alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

move SplitSANs to cli

Browse source
This commit is contained in:
max furman 2019-02-05 19:32:01 -08:00
parent 6937bfea7b
commit 3415a1fef8
3 changed files with 6 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Gopkg.lock generated
View file

@ -212,7 +212,7 @@
[[projects]] [[projects]]
branch = "sans" branch = "sans"
digest = "1:84a773da390eabc9a292221bbc2c16653093f8eb805a1b16f738ef3cd88df701" digest = "1:4c9e30abfe7c119eb4d40287f6c23f854f3ad71c69206d8dc6402e1fef14ac88"
name = "github.com/smallstep/cli" name = "github.com/smallstep/cli"
packages = [ packages = [
"command", "command",
@ -231,7 +231,7 @@
"utils", "utils",
] ]
pruneopts = "UT" pruneopts = "UT"
revision = "49d4a4c26c802e83c5ed160abdd5babab1c9b5c6" revision = "1379a62e0cf06b164d35e20a912d017ac8bad071"
[[projects]] [[projects]]
branch = "master" branch = "master"

24
authority/authorize.go
View file

@ -3,12 +3,12 @@ package authority
import ( import (
"crypto/x509" "crypto/x509"
"encoding/asn1" "encoding/asn1"
"net"
"net/http" "net/http"
"net/url" "net/url"
"time" "time"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/smallstep/cli/crypto/x509util"
"gopkg.in/square/go-jose.v2/jwt" "gopkg.in/square/go-jose.v2/jwt"
) )
@ -126,7 +126,7 @@ func (a *Authority) Authorize(ott string) ([]interface{}, error) {
if len(claims.SANs) == 0 { if len(claims.SANs) == 0 {
claims.SANs = []string{claims.Subject} claims.SANs = []string{claims.Subject}
} }
dnsNames, ips := SplitSANs(claims.SANs) dnsNames, ips := x509util.SplitSANs(claims.SANs)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -150,26 +150,6 @@ func (a *Authority) Authorize(ott string) ([]interface{}, error) {
return signOps, nil return signOps, nil
} }
// SplitSANs splits a slice of Subject Alternative Names into slices of
// IP Addresses and DNS Names. If an element is not an IP address, then it
// is bucketed as a DNS Name.
func SplitSANs(sans []string) (dnsNames []string, ips []net.IP) {
dnsNames = []string{}
ips = []net.IP{}
if sans == nil {
return
}
for _, san := range sans {
if ip := net.ParseIP(san); ip != nil {
ips = append(ips, ip)
} else {
// If not IP then assume DNSName.
dnsNames = append(dnsNames, san)
}
}
return
}
// authorizeRenewal tries to locate the step provisioner extension, and checks // authorizeRenewal tries to locate the step provisioner extension, and checks
// if for the configured provisioner, the renewal is enabled or not. If the // if for the configured provisioner, the renewal is enabled or not. If the
// extra extension cannot be found, authorize the renewal by default. // extra extension cannot be found, authorize the renewal by default.

3
ca/client.go
View file

@ -23,6 +23,7 @@ import (
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/smallstep/certificates/api" "github.com/smallstep/certificates/api"
"github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority"
"github.com/smallstep/cli/crypto/x509util"
"gopkg.in/square/go-jose.v2/jwt" "gopkg.in/square/go-jose.v2/jwt"
) )
@ -452,7 +453,7 @@ func CreateSignRequest(ott string) (*api.SignRequest, crypto.PrivateKey, error)
return nil, nil, errors.Wrap(err, "error generating key") return nil, nil, errors.Wrap(err, "error generating key")
} }
dnsNames, ips := authority.SplitSANs(claims.SANs) dnsNames, ips := x509util.SplitSANs(claims.SANs)
template := &x509.CertificateRequest{ template := &x509.CertificateRequest{
Subject: pkix.Name{ Subject: pkix.Name{