Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 12 for SubjectIDs (0.35 sec)

  2. github.com/istio/istio

    security/pkg/pki/ra/fuzz_test.go 

    		// create subjectIDs
		subjectIDs := make([]string, 0)
		noOfEntries, err := ff.GetUint64()
		if err != nil {
			return
		}
		var i uint64
		for i = 0; i < noOfEntries; i++ {
			newStr, err := ff.GetString()
			if err != nil {
				break
			}
			subjectIDs = append(subjectIDs, newStr)
		}

		// call ValidateCSR()
		ValidateCSR(csrPEM, subjectIDs)
	})
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Oct 12 14:51:41 UTC 2022
    - 1.1K bytes
    - Viewed (0)
  3. github.com/istio/istio

    security/pkg/pki/util/generate_cert_test.go 

    		}
		if len(c.subjectIDs) != len(ids) {
			t.Errorf("Wrong number of IDs encoded. Expected %d, but got %d.", len(c.subjectIDs), len(ids))
		}
		if len(c.subjectIDs) == 1 && c.subjectIDs[0] != ids[0] {
			t.Errorf("incorrect ID encoded: %v VS (expected) %v", ids[0], c.subjectIDs[0])
		}
		if len(c.subjectIDs) == 2 {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Nov 06 12:48:53 UTC 2023
    - 29.4K bytes
    - Viewed (0)
  4. github.com/istio/istio

    security/pkg/pki/ra/common.go 

    func ValidateCSR(csrPEM []byte, subjectIDs []string) bool {
	csr, err := util.ParsePemEncodedCSR(csrPEM)
	if err != nil {
		return false
	}
	if err := csr.CheckSignature(); err != nil {
		return false
	}
	csrIDs, err := util.ExtractIDs(csr.Extensions)
	if err != nil {
		return false
	}
	for _, s1 := range csrIDs {
		if !slices.Contains(subjectIDs, s1) {
			return false
		}
	}
	return true
}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Sep 11 19:57:30 UTC 2023
    - 4.4K bytes
    - Viewed (0)
  5. github.com/istio/istio

    security/pkg/pki/ca/ca.go 

    }

var pkiCaLog = log.RegisterScope("pkica", "Citadel CA log")

// caTypes is the enum for the CA type.
type caTypes int

type CertOpts struct {
	// SubjectIDs are used for building the SAN extension for the certificate.
	SubjectIDs []string

	// TTL is the requested lifetime (Time to live) to be applied in the certificate.
	TTL time.Duration

	// ForCA indicates whether the signed certificate if for CA.
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Nov 30 19:33:26 UTC 2023
    - 17.2K bytes
    - Viewed (0)
  6. github.com/istio/istio

    security/pkg/nodeagent/caclient/providers/mock/mockcaclient.go 

    	csr, err := util.ParsePemEncodedCSR(csrPEM)
	if err != nil {
		return nil, fmt.Errorf("csr sign error: %v", err)
	}
	subjectIDs := []string{"test"}
	certBytes, err := util.GenCertFromCSR(csr, signingCert, csr.PublicKey, *signingKey, subjectIDs, c.certLifetime, false)
	if err != nil {
		return nil, fmt.Errorf("csr sign error: %v", err)
	}

	block := &pem.Block{
		Type:  "CERTIFICATE",
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu May 16 22:12:28 UTC 2024
    - 3K bytes
    - Viewed (0)
  7. github.com/istio/istio

    security/pkg/pki/util/generate_cert.go 

    func GenCertFromCSR(csr *x509.CertificateRequest, signingCert *x509.Certificate, publicKey any,
	signingKey crypto.PrivateKey, subjectIDs []string, ttl time.Duration, isCA bool,
) (cert []byte, err error) {
	tmpl, err := genCertTemplateFromCSR(csr, subjectIDs, ttl, isCA)
	if err != nil {
		return nil, err
	}
	return x509.CreateCertificate(rand.Reader, tmpl, signingCert, publicKey, signingKey)
}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Aug 02 14:34:38 UTC 2023
    - 14.2K bytes
    - Viewed (0)
  8. github.com/istio/istio

    security/pkg/nodeagent/test/mock/caserver.go 

    	response := &pb.IstioCertificateResponse{
		CertChain: respCertChain,
	}
	caServerLog.Info("send back CSR success response")
	return response, nil
}

func (s *CAServer) sign(csrPEM []byte, subjectIDs []string, _ time.Duration, forCA bool) ([]byte, error) {
	csr, err := util.ParsePemEncodedCSR(csrPEM)
	if err != nil {
		caServerLog.Errorf("failed to parse CSR: %+v", err)
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu May 23 21:07:03 UTC 2024
    - 5.9K bytes
    - Viewed (0)
  9. github.com/istio/istio

    security/pkg/pki/ca/mock/fakeca.go 

    	ReceivedIDs   []string
}

// Sign returns the SignErr if SignErr is not nil, otherwise, it returns SignedCert.
func (ca *FakeCA) Sign(csr []byte, certOpts ca.CertOpts) ([]byte, error) {
	ca.ReceivedIDs = certOpts.SubjectIDs
	if ca.SignErr != nil {
		return nil, ca.SignErr
	}
	return ca.SignedCert, nil
}

// SignWithCertChain returns the SignErr if SignErr is not nil, otherwise, it returns SignedCert and the cert chain.
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Dec 03 18:57:19 UTC 2021
    - 2.1K bytes
    - Viewed (0)
  10. github.com/istio/istio

    security/pkg/pki/ra/k8s_ra_test.go 

    			}
			subjectID := spiffe.Identity{TrustDomain: "cluster.local", Namespace: "default", ServiceAccount: "bookinfo-productpage"}.String()
			certOptions := ca.CertOpts{
				SubjectIDs: []string{subjectID},
				TTL:        60 * time.Second, ForCA: false,
				CertSigner: "kube-apiserver-client",
			}
			_, err = ra.SignWithCertChain(csrPEM, certOptions)
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Sep 27 00:44:54 UTC 2023
    - 9.7K bytes
    - Viewed (0)
  11. github.com/istio/istio

    security/pkg/pki/ca/ca_test.go 

    	}
	csrPEM, privPEM, err := util.GenCSR(opts)
	if err != nil {
		t.Error(err)
	}

	caCertOpts := CertOpts{
		SubjectIDs: []string{"localhost"},
		TTL:        time.Hour,
		ForCA:      false,
	}
	certPEM, signErr := ca.signWithCertChain(csrPEM, caCertOpts.SubjectIDs, caCertOpts.TTL, true, caCertOpts.ForCA)

	if signErr != nil {
		t.Error(err)
	}

	cert, err := tls.X509KeyPair(certPEM, privPEM)
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Oct 31 08:51:27 UTC 2023
    - 29.1K bytes
    - Viewed (0)
Back to top