From fb099ae3856750ddad24a8cc5742b515d033c75d Mon Sep 17 00:00:00 2001 From: Mike Danese Date: Mon, 7 Nov 2016 10:25:45 -0800 Subject: [PATCH 1/3] certificates: support allowed usage --- pkg/apis/certificates/types.go | 37 +++++++ pkg/apis/certificates/v1alpha1/types.go | 37 +++++++ pkg/controller/certificates/BUILD | 1 + .../certificates/certificate_controller.go | 23 ++--- pkg/controller/certificates/cfssl_signer.go | 99 +++++++++++++++++++ 5 files changed, 182 insertions(+), 15 deletions(-) create mode 100644 pkg/controller/certificates/cfssl_signer.go diff --git a/pkg/apis/certificates/types.go b/pkg/apis/certificates/types.go index 71bc07c21ac..02e2135973b 100644 --- a/pkg/apis/certificates/types.go +++ b/pkg/apis/certificates/types.go @@ -46,6 +46,12 @@ type CertificateSigningRequestSpec struct { // Base64-encoded PKCS#10 CSR data Request []byte + // usages specifies a set of usage contexts the key will be + // valid for. + // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 + // https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + Usages []KeyUsage + // Information about the requesting user (if relevant) // See user.Info interface for details // +optional @@ -96,3 +102,34 @@ type CertificateSigningRequestList struct { // +optional Items []CertificateSigningRequest } + +// KeyUsages specifies valid usage contexts for keys. +// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 +// https://tools.ietf.org/html/rfc5280#section-4.2.1.12 +type KeyUsage string + +const ( + UsageSigning KeyUsage = "signing" + UsageDigitalSignature KeyUsage = "digital signature" + UsageContentCommittment KeyUsage = "content committment" + UsageKeyEncipherment KeyUsage = "key encipherment" + UsageKeyAgreement KeyUsage = "key agreement" + UsageDataEncipherment KeyUsage = "data encipherment" + UsageCertSign KeyUsage = "cert sign" + UsageCRLSign KeyUsage = "crl sign" + UsageEncipherOnly KeyUsage = "encipher only" + UsageDecipherOnly KeyUsage = "decipher only" + UsageAny KeyUsage = "any" + UsageServerAuth KeyUsage = "server auth" + UsageClientAuth KeyUsage = "client auth" + UsageCodeSigning KeyUsage = "code signing" + UsageEmailProtection KeyUsage = "email protection" + UsageSMIME KeyUsage = "s/mime" + UsageIPsecEndSystem KeyUsage = "ipsec end system" + UsageIPsecTunnel KeyUsage = "ipsec tunnel" + UsageIPsecUser KeyUsage = "ipsec user" + UsageTimestamping KeyUsage = "timestamping" + UsageOCSPSigning KeyUsage = "ocsp signing" + UsageMicrosoftSGC KeyUsage = "microsoft sgc" + UsageNetscapSGC KeyUsage = "netscape sgc" +) diff --git a/pkg/apis/certificates/v1alpha1/types.go b/pkg/apis/certificates/v1alpha1/types.go index cf9e4f09022..a5e70bfcff9 100644 --- a/pkg/apis/certificates/v1alpha1/types.go +++ b/pkg/apis/certificates/v1alpha1/types.go @@ -46,6 +46,12 @@ type CertificateSigningRequestSpec struct { // Base64-encoded PKCS#10 CSR data Request []byte `json:"request" protobuf:"bytes,1,opt,name=request"` + // allowedUsages specifies a set of usage contexts the key will be + // valid for. + // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 + // https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + Usages []KeyUsage `json:"usages,omitempty" protobuf:"bytes,5,opt,name=keyUsage"` + // Information about the requesting user (if relevant) // See user.Info interface for details // +optional @@ -95,3 +101,34 @@ type CertificateSigningRequestList struct { Items []CertificateSigningRequest `json:"items" protobuf:"bytes,2,rep,name=items"` } + +// KeyUsages specifies valid usage contexts for keys. +// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 +// https://tools.ietf.org/html/rfc5280#section-4.2.1.12 +type KeyUsage string + +const ( + UsageSigning KeyUsage = "signing" + UsageDigitalSignature KeyUsage = "digital signature" + UsageContentCommittment KeyUsage = "content committment" + UsageKeyEncipherment KeyUsage = "key encipherment" + UsageKeyAgreement KeyUsage = "key agreement" + UsageDataEncipherment KeyUsage = "data encipherment" + UsageCertSign KeyUsage = "cert sign" + UsageCRLSign KeyUsage = "crl sign" + UsageEncipherOnly KeyUsage = "encipher only" + UsageDecipherOnly KeyUsage = "decipher only" + UsageAny KeyUsage = "any" + UsageServerAuth KeyUsage = "server auth" + UsageClientAuth KeyUsage = "client auth" + UsageCodeSigning KeyUsage = "code signing" + UsageEmailProtection KeyUsage = "email protection" + UsageSMIME KeyUsage = "s/mime" + UsageIPsecEndSystem KeyUsage = "ipsec end system" + UsageIPsecTunnel KeyUsage = "ipsec tunnel" + UsageIPsecUser KeyUsage = "ipsec user" + UsageTimestamping KeyUsage = "timestamping" + UsageOCSPSigning KeyUsage = "ocsp signing" + UsageMicrosoftSGC KeyUsage = "microsoft sgc" + UsageNetscapSGC KeyUsage = "netscape sgc" +) diff --git a/pkg/controller/certificates/BUILD b/pkg/controller/certificates/BUILD index bdfb182744c..9540ee798f4 100644 --- a/pkg/controller/certificates/BUILD +++ b/pkg/controller/certificates/BUILD @@ -32,6 +32,7 @@ go_library( "//pkg/util/workqueue:go_default_library", "//pkg/watch:go_default_library", "//vendor:github.com/cloudflare/cfssl/config", + "//vendor:github.com/cloudflare/cfssl/helpers", "//vendor:github.com/cloudflare/cfssl/signer", "//vendor:github.com/cloudflare/cfssl/signer/local", "//vendor:github.com/golang/glog", diff --git a/pkg/controller/certificates/certificate_controller.go b/pkg/controller/certificates/certificate_controller.go index 81339c27c63..c073481a069 100644 --- a/pkg/controller/certificates/certificate_controller.go +++ b/pkg/controller/certificates/certificate_controller.go @@ -33,9 +33,6 @@ import ( "k8s.io/kubernetes/pkg/util/workqueue" "k8s.io/kubernetes/pkg/watch" - "github.com/cloudflare/cfssl/config" - "github.com/cloudflare/cfssl/signer" - "github.com/cloudflare/cfssl/signer/local" "github.com/golang/glog" ) @@ -43,6 +40,10 @@ type AutoApprover interface { AutoApprove(csr *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error) } +type Signer interface { + Sign(csr *certificates.CertificateSigningRequest) ([]byte, error) +} + type CertificateController struct { kubeClient clientset.Interface @@ -53,8 +54,7 @@ type CertificateController struct { syncHandler func(csrKey string) error approver AutoApprover - - signer *local.Signer + signer Signer queue workqueue.RateLimitingInterface } @@ -65,12 +65,7 @@ func NewCertificateController(kubeClient clientset.Interface, syncPeriod time.Du eventBroadcaster.StartLogging(glog.Infof) eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: kubeClient.Core().Events("")}) - // Configure cfssl signer - // TODO: support non-default policy and remote/pkcs11 signing - policy := &config.Signing{ - Default: config.DefaultConfig(), - } - ca, err := local.NewSignerFromFile(caCertFile, caKeyFile, policy) + s, err := NewCFSSLSigner(caCertFile, caKeyFile) if err != nil { return nil, err } @@ -78,7 +73,7 @@ func NewCertificateController(kubeClient clientset.Interface, syncPeriod time.Du cc := &CertificateController{ kubeClient: kubeClient, queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "certificate"), - signer: ca, + signer: s, approver: approver, } @@ -209,9 +204,7 @@ func (cc *CertificateController) maybeSignCertificate(key string) error { // 3. Update the Status subresource if csr.Status.Certificate == nil && IsCertificateRequestApproved(csr) { - pemBytes := csr.Spec.Request - req := signer.SignRequest{Request: string(pemBytes)} - certBytes, err := cc.signer.Sign(req) + certBytes, err := cc.signer.Sign(csr) if err != nil { return err } diff --git a/pkg/controller/certificates/cfssl_signer.go b/pkg/controller/certificates/cfssl_signer.go new file mode 100644 index 00000000000..a6f50e2f542 --- /dev/null +++ b/pkg/controller/certificates/cfssl_signer.go @@ -0,0 +1,99 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package certificates + +import ( + "crypto" + "crypto/x509" + "fmt" + "io/ioutil" + "os" + + certificates "k8s.io/kubernetes/pkg/apis/certificates/v1alpha1" + + "github.com/cloudflare/cfssl/config" + "github.com/cloudflare/cfssl/helpers" + "github.com/cloudflare/cfssl/signer" + "github.com/cloudflare/cfssl/signer/local" +) + +var onlySigningPolicy = &config.Signing{ + Default: &config.SigningProfile{ + Usage: []string{"signing"}, + Expiry: helpers.OneYear, + ExpiryString: "8760h", + }, +} + +type CFSSLSigner struct { + ca *x509.Certificate + priv crypto.Signer + sigAlgo x509.SignatureAlgorithm +} + +func NewCFSSLSigner(caFile, caKeyFile string) (*CFSSLSigner, error) { + ca, err := ioutil.ReadFile(caFile) + if err != nil { + return nil, err + } + cakey, err := ioutil.ReadFile(caKeyFile) + if err != nil { + return nil, err + } + + parsedCa, err := helpers.ParseCertificatePEM(ca) + if err != nil { + return nil, err + } + + strPassword := os.Getenv("CFSSL_CA_PK_PASSWORD") + password := []byte(strPassword) + if strPassword == "" { + password = nil + } + + priv, err := helpers.ParsePrivateKeyPEMWithPassword(cakey, password) + if err != nil { + return nil, fmt.Errorf("Malformed private key %v", err) + } + return &CFSSLSigner{ + priv: priv, + ca: parsedCa, + sigAlgo: signer.DefaultSigAlgo(priv), + }, nil +} + +func (cs *CFSSLSigner) Sign(csr *certificates.CertificateSigningRequest) ([]byte, error) { + var usages []string + for _, usage := range csr.Spec.Usages { + usages = append(usages, string(usage)) + } + policy := &config.Signing{ + Default: &config.SigningProfile{ + Usage: usages, + Expiry: helpers.OneYear, + ExpiryString: "8760h", + }, + } + s, err := local.NewSigner(cs.priv, cs.ca, cs.sigAlgo, policy) + if err != nil { + return nil, err + } + return s.Sign(signer.SignRequest{ + Request: string(csr.Spec.Request), + }) +} From 19871dfb28f3e810a107366a7d15c31f4893e01d Mon Sep 17 00:00:00 2001 From: Mike Danese Date: Mon, 7 Nov 2016 10:25:53 -0800 Subject: [PATCH 2/3] autogenerated --- api/openapi-spec/swagger.json | 7 + .../certificates.k8s.io_v1alpha1.json | 11 + .../v1alpha1/definitions.html | 14 +- .../certificates/v1alpha1/generated.pb.go | 142 +- .../certificates/v1alpha1/generated.proto | 6 + .../certificates/v1alpha1/types.generated.go | 1449 ++++++++++------- .../v1alpha1/types_swagger_doc_generated.go | 1 + .../v1alpha1/zz_generated.conversion.go | 2 + .../v1alpha1/zz_generated.deepcopy.go | 7 + .../certificates/zz_generated.deepcopy.go | 7 + pkg/controller/certificates/BUILD | 1 + pkg/generated/openapi/zz_generated.openapi.go | 14 + 12 files changed, 991 insertions(+), 670 deletions(-) diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json index b0d38ca522a..fe4f4c88743 100644 --- a/api/openapi-spec/swagger.json +++ b/api/openapi-spec/swagger.json @@ -35833,6 +35833,13 @@ "uid": { "type": "string" }, + "usages": { + "description": "allowedUsages specifies a set of usage contexts the key will be valid for. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3\n https://tools.ietf.org/html/rfc5280#section-4.2.1.12", + "type": "array", + "items": { + "type": "string" + } + }, "username": { "description": "Information about the requesting user (if relevant) See user.Info interface for details", "type": "string" diff --git a/api/swagger-spec/certificates.k8s.io_v1alpha1.json b/api/swagger-spec/certificates.k8s.io_v1alpha1.json index 237080596aa..92d504bc5c4 100644 --- a/api/swagger-spec/certificates.k8s.io_v1alpha1.json +++ b/api/swagger-spec/certificates.k8s.io_v1alpha1.json @@ -895,6 +895,13 @@ "type": "string", "description": "Base64-encoded PKCS#10 CSR data" }, + "usages": { + "type": "array", + "items": { + "$ref": "v1alpha1.KeyUsage" + }, + "description": "allowedUsages specifies a set of usage contexts the key will be valid for. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3\n https://tools.ietf.org/html/rfc5280#section-4.2.1.12" + }, "username": { "type": "string", "description": "Information about the requesting user (if relevant) See user.Info interface for details" @@ -910,6 +917,10 @@ } } }, + "v1alpha1.KeyUsage": { + "id": "v1alpha1.KeyUsage", + "properties": {} + }, "v1alpha1.CertificateSigningRequestStatus": { "id": "v1alpha1.CertificateSigningRequestStatus", "properties": { diff --git a/docs/api-reference/certificates.k8s.io/v1alpha1/definitions.html b/docs/api-reference/certificates.k8s.io/v1alpha1/definitions.html index 9fd5162c0af..17c52d0d3c1 100755 --- a/docs/api-reference/certificates.k8s.io/v1alpha1/definitions.html +++ b/docs/api-reference/certificates.k8s.io/v1alpha1/definitions.html @@ -588,6 +588,14 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; } +

