caCert - Code Search

cmd/kubeadm/app/phases/certs/renewal/manager.go

	}
}

func certToConfig(cert *x509.Certificate) certutil.Config {
	return certutil.Config{
		CommonName:   cert.Subject.CommonName,
		Organization: cert.Subject.Organization,
		AltNames: certutil.AltNames{
			IPs:      cert.IPAddresses,
			DNSNames: cert.DNSNames,
		},
		Usages: cert.ExtKeyUsage,
	}
}

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Wed May 01 16:01:49 UTC 2024

- 15K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/bootstrap/server_test.go

	}{
		{
			name:        "expired cert rotation",
			certToWatch: testcerts.ExpiredServerCert,
			certRotated: true,
		},
		{
			name:        "valid cert no rotation",
			certToWatch: testcerts.ServerCert,
			certRotated: false,
		},
	}

	csr := &cert.CertificateSigningRequest{
		ObjectMeta: metav1.ObjectMeta{
			Name: "abc.xyz",
		},
		Status: cert.CertificateSigningRequestStatus{

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Thu Jun 13 17:48:28 UTC 2024

- 23.1K bytes

- Viewed (0)

github.com/golang/go

src/crypto/x509/name_constraints_test.go

				var last *Certificate

				for _, intermediate := range intermediates {
					caCert, err := makeConstraintsCACert(intermediate, levelName, levelKey, parent, parentKey)
					if err != nil {
						t.Fatalf("failed to create %q: %s", levelName, err)
					}

					last = caCert
					intermediatePool.AddCert(caCert)
				}

				parent = last
				parentKey = levelKey
			}

Registered: Wed Jun 12 16:32:35 UTC 2024

- Last Modified: Thu May 09 22:40:21 UTC 2024

- 45.2K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

staging/src/k8s.io/apiserver/pkg/util/webhook/certs_test.go

+PTxAoGAJ8OYCl1ECPy0d5NA7vPOeQ4DaEC7ugjw9MqoY8DczROjF05711XKDwWl
g6Kcffaz9f49gFUGq6tIG4N6yutR0xecE21w9z7ubA6k50x9umj5XkDyM5W9Tt5Z
yRU/vk7jrZmt0WFDhb6Ao1RlFjLlKhBkQZ6dd6C6fxatUg3BGYI=
-----END RSA PRIVATE KEY-----`)

var caCert = []byte(`-----BEGIN CERTIFICATE-----
MIIDGTCCAgGgAwIBAgIUealQGELTHLUVcpsNNwz8XexiWvswDQYJKoZIhvcNAQEL
BQAwGzEZMBcGA1UEAwwQd2ViaG9va190ZXN0c19jYTAgFw0yMjAzMjUxNTMzMjla
GA8yMjk2MDEwODE1MzMyOVowGzEZMBcGA1UEAwwQd2ViaG9va190ZXN0c19jYTCC

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Mon Mar 28 14:39:30 UTC 2022

- 16K bytes

- Viewed (0)

github.com/istio/istio

pkg/test/framework/components/echo/calloptions.go

	Address string
	Headers http.Header
	// If non-empty, make the request with the corresponding cert and key.
	Cert string
	Key  string
	// If non-empty, verify the server CA
	CaCert string
	// If non-empty, make the request with the corresponding cert and key file.
	CertFile string
	KeyFile  string
	// If non-empty, verify the server CA with the ca cert file.
	CaCertFile string
	// Skip verifying peer's certificate.
	InsecureSkipVerify bool

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Sun Oct 08 09:39:20 UTC 2023

- 13K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/testcerts/certs.go

w5+hAoGABSgjlf9WsC7WzY6sZwZG25aBMGFw6vr3jawLiuNk3Hr+pGV/H7PEzSh+
vBpvC0Vkp5Dg32asmME40LbYpMu2BV4E1wK17i+DZVUMezNO0mABykWecyPYdmxL
bJtLu4yaP84W433T5E6G7Im+x+KjXI7TRzpQZFQnVadmmpuurUY=
-----END RSA PRIVATE KEY-----`)

var CACert = []byte(`-----BEGIN CERTIFICATE-----
MIIDPTCCAiWgAwIBAgIJALTyMgMR6YygMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
BAMMKWdlbmVyaWNfd2ViaG9va19hZG1pc3Npb25fcGx1Z2luX3Rlc3RzX2NhMCAX
DTE3MTExNjAwMDUzOVoYDzIyOTEwOTAxMDAwNTM5WjA0MTIwMAYDVQQDDClnZW5l

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Sat Nov 18 05:02:47 UTC 2017

- 12.1K bytes

- Viewed (0)

github.com/istio/istio

tests/integration/security/cacert_rotation/main_test.go

			if err := cert.CreateCustomCASecret(t,
				"ca-cert-alt.pem", "ca-key-alt.pem",
				"cert-chain-alt.pem", "root-cert-combined-2.pem"); err != nil {
				t.Errorf("failed to update CA secret: %v", err)
			}

			lastUpdateTime = waitForWorkloadCertUpdate(t, from[0], istioCtl, lastUpdateTime)

			// step 3: Remove the old root cert
			if err := cert.CreateCustomCASecret(t,
				"ca-cert-alt.pem", "ca-key-alt.pem",

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Mon Apr 08 22:02:59 UTC 2024

- 6.6K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/testing/webhook_server.go

	sCert, err := tls.X509KeyPair(testcerts.ServerCert, testcerts.ServerKey)
	if err != nil {
		t.Error(err)
		t.FailNow()
	}
	rootCAs := x509.NewCertPool()
	rootCAs.AppendCertsFromPEM(testcerts.CACert)
	testServer := httptest.NewUnstartedServer(http.HandlerFunc(handler))
	testServer.TLS = &tls.Config{
		Certificates: []tls.Certificate{sCert},
		ClientCAs:    rootCAs,
		ClientAuth:   tls.RequireAndVerifyClientCert,
	}

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Mon Nov 15 11:11:25 UTC 2021

- 6.3K bytes

- Viewed (0)

github.com/istio/istio

security/pkg/pki/ca/ca.go

			// 2. if `istio-ca-secret` not exist and use cacerts enabled, fallback to fetch `cacerts`
			if useCacertsSecretName {
				caCertName = CACertsSecret
				err := loadSelfSignedCaSecret(client, namespace, caCertName, rootCertFile, caOpts)
				if err == nil {
					return nil
				} else if apierror.IsNotFound(err) { // if neither `istio-ca-secret` nor `cacerts` exists, we create a `cacerts`
					// continue to create `cacerts`
				} else {

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Thu Nov 30 19:33:26 UTC 2023

- 17.2K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/model/jwks_resolver.go

	caCertsFound := true
	if err != nil {
		caCertsFound = false
		log.Errorf("Failed to fetch Cert from SystemCertPool: %v", err)
	}

	if caCertPool != nil {
		for _, pemFile := range caBundlePaths {
			caCert, err := os.ReadFile(pemFile)
			if err == nil {
				caCertsFound = caCertPool.AppendCertsFromPEM(caCert) || caCertsFound
			}
		}
	}

	if caCertsFound {
		ret.secureHTTPClient = &http.Client{

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Fri Feb 23 09:47:21 UTC 2024

- 20.3K bytes

- Viewed (0)

Search Options