-
Notifications
You must be signed in to change notification settings - Fork 4.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #11413 from liggitt/x509-validation
Test x509 intermediates correctly
- Loading branch information
Showing
24 changed files
with
381 additions
and
39 deletions.
There are no files selected for viewing
11 changes: 11 additions & 0 deletions
11
.../k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509/testdata/client-expired.pem
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
11 changes: 11 additions & 0 deletions
11
...rc/k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509/testdata/client-valid.pem
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
24 changes: 24 additions & 0 deletions
24
.../k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509/testdata/client.config.json
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
3 changes: 3 additions & 0 deletions
3
...src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509/testdata/client.csr.json
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
24 changes: 24 additions & 0 deletions
24
...ace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509/testdata/generate.sh
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
18 changes: 18 additions & 0 deletions
18
...o/kubernetes/plugin/pkg/auth/authenticator/request/x509/testdata/intermediate.config.json
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
6 changes: 6 additions & 0 deletions
6
...s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509/testdata/intermediate.csr.json
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
11 changes: 11 additions & 0 deletions
11
...rc/k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509/testdata/intermediate.pem
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
6 changes: 6 additions & 0 deletions
6
...e/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509/testdata/root.csr.json
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
11 changes: 11 additions & 0 deletions
11
...kspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509/testdata/root.pem
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
32 changes: 19 additions & 13 deletions
32
Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509/x509.go
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
36 changes: 36 additions & 0 deletions
36
.../_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509/x509_test.go
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
11 changes: 11 additions & 0 deletions
11
pkg/auth/authenticator/request/x509request/testdata/client-expired.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIBpTCCAUugAwIBAgIUPV4LAC5KK8YWY1FegyTuhkGUr3EwCgYIKoZIzj0EAwIw | ||
| GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlLUNBMB4XDTkwMTIzMTIzNTkwMFoXDTkw | ||
| MTIzMTIzNTkwMFowFDESMBAGA1UEAxMJTXkgQ2xpZW50MFkwEwYHKoZIzj0CAQYI | ||
| KoZIzj0DAQcDQgAEyYUnseNUN87rfHgekrfZu5sj4wlt5LYr3JYZZkfSbsb+BW3/ | ||
| RzX02ifjp+8w7mI4qUGg6y6J7oXHGFT3uj9kj6N1MHMwDgYDVR0PAQH/BAQDAgWg | ||
| MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKsX | ||
| EnXwDg8j2LIEM1QzmFrE6537MB8GA1UdIwQYMBaAFF+p0JcY31pz+mjNZnjv0Gum | ||
| 92vZMAoGCCqGSM49BAMCA0gAMEUCIG4FBcb57oqOCoaFiJ+Yx6S0zkaash7bTv3V | ||
| CIy9JvFdAiEAy8bf2S9EkvZyURZ6ycgEMnekll57Ebze6rjlPx8+B1Y= | ||
| -----END CERTIFICATE----- |
11 changes: 11 additions & 0 deletions
11
pkg/auth/authenticator/request/x509request/testdata/client-valid.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIBqDCCAU2gAwIBAgIUfbqeieihh/oERbfvRm38XvS/xHAwCgYIKoZIzj0EAwIw | ||
| GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlLUNBMCAXDTE2MTAxMTA1MDYwMFoYDzIx | ||
| MTYwOTE3MDUwNjAwWjAUMRIwEAYDVQQDEwlNeSBDbGllbnQwWTATBgcqhkjOPQIB | ||
| BggqhkjOPQMBBwNCAARv6N4R/sjMR65iMFGNLN1GC/vd7WhDW6J4X/iAjkRLLnNb | ||
| KbRG/AtOUZ+7upJ3BWIRKYbOabbQGQe2BbKFiap4o3UwczAOBgNVHQ8BAf8EBAMC | ||
| BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU | ||
| K/pZOWpNcYai6eHFpmJEeFpeQlEwHwYDVR0jBBgwFoAUX6nQlxjfWnP6aM1meO/Q | ||
| a6b3a9kwCgYIKoZIzj0EAwIDSQAwRgIhAIWTKw/sjJITqeuNzJDAKU4xo1zL+xJ5 | ||
| MnVCuBwfwDXCAiEAw/1TA+CjPq9JC5ek1ifR0FybTURjeQqYkKpve1dveps= | ||
| -----END CERTIFICATE----- |
24 changes: 24 additions & 0 deletions