usages

+

allowedUsages specifies a set of usage contexts the key will be valid for. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
+ https://tools.ietf.org/html/rfc5280#section-4.2.1.12

+

false

+

v1alpha1.KeyUsage array

+ + +

username

Information about the requesting user (if relevant) See user.Info interface for details

false

@@ -983,6 +991,10 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; } + +
+

v1alpha1.KeyUsage

+

v1.WatchEvent

@@ -1352,7 +1364,7 @@ Examples:
diff --git a/pkg/apis/certificates/v1alpha1/generated.pb.go b/pkg/apis/certificates/v1alpha1/generated.pb.go index bb09ff8da36..96e5dacae92 100644 --- a/pkg/apis/certificates/v1alpha1/generated.pb.go +++ b/pkg/apis/certificates/v1alpha1/generated.pb.go @@ -250,6 +250,21 @@ func (m *CertificateSigningRequestSpec) MarshalTo(data []byte) (int, error) { i += copy(data[i:], s) } } + if len(m.Usages) > 0 { + for _, s := range m.Usages { + data[i] = 0x2a + i++ + l = len(s) + for l >= 1<<7 { + data[i] = uint8(uint64(l)&0x7f | 0x80) + l >>= 7 + i++ + } + data[i] = uint8(l) + i++ + i += copy(data[i:], s) + } + } return i, nil } @@ -373,6 +388,12 @@ func (m *CertificateSigningRequestSpec) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } + if len(m.Usages) > 0 { + for _, s := range m.Usages { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } return n } @@ -450,6 +471,7 @@ func (this *CertificateSigningRequestSpec) String() string { `Username:` + fmt.Sprintf("%v", this.Username) + `,`, `UID:` + fmt.Sprintf("%v", this.UID) + `,`, `Groups:` + fmt.Sprintf("%v", this.Groups) + `,`, + `Usages:` + fmt.Sprintf("%v", this.Usages) + `,`, `}`, }, "") return s @@ -1038,6 +1060,35 @@ func (m *CertificateSigningRequestSpec) Unmarshal(data []byte) error { } m.Groups = append(m.Groups, string(data[iNdEx:postIndex])) iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Usages", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := data[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Usages = append(m.Usages, KeyUsage(data[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(data[iNdEx:]) @@ -1277,49 +1328,50 @@ var ( ) var fileDescriptorGenerated = []byte{ - // 691 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xac, 0x54, 0x4f, 0x4f, 0x13, 0x4f, - 0x18, 0xee, 0xb6, 0xa5, 0xb4, 0x53, 0x7e, 0xf0, 0xcb, 0xc4, 0x98, 0x4a, 0xc2, 0x96, 0x34, 0x6a, - 0xaa, 0x81, 0x59, 0x4b, 0x3c, 0x70, 0x34, 0x8b, 0x89, 0x21, 0x42, 0x88, 0x03, 0x24, 0x86, 0xdb, - 0x74, 0xfb, 0xb2, 0x1d, 0xcb, 0xfe, 0x61, 0x67, 0x96, 0x84, 0x9b, 0x47, 0x8f, 0xde, 0xfd, 0x20, - 0x7e, 0x05, 0x8e, 0x1c, 0x3d, 0x55, 0x29, 0x67, 0xbf, 0x80, 0x27, 0x33, 0xd3, 0xe9, 0x1f, 0x5b, - 0x0a, 0x9a, 0x70, 0xeb, 0xfb, 0xcc, 0xfb, 0x3e, 0xcf, 0xfb, 0xe7, 0xe9, 0xa2, 0x57, 0x9d, 0x4d, - 0x41, 0x78, 0xe4, 0x74, 0xd2, 0x26, 0x24, 0x21, 0x48, 0x10, 0x4e, 0xdc, 0xf1, 0x1d, 0x16, 0x73, - 0xe1, 0x78, 0x90, 0x48, 0x7e, 0xcc, 0x3d, 0xa6, 0xd0, 0xb3, 0x06, 0x3b, 0x89, 0xdb, 0xac, 0xe1, - 0xf8, 0x10, 0x42, 0xc2, 0x24, 0xb4, 0x48, 0x9c, 0x44, 0x32, 0xc2, 0x2f, 0xfa, 0x0c, 0x64, 0xc4, - 0x40, 0xe2, 0x8e, 0x4f, 0x14, 0x03, 0x19, 0x67, 0x20, 0x03, 0x86, 0xe5, 0x75, 0x9f, 0xcb, 0x76, - 0xda, 0x24, 0x5e, 0x14, 0x38, 0x7e, 0xe4, 0x47, 0x8e, 0x26, 0x6a, 0xa6, 0xc7, 0x3a, 0xd2, 0x81, - 0xfe, 0xd5, 0x17, 0x58, 0xde, 0x98, 0xd9, 0xa2, 0x93, 0x80, 0x88, 0xd2, 0xc4, 0x83, 0xc9, 0xa6, - 0x96, 0xd7, 0x66, 0xd7, 0x9c, 0x4d, 0x8d, 0x70, 0x8b, 0x82, 0x70, 0x02, 0x90, 0xec, 0xa6, 0x9a, - 0xf5, 0x9b, 0x6b, 0x92, 0x34, 0x94, 0x3c, 0x98, 0x6e, 0xe8, 0xe5, 0xed, 0xe9, 0xc2, 0x6b, 0x43, - 0xc0, 0xa6, 0xaa, 0x1a, 0x37, 0x57, 0xa5, 0x92, 0x9f, 0x38, 0x3c, 0x94, 0x42, 0x26, 0x93, 0x25, - 0xb5, 0xeb, 0x2c, 0x7a, 0xb4, 0x35, 0x5a, 0xfb, 0x3e, 0xf7, 0x43, 0x1e, 0xfa, 0x14, 0x4e, 0x53, - 0x10, 0x12, 0xbf, 0x47, 0x45, 0x35, 0x50, 0x8b, 0x49, 0x56, 0xb1, 0x56, 0xad, 0x7a, 0x79, 0xa3, - 0x4e, 0x66, 0xde, 0x8f, 0x9c, 0x35, 0xc8, 0x5e, 0xf3, 0x03, 0x78, 0x72, 0x17, 0x24, 0x73, 0xf1, - 0x45, 0xb7, 0x9a, 0xe9, 0x75, 0xab, 0x68, 0x84, 0xd1, 0x21, 0x1b, 0x3e, 0x45, 0x79, 0x11, 0x83, - 0x57, 0xc9, 0x6a, 0xd6, 0x3d, 0xf2, 0xaf, 0xae, 0x20, 0x33, 0x9b, 0xde, 0x8f, 0xc1, 0x73, 0x17, - 0x8c, 0x78, 0x5e, 0x45, 0x54, 0x4b, 0xe1, 0x73, 0x54, 0x10, 0x92, 0xc9, 0x54, 0x54, 0x72, 0x5a, - 0xf4, 0xdd, 0x7d, 0x8a, 0x6a, 0x62, 0x77, 0xd1, 0xc8, 0x16, 0xfa, 0x31, 0x35, 0x82, 0xb5, 0x2f, - 0x59, 0x54, 0x9b, 0x59, 0xbb, 0x15, 0x85, 0x2d, 0x2e, 0x79, 0x14, 0xe2, 0x4d, 0x94, 0x97, 0xe7, - 0x31, 0xe8, 0x55, 0x97, 0xdc, 0xc7, 0x83, 0x19, 0x0e, 0xce, 0x63, 0xf8, 0xd5, 0xad, 0x3e, 0x98, - 0xcc, 0x57, 0x38, 0xd5, 0x15, 0xf8, 0x29, 0x2a, 0x24, 0xc0, 0x44, 0x14, 0xea, 0x85, 0x96, 0x46, - 0x8d, 0x50, 0x8d, 0x52, 0xf3, 0x8a, 0x9f, 0xa1, 0xf9, 0x00, 0x84, 0x60, 0x3e, 0xe8, 0x25, 0x94, - 0xdc, 0x25, 0x93, 0x38, 0xbf, 0xdb, 0x87, 0xe9, 0xe0, 0x1d, 0xb7, 0xd1, 0xe2, 0x09, 0x13, 0xf2, - 0x30, 0x6e, 0x31, 0x09, 0x07, 0x3c, 0x80, 0x4a, 0xfe, 0x2e, 0x07, 0x08, 0xa2, 0xee, 0xab, 0x7c, - 0xa0, 0xf2, 0xdd, 0x87, 0x86, 0x7b, 0x71, 0xe7, 0x0f, 0x1e, 0x3a, 0xc1, 0x5b, 0xfb, 0x69, 0xa1, - 0x95, 0x99, 0xdb, 0xd9, 0xe1, 0x42, 0xe2, 0xa3, 0x29, 0x1f, 0xae, 0xfd, 0x4d, 0x17, 0xaa, 0x56, - 0x7b, 0xf1, 0x7f, 0xd3, 0x49, 0x71, 0x80, 0x8c, 0x39, 0x31, 0x46, 0x73, 0x5c, 0x42, 0x20, 0x2a, - 0xd9, 0xd5, 0x5c, 0xbd, 0xbc, 0xf1, 0xf6, 0x1e, 0x5d, 0xe1, 0xfe, 0x67, 0x74, 0xe7, 0xb6, 