"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
"onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller/logger"
provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
+ x509utils "onap.org/oom-certservice/k8s-external-provider/src/x509"
)
const (
}
privateKeyBytes := privateKeySecret.Data[privateKeySecretKey]
- // 8. Log Certificate Request properties not supported or overridden by CertService API
- logger.LogCertRequestProperties(ctrl.Log.WithName("CSR details"), certificateRequest)
+ // 8. Decode CSR
+ log.Info("Decoding CSR...")
+ csr, err := x509utils.DecodeCSR(certificateRequest.Spec.Request)
+ if err != nil {
+ controller.handleErrorFailedToDecodeCSR(ctx, log, err, certificateRequest)
+ return ctrl.Result{}, err
+ }
+
+ // 9. Log Certificate Request properties not supported or overridden by CertService API
+ logger.LogCertRequestProperties(ctrl.Log.WithName("CSR details"), certificateRequest, csr)
- // 9. Sign CertificateRequest
+ // 10. Sign CertificateRequest
signedPEM, trustedCAs, err := provisioner.Sign(ctx, certificateRequest, privateKeyBytes)
if err != nil {
controller.handleErrorFailedToSignCertificate(ctx, log, err, certificateRequest)
return ctrl.Result{}, err
}
- // 10. Store signed certificates in CertificateRequest
+ // 11. Store signed certificates in CertificateRequest
certificateRequest.Status.Certificate = signedPEM
certificateRequest.Status.CA = trustedCAs
if err := controller.updateCertificateRequestWithSignedCerficates(ctx, certificateRequest); err != nil {
_ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate request: %v", err)
}
+func (controller *CertificateRequestController) handleErrorFailedToDecodeCSR(ctx context.Context, log logr.Logger, err error, certificateRequest *cmapi.CertificateRequest) {
+ log.Error(err, "Failed to decode certificate sign request")
+ _ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to decode CSR: %v", err)
+}
+
+
func handleErrorResourceNotFound(log logr.Logger, err error) error {
if apierrors.IsNotFound(err) {
log.Error(err, "CertificateRequest resource not found")