return 0
	}
	_, err = bundle.CertOptions()
	if err == nil {
		panic("Ran successfully")
	}

	newCertFile, err := os.Create("newCertfile")
	if err != nil {
		return 0
	}
	defer newCertFile.Close()
	defer os.Remove("newCertFile")
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Jun 05 14:00:25 UTC 2023
    - 5.2K bytes
    - Viewed (0)
  9. github.com/istio/istio

    security/tools/generate_cert/main.go 

    		}
	case citadelMode:
		signerCert, signerPriv = signCertFromCitadel()
	default:
		log.Fatalf("Unsupported mode %v", *mode)
	}

	opts := util.CertOptions{
		Host:         *host,
		NotBefore:    getNotBefore(),
		TTL:          *validFor,
		SignerCert:   signerCert,
		SignerPriv:   signerPriv,
		Org:          *org,
		IsCA:         *isCA,
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Apr 28 16:21:30 UTC 2023
    - 5.7K bytes
    - Viewed (0)
  10. github.com/istio/istio

    security/pkg/k8s/chiron/utils.go 

    func GenKeyCertK8sCA(client clientset.Interface, dnsName,
	caFilePath string, signerName string, approveCsr bool, requestedLifetime time.Duration,
) ([]byte, []byte, []byte, error) {
	// 1. Generate a CSR
	options := util.CertOptions{
		Host:       dnsName,
		RSAKeySize: keySize,
		IsDualUse:  false,
		PKCS8Key:   false,
	}
	csrPEM, keyPEM, err := util.GenCSR(options)
	if err != nil {
		log.Errorf("CSR generation error (%v)", err)
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Apr 05 18:11:22 UTC 2024
    - 9.2K bytes
    - Viewed (0)
Back to top