0x95, - 0x02, 0xed, 0x0b, 0xd5, 0xbe, 0xde, 0x36, 0xaf, 0x32, 0x2c, 0x7e, 0x82, 0xe6, 0x93, 0x7e, 0xa8, - 0xc7, 0x5d, 0x70, 0xcb, 0xea, 0x44, 0x26, 0x83, 0x0e, 0xde, 0xf0, 0x1a, 0x2a, 0xa6, 0x02, 0x92, - 0x90, 0x05, 0x60, 0xee, 0x3e, 0x1c, 0xf4, 0xd0, 0xe0, 0x74, 0x98, 0x81, 0x57, 0x50, 0x2e, 0xe5, - 0x2d, 0x73, 0xf7, 0xb2, 0x49, 0xcc, 0x1d, 0x6e, 0xbf, 0xa6, 0x0a, 0xc7, 0x35, 0x54, 0xf0, 0x93, - 0x28, 0x8d, 0x45, 0x25, 0xbf, 0x9a, 0xab, 0x97, 0x5c, 0xa4, 0xec, 0xf3, 0x46, 0x23, 0xd4, 0xbc, - 0xd4, 0xbe, 0x5b, 0xa8, 0x7a, 0xc7, 0x7f, 0x00, 0x7f, 0xb2, 0x10, 0xf2, 0x06, 0x16, 0x15, 0x15, - 0x4b, 0x6f, 0xf5, 0xe0, 0x1e, 0xb7, 0x3a, 0xf4, 0xff, 0xe8, 0x13, 0x33, 0x84, 0x04, 0x1d, 0xd3, - 0xc6, 0x0d, 0x54, 0x1e, 0xe3, 0xd6, 0x2b, 0x5a, 0x70, 0x97, 0x7a, 0xdd, 0x6a, 0x79, 0x8c, 0x9c, - 0x8e, 0xe7, 0xb8, 0xcf, 0x2f, 0xae, 0xec, 0xcc, 0xe5, 0x95, 0x9d, 0xf9, 0x76, 0x65, 0x67, 0x3e, - 0xf6, 0x6c, 0xeb, 0xa2, 0x67, 0x5b, 0x97, 0x3d, 0xdb, 0xfa, 0xd1, 0xb3, 0xad, 0xcf, 0xd7, 0x76, - 0xe6, 0xa8, 0x38, 0xe8, 0xf0, 0x77, 0x00, 0x00, 0x00, 0xff, 0xff, 0xc4, 0x02, 0x0e, 0x3c, 0x0d, - 0x07, 0x00, 0x00, + // 716 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xac, 0x54, 0x3d, 0x4f, 0x1b, 0x4b, + 0x14, 0xf5, 0xda, 0xc6, 0xd8, 0x63, 0x1e, 0x3c, 0x8d, 0x9e, 0x90, 0x1f, 0x12, 0x6b, 0x64, 0x25, + 0x91, 0x13, 0xc1, 0x6e, 0x6c, 0xa5, 0xa0, 0x8c, 0x96, 0x48, 0x11, 0x02, 0x84, 0x32, 0x60, 0x29, + 0xa2, 0x1b, 0xaf, 0x2f, 0xeb, 0x89, 0xd9, 0x0f, 0x76, 0x66, 0x91, 0xdc, 0xa5, 0x4c, 0x99, 0x3e, + 0x7f, 0x88, 0x92, 0x32, 0x95, 0x13, 0x4c, 0x19, 0xe5, 0x0f, 0x50, 0x45, 0x33, 0x1e, 0x7f, 0xc4, + 0xc6, 0x90, 0x48, 0x74, 0x9e, 0x33, 0xe7, 0x9e, 0x73, 0xe7, 0xde, 0xb3, 0x46, 0xaf, 0x3b, 0xdb, + 0xdc, 0x62, 0xa1, 0xdd, 0x49, 0x9a, 0x10, 0x07, 0x20, 0x80, 0xdb, 0x51, 0xc7, 0xb3, 0x69, 0xc4, + 0xb8, 0xed, 0x42, 0x2c, 0xd8, 0x29, 0x73, 0xa9, 0x44, 0x2f, 0x6a, 0xf4, 0x2c, 0x6a, 0xd3, 0x9a, + 0xed, 0x41, 0x00, 0x31, 0x15, 0xd0, 0xb2, 0xa2, 0x38, 0x14, 0x21, 0x7e, 0x39, 0x50, 0xb0, 0xc6, + 0x0a, 0x56, 0xd4, 0xf1, 0x2c, 0xa9, 0x60, 0x4d, 0x2a, 0x58, 0x43, 0x85, 0xb5, 0x2d, 0x8f, 0x89, + 0x76, 0xd2, 0xb4, 0xdc, 0xd0, 0xb7, 0xbd, 0xd0, 0x0b, 0x6d, 0x25, 0xd4, 0x4c, 0x4e, 0xd5, 0x49, + 0x1d, 0xd4, 0xaf, 0x81, 0xc1, 0x5a, 0x7d, 0x6e, 0x8b, 0x76, 0x0c, 0x3c, 0x4c, 0x62, 0x17, 0xa6, + 0x9b, 0x5a, 0xdb, 0x9c, 0x5f, 0x73, 0x31, 0xf3, 0x84, 0x7b, 0x1c, 0xb8, 0xed, 0x83, 0xa0, 0x77, + 0xd5, 0x6c, 0xdd, 0x5d, 0x13, 0x27, 0x81, 0x60, 0xfe, 0x6c, 0x43, 0xaf, 0xee, 0xa7, 0x73, 0xb7, + 0x0d, 0x3e, 0x9d, 0xa9, 0xaa, 0xdd, 0x5d, 0x95, 0x08, 0x76, 0x66, 0xb3, 0x40, 0x70, 0x11, 0x4f, + 0x97, 0x54, 0x6e, 0xd2, 0xe8, 0xff, 0x9d, 0xf1, 0xd8, 0x8f, 0x98, 0x17, 0xb0, 0xc0, 0x23, 0x70, + 0x9e, 0x00, 0x17, 0xf8, 0x3d, 0xca, 0xcb, 0x07, 0xb5, 0xa8, 0xa0, 0x25, 0x63, 0xc3, 0xa8, 0x16, + 0xeb, 0x55, 0x6b, 0xee, 0xfe, 0xac, 0x8b, 0x9a, 0x75, 0xd8, 0xfc, 0x00, 0xae, 0x38, 0x00, 0x41, + 0x1d, 0x7c, 0xd9, 0x2b, 0xa7, 0xfa, 0xbd, 0x32, 0x1a, 0x63, 0x64, 0xa4, 0x86, 0xcf, 0x51, 0x96, + 0x47, 0xe0, 0x96, 0xd2, 0x4a, 0xf5, 0xd0, 0xfa, 0xdb, 0x54, 0x58, 0x73, 0x9b, 0x3e, 0x8a, 0xc0, + 0x75, 0x96, 0xb4, 0x79, 0x56, 0x9e, 0x88, 0xb2, 0xc2, 0x5d, 0x94, 0xe3, 0x82, 0x8a, 0x84, 0x97, + 0x32, 0xca, 0xf4, 0xdd, 0x63, 0x9a, 0x2a, 0x61, 0x67, 0x59, 0xdb, 0xe6, 0x06, 0x67, 0xa2, 0x0d, + 0x2b, 0x5f, 0xd2, 0xa8, 0x32, 0xb7, 0x76, 0x27, 0x0c, 0x5a, 0x4c, 0xb0, 0x30, 0xc0, 0xdb, 0x28, + 0x2b, 0xba, 0x11, 0xa8, 0x51, 0x17, 0x9c, 0x27, 0xc3, 0x37, 0x1c, 0x77, 0x23, 0xb8, 0xed, 0x95, + 0xff, 0x9b, 0xe6, 0x4b, 0x9c, 0xa8, 0x0a, 0xfc, 0x0c, 0xe5, 0x62, 0xa0, 0x3c, 0x0c, 0xd4, 0x40, + 0x0b, 0xe3, 0x46, 0x88, 0x42, 0x89, 0xbe, 0xc5, 0xcf, 0xd1, 0xa2, 0x0f, 0x9c, 0x53, 0x0f, 0xd4, + 0x10, 0x0a, 0xce, 0x8a, 0x26, 0x2e, 0x1e, 0x0c, 0x60, 0x32, 0xbc, 0xc7, 0x6d, 0xb4, 0x7c, 0x46, + 0xb9, 0x68, 0x44, 0x2d, 0x2a, 0xe0, 0x98, 0xf9, 0x50, 0xca, 0x3e, 0x94, 0x00, 0x6e, 0xc9, 0xfd, + 0xca, 0x1c, 0x48, 0xbe, 0xb3, 0xaa, 0xb5, 0x97, 0xf7, 0x7f, 0xd3, 0x21, 0x53, 0xba, 0x95, 0x9f, + 0x06, 0x5a, 0x9f, 0x3b, 0x9d, 0x7d, 0xc6, 0x05, 0x3e, 0x99, 0xc9, 0xe1, 0xe6, 0x9f, 0x74, 0x21, + 0x6b, 0x55, 0x16, 0xff, 0xd5, 0x9d, 0xe4, 0x87, 0xc8, 0x44, 0x12, 0x23, 0xb4, 0xc0, 0x04, 0xf8, + 0xbc, 0x94, 0xde, 0xc8, 0x54, 0x8b, 0xf5, 0xbd, 0x47, 0x4c, 0x85, 0xf3, 0x8f, 0xf6, 0x5d, 0xd8, + 0x95, 0x0e, 0x64, 0x60, 0x54, 0xf9, 0x71, 0xdf, 0x7b, 0x65, 0x60, 0xf1, 0x53, 0xb4, 0x18, 0x0f, + 0x8e, 0xea, 0xb9, 0x4b, 0x4e, 0x51, 0xae, 0x48, 0x33, 0xc8, 0xf0, 0x0e, 0x6f, 0xa2, 0x7c, 0xc2, + 0x21, 0x0e, 0xa8, 0x0f, 0x7a, 0xef, 0xa3, 0x87, 0x36, 0x34, 0x4e, 0x46, 0x0c, 0xbc, 0x8e, 0x32, + 0x09, 0x6b, 0xe9, 0xbd, 0x17, 0x35, 0x31, 0xd3, 0xd8, 0x7d, 0x43, 0x24, 0x8e, 0x2b, 0x28, 0xe7, + 0xc5, 0x61, 0x12, 0xf1, 0x52, 0x76, 0x23, 0x53, 0x2d, 0x38, 0x48, 0xc6, 0xe7, 0xad, 0x42, 0x88, + 0xbe, 0xc1, 0x75, 0x94, 0xef, 0x40, 0xb7, 0xa1, 0xf2, 0xb3, 0xa0, 0x58, 0xab, 0x92, 0xa5, 0x00, + 0x7e, 0xdb, 0x2b, 0xe7, 0xf7, 0xf4, 0x2d, 0x19, 0xf1, 0x2a, 0xdf, 0x0c, 0x54, 0x7e, 0xe0, 0xbb, + 0xc1, 0x9f, 0x0c, 0x84, 0xdc, 0x61, 0xac, 0x79, 0xc9, 0x50, 0x9b, 0x38, 0x7e, 0xc4, 0x4d, 0x8c, + 0xbe, 0x99, 0xf1, 0xdf, 0xd2, 0x08, 0xe2, 0x64, 0xc2, 0x1b, 0xd7, 0x50, 0x71, 0x42, 0x5b, 0x8d, + 0x75, 0xc9, 0x59, 0xe9, 0xf7, 0xca, 0xc5, 0x09, 0x71, 0x32, 0xc9, 0x71, 0x5e, 0x5c, 0x5e, 0x9b, + 0xa9, 0xab, 0x6b, 0x33, 0xf5, 0xf5, 0xda, 0x4c, 0x7d, 0xec, 0x9b, 0xc6, 0x65, 