move SplitSANs to cli
This commit is contained in:
parent
6937bfea7b
commit
3415a1fef8
3 changed files with 6 additions and 25 deletions
4
Gopkg.lock
generated
4
Gopkg.lock
generated
|
@ -212,7 +212,7 @@
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "sans"
|
branch = "sans"
|
||||||
digest = "1:84a773da390eabc9a292221bbc2c16653093f8eb805a1b16f738ef3cd88df701"
|
digest = "1:4c9e30abfe7c119eb4d40287f6c23f854f3ad71c69206d8dc6402e1fef14ac88"
|
||||||
name = "github.com/smallstep/cli"
|
name = "github.com/smallstep/cli"
|
||||||
packages = [
|
packages = [
|
||||||
"command",
|
"command",
|
||||||
|
@ -231,7 +231,7 @@
|
||||||
"utils",
|
"utils",
|
||||||
]
|
]
|
||||||
pruneopts = "UT"
|
pruneopts = "UT"
|
||||||
revision = "49d4a4c26c802e83c5ed160abdd5babab1c9b5c6"
|
revision = "1379a62e0cf06b164d35e20a912d017ac8bad071"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "master"
|
branch = "master"
|
||||||
|
|
|
@ -3,12 +3,12 @@ package authority
|
||||||
import (
|
import (
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"encoding/asn1"
|
"encoding/asn1"
|
||||||
"net"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
|
"github.com/smallstep/cli/crypto/x509util"
|
||||||
"gopkg.in/square/go-jose.v2/jwt"
|
"gopkg.in/square/go-jose.v2/jwt"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -126,7 +126,7 @@ func (a *Authority) Authorize(ott string) ([]interface{}, error) {
|
||||||
if len(claims.SANs) == 0 {
|
if len(claims.SANs) == 0 {
|
||||||
claims.SANs = []string{claims.Subject}
|
claims.SANs = []string{claims.Subject}
|
||||||
}
|
}
|
||||||
dnsNames, ips := SplitSANs(claims.SANs)
|
dnsNames, ips := x509util.SplitSANs(claims.SANs)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -150,26 +150,6 @@ func (a *Authority) Authorize(ott string) ([]interface{}, error) {
|
||||||
return signOps, nil
|
return signOps, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// SplitSANs splits a slice of Subject Alternative Names into slices of
|
|
||||||
// IP Addresses and DNS Names. If an element is not an IP address, then it
|
|
||||||
// is bucketed as a DNS Name.
|
|
||||||
func SplitSANs(sans []string) (dnsNames []string, ips []net.IP) {
|
|
||||||
dnsNames = []string{}
|
|
||||||
ips = []net.IP{}
|
|
||||||
if sans == nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
for _, san := range sans {
|
|
||||||
if ip := net.ParseIP(san); ip != nil {
|
|
||||||
ips = append(ips, ip)
|
|
||||||
} else {
|
|
||||||
// If not IP then assume DNSName.
|
|
||||||
dnsNames = append(dnsNames, san)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// authorizeRenewal tries to locate the step provisioner extension, and checks
|
// authorizeRenewal tries to locate the step provisioner extension, and checks
|
||||||
// if for the configured provisioner, the renewal is enabled or not. If the
|
// if for the configured provisioner, the renewal is enabled or not. If the
|
||||||
// extra extension cannot be found, authorize the renewal by default.
|
// extra extension cannot be found, authorize the renewal by default.
|
||||||
|
|
|
@ -23,6 +23,7 @@ import (
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/smallstep/certificates/api"
|
"github.com/smallstep/certificates/api"
|
||||||
"github.com/smallstep/certificates/authority"
|
"github.com/smallstep/certificates/authority"
|
||||||
|
"github.com/smallstep/cli/crypto/x509util"
|
||||||
"gopkg.in/square/go-jose.v2/jwt"
|
"gopkg.in/square/go-jose.v2/jwt"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -452,7 +453,7 @@ func CreateSignRequest(ott string) (*api.SignRequest, crypto.PrivateKey, error)
|
||||||
return nil, nil, errors.Wrap(err, "error generating key")
|
return nil, nil, errors.Wrap(err, "error generating key")
|
||||||
}
|
}
|
||||||
|
|
||||||
dnsNames, ips := authority.SplitSANs(claims.SANs)
|
dnsNames, ips := x509util.SplitSANs(claims.SANs)
|
||||||
|
|
||||||
template := &x509.CertificateRequest{
|
template := &x509.CertificateRequest{
|
||||||
Subject: pkix.Name{
|
Subject: pkix.Name{
|
||||||
|
|
Loading…
Reference in a new issue