Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 19 for CertOptions (0.33 sec)

  2. github.com/istio/istio

    security/pkg/pki/util/generate_cert_test.go 

    		t.Run(id, func(t *testing.T) {
			certOptions := c.certOptions
			certPem, privPem, err := GenCertKeyFromOptions(certOptions)
			if err != nil {
				t.Errorf("[%s] cert/key generation error: %v", id, err)
			}

			for _, host := range strings.Split(certOptions.Host, ",") {
				c.verifyFields.Host = host
				root := rsaCaCertPem
				if c.certOptions.ECSigAlg != "" {
					root = ecCaCertPem
				}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Nov 06 12:48:53 UTC 2023
    - 29.4K bytes
    - Viewed (0)
  3. github.com/istio/istio

    security/pkg/pki/util/keycertbundle_test.go 

    			certOptions: &CertOptions{
				Host:       "watt",
				TTL:        100 * 365 * 24 * time.Hour,
				Org:        "Juju org",
				IsCA:       false,
				RSAKeySize: 2048,
			},
			expectedErr: "",
		},
		"No SAN EC": {
			caCertFile:    ecRootCertFile,
			caKeyFile:     ecRootKeyFile,
			certChainFile: nil,
			rootCertFile:  ecRootCertFile,
			certOptions: &CertOptions{
				Host:     "watt",
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Sun Jan 21 06:07:50 UTC 2024
    - 15.8K bytes
    - Viewed (0)
  4. github.com/istio/istio

    security/pkg/pki/util/generate_csr_test.go 

    func TestGenCSR(t *testing.T) {
	// Options to generate a CSR.
	cases := map[string]struct {
		csrOptions CertOptions
		err        error
	}{
		"GenCSR with RSA": {
			csrOptions: CertOptions{
				Host:       "test_ca.com",
				Org:        "MyOrg",
				RSAKeySize: 2048,
			},
		},
		"GenCSR with EC": {
			csrOptions: CertOptions{
				Host:     "test_ca.com",
				Org:      "MyOrg",
				ECSigAlg: EcdsaSigAlg,
			},
		},
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Feb 25 09:40:13 UTC 2022
    - 5.5K bytes
    - Viewed (0)
  5. github.com/istio/istio

    security/pkg/pki/util/generate_cert.go 

    	return opts, nil
}

// MergeCertOptions merges deltaOpts into defaultOpts and returns the merged
// CertOptions. Only called by a self-signed Citadel.
func MergeCertOptions(defaultOpts, deltaOpts CertOptions) CertOptions {
	if len(deltaOpts.Org) > 0 {
		defaultOpts.Org = deltaOpts.Org
	}
	// TODO(JimmyCYJ): merge other fields, e.g. Host, IsDualUse, etc.
	return defaultOpts
}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Aug 02 14:34:38 UTC 2023
    - 14.2K bytes
    - Viewed (0)
  6. github.com/istio/istio

    tests/fuzz/security_fuzzer.go 

    	"istio.io/istio/security/pkg/server/ca/authenticate"
)

func FuzzGenCSR(data []byte) int {
	f := fuzz.NewConsumer(data)
	certOptions := util.CertOptions{}
	err := f.GenerateStruct(&certOptions)
	if err != nil {
		return 0
	}
	_, _, _ = util.GenCSR(certOptions)
	return 1
}

func fuzzedCertChain(f *fuzz.ConsumeFuzzer) ([][]*x509.Certificate, error) {
	certChain := [][]*x509.Certificate{}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Feb 28 16:41:38 UTC 2024
    - 3.2K bytes
    - Viewed (0)
  7. github.com/istio/istio

    security/pkg/pki/ca/ca_test.go 

    	cases := map[string]struct {
		forCA         bool
		certOpts      util.CertOptions
		maxTTL        time.Duration
		requestedTTL  time.Duration
		verifyFields  util.VerifyFields
		expectedError string
	}{
		"Workload uses RSA": {
			forCA: false,
			certOpts: util.CertOptions{
				// This value is not used, instead, subjectID should be used in certificate.
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Oct 31 08:51:27 UTC 2023
    - 29.1K bytes
    - Viewed (0)
  8. github.com/istio/istio

    security/pkg/pki/util/keycertbundle.go 

    	b.cert, _ = ParsePemEncodedCertificate(certBytes)
	privKey, _ := ParsePemEncodedKey(privKeyBytes)
	b.privKey = &privKey
	b.mutex.Unlock()
}

// CertOptions returns the certificate config based on currently stored cert.
func (b *KeyCertBundle) CertOptions() (*CertOptions, error) {
	b.mutex.RLock()
	defer b.mutex.RUnlock()
	ids, err := ExtractIDs(b.cert.Extensions)
	if err != nil {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Sun Jan 21 06:07:50 UTC 2024
    - 10.5K bytes
    - Viewed (0)
  9. github.com/istio/istio

    security/pkg/pki/ra/k8s_ra_test.go 

    			certOptions := ca.CertOpts{
				SubjectIDs: []string{subjectID},
				TTL:        60 * time.Second, ForCA: false,
				CertSigner: "kube-apiserver-client",
			}
			_, err = ra.SignWithCertChain(csrPEM, certOptions)
			if (tc.expectedFail && err == nil) || (!tc.expectedFail && err != nil) {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Sep 27 00:44:54 UTC 2023
    - 9.7K bytes
    - Viewed (0)
  10. github.com/istio/istio

    security/tools/generate_csr/main.go 

    	err = os.WriteFile(*outPriv, privPem, 0o600)
	if err != nil {
		log.Fatalf("Could not write output private key: %s.", err)
	}
}

func main() {
	flag.Parse()

	csrPem, privPem, err := util.GenCSR(util.CertOptions{
		Host:       *host,
		Org:        *org,
		RSAKeySize: *keySize,
		ECSigAlg:   util.SupportedECSignatureAlgorithms(*ec),
		ECCCurve:   util.SupportedEllipticCurves(*curve),
	})
	if err != nil {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue May 23 17:08:31 UTC 2023
    - 2.1K bytes
    - Viewed (0)
  11. github.com/istio/istio

    security/pkg/pki/util/generate_csr.go 

    // to ensure proper security
const minimumRsaKeySize = 2048

// GenCSR generates a X.509 certificate sign request and private key with the given options.
func GenCSR(options CertOptions) ([]byte, []byte, error) {
	var priv any
	var err error
	if options.ECSigAlg != "" {
		switch options.ECSigAlg {
		case EcdsaSigAlg:
			var curve elliptic.Curve
			switch options.ECCCurve {
			case P384Curve:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Nov 06 12:48:53 UTC 2023
    - 4.1K bytes
    - Viewed (0)
Back to top