0xdf, 0x34, 0xae, + 0xfa, 0xa6, 0xf1, 0xbd, 0x6f, 0x1a, 0x9f, 0x6f, 0xcc, 0xd4, 0x49, 0x7e, 0xd8, 0xe1, 0xaf, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x32, 0x58, 0xf7, 0xcf, 0x41, 0x07, 0x00, 0x00, } diff --git a/pkg/apis/certificates/v1alpha1/generated.proto b/pkg/apis/certificates/v1alpha1/generated.proto index 0d76ef5b609..f88f9c2fd9c 100644 --- a/pkg/apis/certificates/v1alpha1/generated.proto +++ b/pkg/apis/certificates/v1alpha1/generated.proto @@ -76,6 +76,12 @@ message CertificateSigningRequestSpec { // Base64-encoded PKCS#10 CSR data optional bytes request = 1; + // allowedUsages specifies a set of usage contexts the key will be + // valid for. + // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 + // https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + repeated string keyUsage = 5; + // Information about the requesting user (if relevant) // See user.Info interface for details // +optional diff --git a/pkg/apis/certificates/v1alpha1/types.generated.go b/pkg/apis/certificates/v1alpha1/types.generated.go index 44658c2bdd5..574d0070012 100644 --- a/pkg/apis/certificates/v1alpha1/types.generated.go +++ b/pkg/apis/certificates/v1alpha1/types.generated.go @@ -428,15 +428,16 @@ func (x *CertificateSigningRequestSpec) CodecEncodeSelf(e *codec1978.Encoder) { } else { yysep33 := !z.EncBinary() yy2arr33 := z.EncBasicHandle().StructToArray - var yyq33 [4]bool + var yyq33 [5]bool _, _, _ = yysep33, yyq33, yy2arr33 const yyr33 bool = false - yyq33[1] = x.Username != "" - yyq33[2] = x.UID != "" - yyq33[3] = len(x.Groups) != 0 + yyq33[1] = len(x.Usages) != 0 + yyq33[2] = x.Username != "" + yyq33[3] = x.UID != "" + yyq33[4] = len(x.Groups) != 0 var yynn33 int if yyr33 || yy2arr33 { - r.EncodeArrayStart(4) + r.EncodeArrayStart(5) } else { yynn33 = 1 for _, b := range yyq33 { @@ -477,25 +478,33 @@ func (x *CertificateSigningRequestSpec) CodecEncodeSelf(e *codec1978.Encoder) { if yyr33 || yy2arr33 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) if yyq33[1] { - yym38 := z.EncBinary() - _ = yym38 - if false { + if x.Usages == nil { + r.EncodeNil() } else { - r.EncodeString(codecSelferC_UTF81234, string(x.Username)) + yym38 := z.EncBinary() + _ = yym38 + if false { + } else { + h.encSliceKeyUsage(([]KeyUsage)(x.Usages), e) + } } } else { - r.EncodeString(codecSelferC_UTF81234, "") + r.EncodeNil() } } else { if yyq33[1] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("username")) + r.EncodeString(codecSelferC_UTF81234, string("usages")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym39 := z.EncBinary() - _ = yym39 - if false { + if x.Usages == nil { + r.EncodeNil() } else { - r.EncodeString(codecSelferC_UTF81234, string(x.Username)) + yym39 := z.EncBinary() + _ = yym39 + if false { + } else { + h.encSliceKeyUsage(([]KeyUsage)(x.Usages), e) + } } } } @@ -506,7 +515,7 @@ func (x *CertificateSigningRequestSpec) CodecEncodeSelf(e *codec1978.Encoder) { _ = yym41 if false { } else { - r.EncodeString(codecSelferC_UTF81234, string(x.UID)) + r.EncodeString(codecSelferC_UTF81234, string(x.Username)) } } else { r.EncodeString(codecSelferC_UTF81234, "") @@ -514,11 +523,36 @@ func (x *CertificateSigningRequestSpec) CodecEncodeSelf(e *codec1978.Encoder) { } else { if yyq33[2] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("uid")) + r.EncodeString(codecSelferC_UTF81234, string("username")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym42 := z.EncBinary() _ = yym42 if false { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x.Username)) + } + } + } + if yyr33 || yy2arr33 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq33[3] { + yym44 := z.EncBinary() + _ = yym44 + if false { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x.UID)) + } + } else { + r.EncodeString(codecSelferC_UTF81234, "") + } + } else { + if yyq33[3] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("uid")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yym45 := z.EncBinary() + _ = yym45 + if false { } else { r.EncodeString(codecSelferC_UTF81234, string(x.UID)) } @@ -526,12 +560,12 @@ func (x *CertificateSigningRequestSpec) CodecEncodeSelf(e *codec1978.Encoder) { } if yyr33 || yy2arr33 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq33[3] { + if yyq33[4] { if x.Groups == nil { r.EncodeNil() } else { - yym44 := z.EncBinary() - _ = yym44 + yym47 := z.EncBinary() + _ = yym47 if false { } else { z.F.EncSliceStringV(x.Groups, false, e) @@ -541,15 +575,15 @@ func (x *CertificateSigningRequestSpec) CodecEncodeSelf(e *codec1978.Encoder) { r.EncodeNil() } } else { - if yyq33[3] { + if yyq33[4] { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("groups")) z.EncSendContainerState(codecSelfer_containerMapValue1234) if x.Groups == nil { r.EncodeNil() } else { - yym45 := z.EncBinary() - _ = yym45 + yym48 := z.EncBinary() + _ = yym48 if false { } else { z.F.EncSliceStringV(x.Groups, false, e) @@ -570,25 +604,25 @@ func (x *CertificateSigningRequestSpec) CodecDecodeSelf(d *codec1978.Decoder) { var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - yym46 := z.DecBinary() - _ = yym46 + yym49 := z.DecBinary() + _ = yym49 if false { } else if z.HasExtensions() && z.DecExt(x) { } else { - yyct47 := r.ContainerType() - if yyct47 == codecSelferValueTypeMap1234 { - yyl47 := r.ReadMapStart() - if yyl47 == 