Fork: 0
yangyangxie / AnthosCertManager
Transfer to URL with SHA Find file
Newer
Older
AnthosCertManager / pkg / controller / certificates / secrets.go
@Yangyang Xie Yangyang Xie on 11 Nov 2022 2 KB add pki funcs
Raw Blame History 
package certificates

import (
	"bytes"
	"crypto/x509"
	"encoding/pem"
	"strings"

	apiutil "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/api/util"
	acmapi "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1"
	utilpki "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util/pki"
)

// AnnotationsForCertificateSecret returns a map which is set on all
// Certificate Secret's Annotations when issued. These annotations contain
// information about the Issuer and Certificate.
// If the X.509 certificate is not-nil, additional annotations will be added
// relating to its Common Name and Subject Alternative Names.
func AnnotationsForCertificateSecret(crt *acmapi.Certificate, certificate *x509.Certificate) map[string]string {
	annotations := make(map[string]string)

	annotations[acmapi.CertificateNameKey] = crt.Name
	annotations[acmapi.IssuerNameAnnotationKey] = crt.Spec.IssuerRef.Name
	annotations[acmapi.IssuerKindAnnotationKey] = apiutil.IssuerKind(crt.Spec.IssuerRef)
	annotations[acmapi.IssuerGroupAnnotationKey] = crt.Spec.IssuerRef.Group

	// Only add certificate data if certificate is non-nil.
	if certificate != nil {
		annotations[acmapi.CommonNameAnnotationKey] = certificate.Subject.CommonName
		annotations[acmapi.AltNamesAnnotationKey] = strings.Join(certificate.DNSNames, ",")
		annotations[acmapi.IPSANAnnotationKey] = strings.Join(utilpki.IPAddressesToString(certificate.IPAddresses), ",")
		annotations[acmapi.URISANAnnotationKey] = strings.Join(utilpki.URLsToString(certificate.URIs), ",")
	}

	return annotations
}

// OutputFormatDER returns the byte slice of the private key in DER format. To
// be used for Certificate's Additional Output Format DER.
func OutputFormatDER(privateKey []byte) []byte {
	block, _ := pem.Decode(privateKey)
	return block.Bytes
}

// OutputFormatCombinedPEM returns the byte slice of the PEM encoded private
// key and signed certificate chain, concatenated. To be used for Certificate's
// Additional Output Format Combined PEM.
func OutputFormatCombinedPEM(privateKey, certificate []byte) []byte {
	return bytes.Join([][]byte{privateKey, certificate}, []byte("\n"))
}