2 * ============LICENSE_START=======================================================
3 * oom-certservice-k8s-external-provider
4 * ================================================================================
5 * Copyright (C) 2020 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
30 "github.com/go-logr/logr"
31 cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
35 CertServiceName = "Cert Service API"
36 CMPv2ServerName = "CMPv2 Server"
39 func LogCertRequestProperties(log logr.Logger, request *cmapi.CertificateRequest) {
40 logPropertiesOverriddenByCMPv2Server(log, request)
41 logPropertiesNotSupportedByCertService(log, request)
44 func logPropertiesOverriddenByCMPv2Server(log logr.Logger, request *cmapi.CertificateRequest) {
45 if request.Spec.Duration != nil && len(request.Spec.Duration.String()) > 0 {
46 log.Info(getOverriddenMessage("duration", request.Spec.Duration.Duration.String()))
48 if request.Spec.Usages != nil && len(request.Spec.Usages) > 0 {
49 log.Info(getOverriddenMessage("usages", extractUsages(request.Spec.Usages)))
53 func extractUsages(usages []cmapi.KeyUsage) string {
55 for _, usage := range usages {
56 values = values + string(usage) + ", "
61 func getOverriddenMessage(property string, values string) string {
62 return "Property '" + property + "' with value: " + values + ", will be overridden by " + CMPv2ServerName
65 func logPropertiesNotSupportedByCertService(log logr.Logger, request *cmapi.CertificateRequest) {
67 block, _ := pem.Decode(request.Spec.Request)
68 cert, err := x509.ParseCertificateRequest(block.Bytes)
70 log.Error(err, "Cannot parse Certificate Signing Request")
72 //IP addresses in SANs
73 if len(cert.IPAddresses) > 0 {
74 log.Info(getNotSupportedMessage("ipAddresses", extractIPAddresses(cert.IPAddresses)))
77 if len(cert.URIs) > 0 {
78 log.Info(getNotSupportedMessage("uris", extractURIs(cert.URIs)))
81 //Email addresses in SANs
82 if len(cert.EmailAddresses) > 0 {
83 log.Info(getNotSupportedMessage("emailAddresses", extractStringArray(cert.EmailAddresses)))
86 if request.Spec.IsCA == true {
87 log.Info(getNotSupportedMessage("isCA", strconv.FormatBool(request.Spec.IsCA)))
90 if len(cert.Subject.StreetAddress) > 0 {
91 log.Info(getNotSupportedMessage("subject.streetAddress", extractStringArray(cert.Subject.StreetAddress)))
94 if len(cert.Subject.PostalCode) > 0 {
95 log.Info(getNotSupportedMessage("subject.postalCodes", extractStringArray(cert.Subject.PostalCode)))
98 if len(cert.Subject.SerialNumber) > 0 {
99 log.Info(getNotSupportedMessage("subject.serialNumber", cert.Subject.SerialNumber))
104 func extractStringArray(strArray []string) string {
106 for _, emailSANs := range strArray {
107 values = values + emailSANs + ", "
112 func extractURIs(URIs []*url.URL) string {
114 for _, uri := range URIs {
115 values = values + uri.String() + ", "
120 func extractIPAddresses(addresses []net.IP) string {
122 for _, ipAddress := range addresses {
123 values = values + ipAddress.String() + ", "
128 func getNotSupportedMessage(property string, values string) string {
129 return "WARNING: Property '" + property + "' with value: " + values + " is not supported by " + CertServiceName