Sign In
golang
/
flannel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e6edfac9cb
Branches Tags
flannel
/
vendor
/
k8s.io
/
kubernetes
/
pkg
/
apis
/
certificates
/
validation
/
validation.go

validation.go 2.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. /*
    2. 

  2. Copyright 2016 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package validation
    18. 

  18. 

  19. import (
    20. 

  20. 	"fmt"
    21. 

  21. 

  22. 	apivalidation "k8s.io/kubernetes/pkg/api/validation"
    23. 

  23. 	"k8s.io/kubernetes/pkg/apis/certificates"
    24. 

  24. 	certutil "k8s.io/kubernetes/pkg/util/certificates"
    25. 

  25. 	"k8s.io/kubernetes/pkg/util/validation/field"
    26. 

  26. )
    27. 

  27. 

  28. // validateCSR validates the signature and formatting of a base64-wrapped,
    29. 

  29. // PEM-encoded PKCS#10 certificate signing request. If this is invalid, we must
    30. 

  30. // not accept the CSR for further processing.
    31. 

  31. func validateCSR(obj *certificates.CertificateSigningRequest) error {
    32. 

  32. 	csr, err := certutil.ParseCertificateRequestObject(obj)
    33. 

  33. 	if err != nil {
    34. 

  34. 		return err
    35. 

  35. 	}
    36. 

  36. 	// check that the signature is valid
    37. 

  37. 	err = csr.CheckSignature()
    38. 

  38. 	if err != nil {
    39. 

  39. 		return err
    40. 

  40. 	}
    41. 

  41. 	return nil
    42. 

  42. }
    43. 

  43. 

  44. // We don't care what you call your certificate requests.
    45. 

  45. func ValidateCertificateRequestName(name string, prefix bool) []string {
    46. 

  46. 	return nil
    47. 

  47. }
    48. 

  48. 

  49. func ValidateCertificateSigningRequest(csr *certificates.CertificateSigningRequest) field.ErrorList {
    50. 

  50. 	isNamespaced := false
    51. 

  51. 	allErrs := apivalidation.ValidateObjectMeta(&csr.ObjectMeta, isNamespaced, ValidateCertificateRequestName, field.NewPath("metadata"))
    52. 

  52. 	err := validateCSR(csr)
    53. 

  53. 	if err != nil {
    54. 

  54. 		allErrs = append(allErrs, field.Invalid(field.NewPath("request"), csr.Spec.Request, fmt.Sprintf("%v", err)))
    55. 

  55. 	}
    56. 

  56. 	return allErrs
    57. 

  57. }
    58. 

  58. 

  59. func ValidateCertificateSigningRequestUpdate(newCSR, oldCSR *certificates.CertificateSigningRequest) field.ErrorList {
    60. 

  60. 	validationErrorList := ValidateCertificateSigningRequest(newCSR)
    61. 

  61. 	metaUpdateErrorList := apivalidation.ValidateObjectMetaUpdate(&newCSR.ObjectMeta, &oldCSR.ObjectMeta, field.NewPath("metadata"))
    62. 

  62. 	return append(validationErrorList, metaUpdateErrorList...)
    63. 

  63. }
    64.