2 * ============LICENSE_START=======================================================
3 * oom-certservice-k8s-external-provider
4 * ================================================================================
5 * Copyright (C) 2020 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
29 "github.com/go-logr/logr"
30 cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
34 CertServiceName = "Cert Service API"
35 CMPv2ServerName = "CMPv2 Server"
38 func LogCertRequestProperties(log logr.Logger, request *cmapi.CertificateRequest, csr *x509.CertificateRequest) {
39 logSupportedProperties(log, request, csr)
40 logPropertiesNotSupportedByCertService(log, request, csr)
41 logPropertiesOverriddenByCMPv2Server(log, request)
44 func logSupportedProperties(log logr.Logger, request *cmapi.CertificateRequest, csr *x509.CertificateRequest) {
45 logSupportedProperty(log, csr.Subject.Organization, "organization")
46 logSupportedProperty(log, csr.Subject.OrganizationalUnit, "organization unit")
47 logSupportedProperty(log, csr.Subject.Country, "country")
48 logSupportedProperty(log, csr.Subject.Province, "state")
49 logSupportedProperty(log, csr.Subject.Locality, "location")
50 logSupportedProperty(log, csr.DNSNames, "dns names")
53 func logSupportedProperty(log logr.Logger, values []string, propertyName string) {
55 log.Info(getSupportedMessage(propertyName, extractStringArray(values)))
59 func logPropertiesOverriddenByCMPv2Server(log logr.Logger, request *cmapi.CertificateRequest) {
60 if request.Spec.Duration != nil && len(request.Spec.Duration.String()) > 0 {
61 log.Info(getOverriddenMessage("duration", request.Spec.Duration.Duration.String()))
63 if request.Spec.Usages != nil && len(request.Spec.Usages) > 0 {
64 log.Info(getOverriddenMessage("usages", extractUsages(request.Spec.Usages)))
68 func extractUsages(usages []cmapi.KeyUsage) string {
70 for _, usage := range usages {
71 values = values + string(usage) + ", "
76 func logPropertiesNotSupportedByCertService(log logr.Logger, request *cmapi.CertificateRequest, csr *x509.CertificateRequest) {
78 //IP addresses in SANs
79 if len(csr.IPAddresses) > 0 {
80 log.Info(getNotSupportedMessage("ipAddresses", extractIPAddresses(csr.IPAddresses)))
83 if len(csr.URIs) > 0 {
84 log.Info(getNotSupportedMessage("uris", extractURIs(csr.URIs)))
87 //Email addresses in SANs
88 if len(csr.EmailAddresses) > 0 {
89 log.Info(getNotSupportedMessage("emailAddresses", extractStringArray(csr.EmailAddresses)))
92 if request.Spec.IsCA == true {
93 log.Info(getNotSupportedMessage("isCA", strconv.FormatBool(request.Spec.IsCA)))
96 if len(csr.Subject.StreetAddress) > 0 {
97 log.Info(getNotSupportedMessage("subject.streetAddress", extractStringArray(csr.Subject.StreetAddress)))
100 if len(csr.Subject.PostalCode) > 0 {
101 log.Info(getNotSupportedMessage("subject.postalCodes", extractStringArray(csr.Subject.PostalCode)))
104 if len(csr.Subject.SerialNumber) > 0 {
105 log.Info(getNotSupportedMessage("subject.serialNumber", csr.Subject.SerialNumber))
110 func extractStringArray(strArray []string) string {
112 for _, val := range strArray {
113 values = values + val + ", "
118 func extractURIs(URIs []*url.URL) string {
120 for _, uri := range URIs {
121 values = values + uri.String() + ", "
126 func extractIPAddresses(addresses []net.IP) string {
128 for _, ipAddress := range addresses {
129 values = values + ipAddress.String() + ", "
134 func getNotSupportedMessage(property string, value string) string {
135 return "WARNING: Property '" + property + "' with value: " + value + " is not supported by " + CertServiceName
138 func getSupportedMessage(property string, value string) string {
139 return "Property '" + property + "' with value: " + value + " will be sent in certificate signing request to " + CMPv2ServerName
142 func getOverriddenMessage(property string, values string) string {
143 return "Property '" + property + "' with value: " + values + " will be overridden by " + CMPv2ServerName