24
pkg/auth/authenticator/request/x509request/testdata/client.config.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| { | ||
| "signing": { | ||
| "profiles": { | ||
| "valid": { | ||
| "expiry": "876000h", | ||
| "usages": [ | ||
| "signing", | ||
| "key encipherment", | ||
| "client auth" | ||
| ] | ||
| }, | ||
| "expired": { | ||
| "expiry": "1h", | ||
| "not_before": "1990-12-31T23:59:00Z", | ||
| "not_after": "1990-12-31T23:59:00Z", | ||
| "usages": [ | ||
| "signing", | ||
| "key encipherment", | ||
| "client auth" | ||
| ] | ||
| } | ||
| } | ||
| } | ||
| } |
3 changes: 3 additions & 0 deletions
3
pkg/auth/authenticator/request/x509request/testdata/client.csr.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| { | ||
| "CN": "My Client" | ||
| } |
10 changes: 10 additions & 0 deletions
10
pkg/auth/authenticator/request/x509request/testdata/generate.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| cfssl gencert -initca root.csr.json | cfssljson -bare root | ||
|
|
||
| cfssl gencert -initca intermediate.csr.json | cfssljson -bare intermediate | ||
| cfssl sign -ca root.pem -ca-key root-key.pem -config intermediate.config.json intermediate.csr | cfssljson -bare intermediate | ||
|
|
||
| cfssl gencert -ca intermediate.pem -ca-key intermediate-key.pem -config client.config.json --profile=valid client.csr.json | cfssljson -bare client-valid | ||
| cfssl gencert -ca intermediate.pem -ca-key intermediate-key.pem -config client.config.json --profile=expired client.csr.json | cfssljson -bare client-expired | ||
|
|
18 changes: 18 additions & 0 deletions
18
pkg/auth/authenticator/request/x509request/testdata/intermediate.config.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| { | ||
| "signing": { | ||
| "default": { | ||
| "usages": [ | ||
| "digital signature", | ||
| "cert sign", | ||
| "crl sign", | ||
| "signing", | ||
| "key encipherment", | ||
| "client auth" | ||
| ], | ||
| "expiry": "876000h", | ||
| "ca_constraint": { | ||
| "is_ca": true | ||
| } | ||
| } | ||
| } | ||
| } |
6 changes: 6 additions & 0 deletions
6
pkg/auth/authenticator/request/x509request/testdata/intermediate.csr.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| { | ||
| "CN": "Intermediate-CA", | ||
| "ca": { | ||
| "expiry": "876000h" | ||
| } | ||
| } |
11 changes: 11 additions & 0 deletions
11
pkg/auth/authenticator/request/x509request/testdata/intermediate.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIBqDCCAU6gAwIBAgIUfqZtjoFgczZ+oQZbEC/BDSS2J6wwCgYIKoZIzj0EAwIw | ||
| EjEQMA4GA1UEAxMHUm9vdC1DQTAgFw0xNjEwMTEwNTA2MDBaGA8yMTE2MDkxNzA1 | ||
| MDYwMFowGjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlLUNBMFkwEwYHKoZIzj0CAQYI | ||
| KoZIzj0DAQcDQgAEyWHEMMCctJg8Xa5YWLqaCPbk3MjB+uvXac42JM9pj4k9jedD | ||
| kpUJRkWIPzgJI8Zk/3cSzluUTixP6JBSDKtwwaN4MHYwDgYDVR0PAQH/BAQDAgGm | ||
| MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE | ||
| FF+p0JcY31pz+mjNZnjv0Gum92vZMB8GA1UdIwQYMBaAFB7P6+i4/pfNjqZgJv/b | ||
| dgA7Fe4tMAoGCCqGSM49BAMCA0gAMEUCIQCTT1YWQZaAqfQ2oBxzOkJE2BqLFxhz | ||
| 3smQlrZ5gCHddwIgcvT7puhYOzAgcvMn9+SZ1JOyZ7edODjshCVCRnuHK2c= | ||
| -----END CERTIFICATE----- |
6 changes: 6 additions & 0 deletions
6
pkg/auth/authenticator/request/x509request/testdata/root.csr.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| { | ||
| "CN": "Root-CA", | ||
| "ca": { | ||
| "expiry": "876000h" | ||
| } | ||
| } |
11 changes: 11 additions & 0 deletions
11
pkg/auth/authenticator/request/x509request/testdata/root.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIBizCCATGgAwIBAgIUH4plk9qwD61FVXgiOTngFU5FeSkwCgYIKoZIzj0EAwIw | ||
| EjEQMA4GA1UEAxMHUm9vdC1DQTAgFw0xNjEwMTEwNTA2MDBaGA8yMTE2MDkxNzA1 | ||
| MDYwMFowEjEQMA4GA1UEAxMHUm9vdC1DQTBZMBMGByqGSM49AgEGCCqGSM49AwEH | ||
| A0IABI2CsrAnMGT8P2VGU2MLo5pv86Z74kcV9hgkLJUkSaeNyc1s89w7X5V2wvwu | ||
| iWEJRGm5RoZJausmyZLZEoKEVXejYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB | ||
| Af8EBTADAQH/MB0GA1UdDgQWBBQez+vouP6XzY6mYCb/23YAOxXuLTAfBgNVHSME | ||
| GDAWgBQez+vouP6XzY6mYCb/23YAOxXuLTAKBggqhkjOPQQDAgNIADBFAiBGclts | ||
| vJRM+QMVoV/1L9b+hvhgLIp/OupUFsSOReefIwIhALY06hBklyh8eFwuBtyX2VcE | ||
| 8xlVn4/5idUvc3Xv2h9s | ||
| -----END CERTIFICATE----- |
Oops, something went wrong.