2 * ============LICENSE_START=======================================================
3 * oom-certservice-k8s-external-provider
4 * ================================================================================
5 * Copyright (C) 2020 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
29 cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
31 "onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
35 CertServiceName = "Cert Service API"
36 CMPv2ServerName = "CMPv2 Server"
39 func LogCertRequestProperties(log leveledlogger.Logger, request *cmapi.CertificateRequest, csr *x509.CertificateRequest) {
40 logSupportedProperties(log, csr)
41 logPropertiesNotSupportedByCertService(log, request, csr)
42 logPropertiesOverriddenByCMPv2Server(log, request)
45 func logSupportedProperties(log leveledlogger.Logger, csr *x509.CertificateRequest) {
46 logSupportedSingleValueProperty(log, csr.Subject.CommonName, "common name")
47 logSupportedMultiValueProperty(log, csr.Subject.Organization, "organization")
48 logSupportedMultiValueProperty(log, csr.Subject.OrganizationalUnit, "organization unit")
49 logSupportedMultiValueProperty(log, csr.Subject.Country, "country")
50 logSupportedMultiValueProperty(log, csr.Subject.Province, "state")
51 logSupportedMultiValueProperty(log, csr.Subject.Locality, "location")
52 logSupportedMultiValueProperty(log, csr.DNSNames, "dns names")
55 func logSupportedMultiValueProperty(log leveledlogger.Logger, values []string, propertyName string) {
57 log.Info(getSupportedMessage(propertyName, extractStringArray(values)))
61 func logSupportedSingleValueProperty(log leveledlogger.Logger, value string, propertyName string) {
62 log.Info(getSupportedMessage(propertyName, value))
65 func logPropertiesOverriddenByCMPv2Server(log leveledlogger.Logger, request *cmapi.CertificateRequest) {
66 if request.Spec.Duration != nil && len(request.Spec.Duration.String()) > 0 {
67 log.Info(getOverriddenMessage("duration", request.Spec.Duration.Duration.String()))
69 if request.Spec.Usages != nil && len(request.Spec.Usages) > 0 {
70 log.Info(getOverriddenMessage("usages", extractUsages(request.Spec.Usages)))
74 func extractUsages(usages []cmapi.KeyUsage) string {
76 for _, usage := range usages {
77 values = values + string(usage) + ", "
82 func logPropertiesNotSupportedByCertService(log leveledlogger.Logger, request *cmapi.CertificateRequest, csr *x509.CertificateRequest) {
84 //IP addresses in SANs
85 if len(csr.IPAddresses) > 0 {
86 log.Warning(getNotSupportedMessage("ipAddresses", extractIPAddresses(csr.IPAddresses)))
89 if len(csr.URIs) > 0 {
90 log.Warning(getNotSupportedMessage("uris", extractURIs(csr.URIs)))
93 //Email addresses in SANs
94 if len(csr.EmailAddresses) > 0 {
95 log.Warning(getNotSupportedMessage("emailAddresses", extractStringArray(csr.EmailAddresses)))
98 if request.Spec.IsCA == true {
99 log.Warning(getNotSupportedMessage("isCA", strconv.FormatBool(request.Spec.IsCA)))
102 if len(csr.Subject.StreetAddress) > 0 {
103 log.Warning(getNotSupportedMessage("subject.streetAddress", extractStringArray(csr.Subject.StreetAddress)))
106 if len(csr.Subject.PostalCode) > 0 {
107 log.Warning(getNotSupportedMessage("subject.postalCodes", extractStringArray(csr.Subject.PostalCode)))
110 if len(csr.Subject.SerialNumber) > 0 {
111 log.Warning(getNotSupportedMessage("subject.serialNumber", csr.Subject.SerialNumber))
116 func extractStringArray(strArray []string) string {
118 for _, val := range strArray {
119 values = values + val + ", "
124 func extractURIs(URIs []*url.URL) string {
126 for _, uri := range URIs {
127 values = values + uri.String() + ", "
132 func extractIPAddresses(addresses []net.IP) string {
134 for _, ipAddress := range addresses {
135 values = values + ipAddress.String() + ", "
140 func getSupportedMessage(property string, value string) string {
141 return "+ property '" + property + "' with value '" + value + "' will be sent in certificate signing request to " + CMPv2ServerName
144 func getNotSupportedMessage(property string, value string) string {
145 return "- property '" + property + "' with value '" + value + "' is not supported by " + CertServiceName
148 func getOverriddenMessage(property string, values string) string {
149 return "* property '" + property + "' with value '" + values + "' will be overridden by " + CMPv2ServerName