0 { + yyct50 := r.ContainerType() + if yyct50 == codecSelferValueTypeMap1234 { + yyl50 := r.ReadMapStart() + if yyl50 == 0 { z.DecSendContainerState(codecSelfer_containerMapEnd1234) } else { - x.codecDecodeSelfFromMap(yyl47, d) + x.codecDecodeSelfFromMap(yyl50, d) } - } else if yyct47 == codecSelferValueTypeArray1234 { - yyl47 := r.ReadArrayStart() - if yyl47 == 0 { + } else if yyct50 == codecSelferValueTypeArray1234 { + yyl50 := r.ReadArrayStart() + if yyl50 == 0 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) } else { - x.codecDecodeSelfFromArray(yyl47, d) + x.codecDecodeSelfFromArray(yyl50, d) } } else { panic(codecSelferOnlyMapOrArrayEncodeToStructErr1234) @@ -600,12 +634,12 @@ func (x *CertificateSigningRequestSpec) codecDecodeSelfFromMap(l int, d *codec19 var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - var yys48Slc = z.DecScratchBuffer() // default slice to decode into - _ = yys48Slc - var yyhl48 bool = l >= 0 - for yyj48 := 0; ; yyj48++ { - if yyhl48 { - if yyj48 >= l { + var yys51Slc = z.DecScratchBuffer() // default slice to decode into + _ = yys51Slc + var yyhl51 bool = l >= 0 + for yyj51 := 0; ; yyj51++ { + if yyhl51 { + if yyj51 >= l { break } } else { @@ -614,20 +648,32 @@ func (x *CertificateSigningRequestSpec) codecDecodeSelfFromMap(l int, d *codec19 } } z.DecSendContainerState(codecSelfer_containerMapKey1234) - yys48Slc = r.DecodeBytes(yys48Slc, true, true) - yys48 := string(yys48Slc) + yys51Slc = r.DecodeBytes(yys51Slc, true, true) + yys51 := string(yys51Slc) z.DecSendContainerState(codecSelfer_containerMapValue1234) - switch yys48 { + switch yys51 { case "request": if r.TryDecodeAsNil() { x.Request = nil } else { - yyv49 := &x.Request - yym50 := z.DecBinary() - _ = yym50 + yyv52 := &x.Request + yym53 := z.DecBinary() + _ = yym53 if false { } else { - *yyv49 = r.DecodeBytes(*(*[]byte)(yyv49), false, false) + *yyv52 = r.DecodeBytes(*(*[]byte)(yyv52), false, false) + } + } + case "usages": + if r.TryDecodeAsNil() { + x.Usages = nil + } else { + yyv54 := &x.Usages + yym55 := z.DecBinary() + _ = yym55 + if false { + } else { + h.decSliceKeyUsage((*[]KeyUsage)(yyv54), d) } } case "username": @@ -646,18 +692,18 @@ func (x *CertificateSigningRequestSpec) codecDecodeSelfFromMap(l int, d *codec19 if r.TryDecodeAsNil() { x.Groups = nil } else { - yyv53 := &x.Groups - yym54 := z.DecBinary() - _ = yym54 + yyv58 := &x.Groups + yym59 := z.DecBinary() + _ = yym59 if false { } else { - z.F.DecSliceStringX(yyv53, false, d) + z.F.DecSliceStringX(yyv58, false, d) } } default: - z.DecStructFieldNotFound(-1, yys48) - } // end switch yys48 - } // end for yyj48 + z.DecStructFieldNotFound(-1, yys51) + } // end switch yys51 + } // end for yyj51 z.DecSendContainerState(codecSelfer_containerMapEnd1234) } @@ -665,16 +711,16 @@ func (x *CertificateSigningRequestSpec) codecDecodeSelfFromArray(l int, d *codec var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - var yyj55 int - var yyb55 bool - var yyhl55 bool = l >= 0 - yyj55++ - if yyhl55 { - yyb55 = yyj55 > l + var yyj60 int + var yyb60 bool + var yyhl60 bool = l >= 0 + yyj60++ + if yyhl60 { + yyb60 = yyj60 > l } else { - yyb55 = r.CheckBreak() + yyb60 = r.CheckBreak() } - if yyb55 { + if yyb60 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -682,21 +728,43 @@ func (x *CertificateSigningRequestSpec) codecDecodeSelfFromArray(l int, d *codec if r.TryDecodeAsNil() { x.Request = nil } else { - yyv56 := &x.Request - yym57 := z.DecBinary() - _ = yym57 + yyv61 := &x.Request + yym62 := z.DecBinary() + _ = yym62 if false { } else { - *yyv56 = r.DecodeBytes(*(*[]byte)(yyv56), false, false) + *yyv61 = r.DecodeBytes(*(*[]byte)(yyv61), false, false) } } - yyj55++ - if yyhl55 { - yyb55 = yyj55 > l + yyj60++ + if yyhl60 { + yyb60 = yyj60 > l } else { - yyb55 = r.CheckBreak() + yyb60 = r.CheckBreak() } - if yyb55 { + if yyb60 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.Usages = nil + } else { + yyv63 := &x.Usages + yym64 := z.DecBinary() + _ = yym64 + if false { + } else { + h.decSliceKeyUsage((*[]KeyUsage)(yyv63), d) + } + } + yyj60++ + if yyhl60 { + yyb60 = yyj60 > l + } else { + yyb60 = r.CheckBreak() + } + if yyb60 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -706,13 +774,13 @@ func (x *CertificateSigningRequestSpec) codecDecodeSelfFromArray(l int, d *codec } else { x.Username = string(r.DecodeString()) } - yyj55++ - if yyhl55 { - yyb55 = yyj55 > l + yyj60++ + if yyhl60 { + yyb60 = yyj60 > l } else { - yyb55 = r.CheckBreak() + yyb60 = r.CheckBreak() } - if yyb55 { + if yyb60 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -722,13 +790,13 @@ func (x *CertificateSigningRequestSpec) codecDecodeSelfFromArray(l int, d *codec } else { x.UID = string(r.DecodeString()) } - yyj55++ - if yyhl55 { - yyb55 = yyj55 > l + yyj60++ + if yyhl60 { + yyb60 = yyj60 > l } else { - yyb55 = r.CheckBreak() + yyb60 = r.CheckBreak() } - if yyb55 { + if yyb60 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -736,26 +804,26 @@ func (x *CertificateSigningRequestSpec) codecDecodeSelfFromArray(l int, d *codec if r.TryDecodeAsNil() { x.Groups = nil } else { - yyv60 := &x.Groups - yym61 := z.DecBinary() - _ = yym61 + yyv67 := &x.Groups + yym68 := z.DecBinary() + _ = yym68 if false { } else { - z.F.DecSliceStringX(yyv60, false, d) + z.F.DecSliceStringX(yyv67, false, d) } } for { - yyj55++ - if yyhl55 { - yyb55 = yyj55 > l + yyj60++ + if yyhl60 { + yyb60 = yyj60 > l } else { - yyb55 = r.CheckBreak() + yyb60 = r.CheckBreak() } - if yyb55 { + if yyb60 { break } z.DecSendContainerState(codecSelfer_containerArrayElem1234) - z.DecStructFieldNotFound(yyj55-1, "") + z.DecStructFieldNotFound(yyj60-1, "") } z.DecSendContainerState(codecSelfer_containerArrayEnd1234) } @@ -767,39 +835,39 @@ func (x *CertificateSigningRequestStatus) CodecEncodeSelf(e *codec1978.Encoder) if x == nil { r.EncodeNil() } else { - yym62 := z.EncBinary() - _ = yym62 + yym69 := z.EncBinary() + _ = yym69 if false { } else if z.HasExtensions() && z.EncExt(x) { } else { - yysep63 := !z.EncBinary() - yy2arr63 := z.EncBasicHandle().StructToArray - var yyq63 [2]bool - _, _, _ = yysep63, yyq63, yy2arr63 - const yyr63 bool = false - yyq63[0] = len(x.Conditions) != 0 - yyq63[1] = len(x.Certificate) != 0 - var yynn63 int - if yyr63 || yy2arr63 { + yysep70 := !z.EncBinary() + yy2arr70 := z.EncBasicHandle().StructToArray + var yyq70 [2]bool + _, _, _ = yysep70, yyq70, yy2arr70 + const yyr70 bool = false + yyq70[0] = len(x.Conditions) != 0 + yyq70[1] = len(x.Certificate) != 0 + var yynn70 int + if yyr70 || yy2arr70 { r.EncodeArrayStart(2) } else { - yynn63 = 0 - for _, b := range yyq63 { + yynn70 = 0 + for _, b := range yyq70 { if b { - yynn63++ + yynn70++ } } - r.EncodeMapStart(yynn63) - yynn63 = 0 + r.EncodeMapStart(yynn70) + yynn70 = 0 } - if yyr63 || yy2arr63 { + if yyr70 || yy2arr70 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq63[0] { + if yyq70[0] { if x.Conditions == nil { r.EncodeNil() } else { - yym65 := z.EncBinary() - _ = yym65 + yym72 := z.EncBinary() + _ = yym72 if false { } else { h.encSliceCertificateSigningRequestCondition(([]CertificateSigningRequestCondition)(x.Conditions), e) @@ -809,15 +877,15 @@ func (x *CertificateSigningRequestStatus) CodecEncodeSelf(e *codec1978.Encoder) r.EncodeNil() } } else { - if yyq63[0] { + if yyq70[0] { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("conditions")) z.EncSendContainerState(codecSelfer_containerMapValue1234) if x.Conditions == nil { r.EncodeNil() } else { - yym66 := z.EncBinary() - _ = yym66 + yym73 := z.EncBinary() + _ = yym73 if false { } else { h.encSliceCertificateSigningRequestCondition(([]CertificateSigningRequestCondition)(x.Conditions), e) @@ -825,14 +893,14 @@ func (x *CertificateSigningRequestStatus) CodecEncodeSelf(e *codec1978.Encoder) } } } - if yyr63 || yy2arr63 { + if yyr70 || yy2arr70 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq63[1] { + if yyq70[1] { if x.Certificate == nil { r.EncodeNil() } else { - yym68 := z.EncBinary() - _ = yym68 + yym75 := z.EncBinary() + _ = yym75 if false { } else { r.EncodeStringBytes(codecSelferC_RAW1234, []byte(x.Certificate)) @@ -842,15 +910,15 @@ func (x *CertificateSigningRequestStatus) CodecEncodeSelf(e *codec1978.Encoder) r.EncodeNil() } } else { - if yyq63[1] { + if yyq70[1] { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("certificate")) z.EncSendContainerState(codecSelfer_containerMapValue1234) if x.Certificate == nil { r.EncodeNil() } else { - yym69 := z.EncBinary() - _ = yym69 + yym76 := z.EncBinary() + _ = yym76 if false { } else { r.EncodeStringBytes(codecSelferC_RAW1234, []byte(x.Certificate)) @@ -858,7 +926,7 @@ func (x *CertificateSigningRequestStatus) CodecEncodeSelf(e *codec1978.Encoder) } } } - if yyr63 || yy2arr63 { + if yyr70 || yy2arr70 { z.EncSendContainerState(codecSelfer_containerArrayEnd1234) } else { z.EncSendContainerState(codecSelfer_containerMapEnd1234) @@ -871,25 +939,25 @@ func (x *CertificateSigningRequestStatus) CodecDecodeSelf(d *codec1978.Decoder) var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - yym70 := z.DecBinary() - _ = yym70 + yym77 := z.DecBinary() + _ = yym77 if false { } else if z.HasExtensions() && z.DecExt(x) { } else { - yyct71 := r.ContainerType() - if yyct71 == codecSelferValueTypeMap1234 { - yyl71 := r.ReadMapStart() - if yyl71 == 0 { + yyct78 := r.ContainerType() + if yyct78 == codecSelferValueTypeMap1234 { + yyl78 := r.ReadMapStart() + if yyl78 == 0 { z.DecSendContainerState(codecSelfer_containerMapEnd1234) } else { - x.codecDecodeSelfFromMap(yyl71, d) + x.codecDecodeSelfFromMap(yyl78, d) } - } else if yyct71 == codecSelferValueTypeArray1234 { - yyl71 := r.ReadArrayStart() - if yyl71 == 0 { + } else if yyct78 == codecSelferValueTypeArray1234 { + yyl78 := r.ReadArrayStart() + if yyl78 == 0 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) } else { - x.codecDecodeSelfFromArray(yyl71, d) + x.codecDecodeSelfFromArray(yyl78, d) } } else { panic(codecSelferOnlyMapOrArrayEncodeToStructErr1234) @@ -901,12 +969,12 @@ func (x *CertificateSigningRequestStatus) codecDecodeSelfFromMap(l int, d *codec var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - var yys72Slc = z.DecScratchBuffer() // default slice to decode into - _ = yys72Slc - var yyhl72 bool = l >= 0 - for yyj72 := 0; ; yyj72++ { - if yyhl72 { - if yyj72 >= l { + var yys79Slc = z.DecScratchBuffer() // default slice to decode into + _ = yys79Slc + var yyhl79 bool = l >= 0 + for yyj79 := 0; ; yyj79++ { + if yyhl79 { + if yyj79 >= l { break } } else { @@ -915,38 +983,38 @@ func (x *CertificateSigningRequestStatus) codecDecodeSelfFromMap(l int, d *codec } } z.DecSendContainerState(codecSelfer_containerMapKey1234) - yys72Slc = r.DecodeBytes(yys72Slc, true, true) - yys72 := string(yys72Slc) + yys79Slc = r.DecodeBytes(yys79Slc, true, true) + yys79 := string(yys79Slc) z.DecSendContainerState(codecSelfer_containerMapValue1234) - switch yys72 { + switch yys79 { case "conditions": if r.TryDecodeAsNil() { x.Conditions = nil } else { - yyv73 := &x.Conditions - yym74 := z.DecBinary() - _ = yym74 + yyv80 := &x.Conditions + yym81 := z.DecBinary() + _ = yym81 if false { } else { - h.decSliceCertificateSigningRequestCondition((*[]CertificateSigningRequestCondition)(yyv73), d) + h.decSliceCertificateSigningRequestCondition((*[]CertificateSigningRequestCondition)(yyv80), d) } } case "certificate": if r.TryDecodeAsNil() { x.Certificate = nil } else { - yyv75 := &x.Certificate - yym76 := z.DecBinary() - _ = yym76 + yyv82 := &x.Certificate + yym83 := z.DecBinary() + _ = yym83 if false { } else { - *yyv75 = r.DecodeBytes(*(*[]byte)(yyv75), false, false) + *yyv82 = r.DecodeBytes(*(*[]byte)(yyv82), false, false) } } default: - z.DecStructFieldNotFound(-1, yys72) - } // end switch yys72 - } // end for yyj72 + z.DecStructFieldNotFound(-1, yys79) + } // end switch yys79 + } // end for yyj79 z.DecSendContainerState(codecSelfer_containerMapEnd1234) } @@ -954,16 +1022,16 @@ func (x *CertificateSigningRequestStatus) codecDecodeSelfFromArray(l int, d *cod var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - var yyj77 int - var yyb77 bool - var yyhl77 bool = l >= 0 - yyj77++ - if yyhl77 { - yyb77 = yyj77 > l + var yyj84 int + var yyb84 bool + var yyhl84 bool = l >= 0 + yyj84++ + if yyhl84 { + yyb84 = yyj84 > l } else { - yyb77 = r.CheckBreak() + yyb84 = r.CheckBreak() } - if yyb77 { + if yyb84 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -971,21 +1039,21 @@ func (x *CertificateSigningRequestStatus) codecDecodeSelfFromArray(l int, d *cod if r.TryDecodeAsNil() { x.Conditions = nil } else { - yyv78 := &x.Conditions - yym79 := z.DecBinary() - _ = yym79 + yyv85 := &x.Conditions + yym86 := z.DecBinary() + _ = yym86 if false { } else { - h.decSliceCertificateSigningRequestCondition((*[]CertificateSigningRequestCondition)(yyv78), d) + h.decSliceCertificateSigningRequestCondition((*[]CertificateSigningRequestCondition)(yyv85), d) } } - yyj77++ - if yyhl77 { - yyb77 = yyj77 > l + yyj84++ + if yyhl84 { + yyb84 = yyj84 > l } else { - yyb77 = r.CheckBreak() + yyb84 = r.CheckBreak() } - if yyb77 { + if yyb84 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -993,26 +1061,26 @@ func (x *CertificateSigningRequestStatus) codecDecodeSelfFromArray(l int, d *cod if r.TryDecodeAsNil() { x.Certificate = nil } else { - yyv80 := &x.Certificate - yym81 := z.DecBinary() - _ = yym81 + yyv87 := &x.Certificate + yym88 := z.DecBinary() + _ = yym88 if false { } else { - *yyv80 = r.DecodeBytes(*(*[]byte)(yyv80), false, false) + *yyv87 = r.DecodeBytes(*(*[]byte)(yyv87), false, false) } } for { - yyj77++ - if yyhl77 { - yyb77 = yyj77 > l + yyj84++ + if yyhl84 { + yyb84 = yyj84 > l } else { - yyb77 = r.CheckBreak() + yyb84 = r.CheckBreak() } - if yyb77 { + if yyb84 { break } z.DecSendContainerState(codecSelfer_containerArrayElem1234) - z.DecStructFieldNotFound(yyj77-1, "") + z.DecStructFieldNotFound(yyj84-1, "") } z.DecSendContainerState(codecSelfer_containerArrayEnd1234) } @@ -1021,8 +1089,8 @@ func (x RequestConditionType) CodecEncodeSelf(e *codec1978.Encoder) { var h codecSelfer1234 z, r := codec1978.GenHelperEncoder(e) _, _, _ = h, z, r - yym82 := z.EncBinary() - _ = yym82 + yym89 := z.EncBinary() + _ = yym89 if false { } else if z.HasExtensions() && z.EncExt(x) { } else { @@ -1034,8 +1102,8 @@ func (x *RequestConditionType) CodecDecodeSelf(d *codec1978.Decoder) { var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - yym83 := z.DecBinary() - _ = yym83 + yym90 := z.DecBinary() + _ = yym90 if false { } else if z.HasExtensions() && z.DecExt(x) { } else { @@ -1050,33 +1118,33 @@ func (x *CertificateSigningRequestCondition) CodecEncodeSelf(e *codec1978.Encode if x == nil { r.EncodeNil() } else { - yym84 := z.EncBinary() - _ = yym84 + yym91 := z.EncBinary() + _ = yym91 if false { } else if z.HasExtensions() && z.EncExt(x) { } else { - yysep85 := !z.EncBinary() - yy2arr85 := z.EncBasicHandle().StructToArray - var yyq85 [4]bool - _, _, _ = yysep85, yyq85, yy2arr85 - const yyr85 bool = false - yyq85[1] = x.Reason != "" - yyq85[2] = x.Message != "" - yyq85[3] = true - var yynn85 int - if yyr85 || yy2arr85 { + yysep92 := !z.EncBinary() + yy2arr92 := z.EncBasicHandle().StructToArray + var yyq92 [4]bool + _, _, _ = yysep92, yyq92, yy2arr92 + const yyr92 bool = false + yyq92[1] = x.Reason != "" + yyq92[2] = x.Message != "" + yyq92[3] = true + var yynn92 int + if yyr92 || yy2arr92 { r.EncodeArrayStart(4) } else { - yynn85 = 1 - for _, b := range yyq85 { + yynn92 = 1 + for _, b := range yyq92 { if b { - yynn85++ + yynn92++ } } - r.EncodeMapStart(yynn85) - yynn85 = 0 + r.EncodeMapStart(yynn92) + yynn92 = 0 } - if yyr85 || yy2arr85 { + if yyr92 || yy2arr92 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) x.Type.CodecEncodeSelf(e) } else { @@ -1085,94 +1153,94 @@ func (x *CertificateSigningRequestCondition) CodecEncodeSelf(e *codec1978.Encode z.EncSendContainerState(codecSelfer_containerMapValue1234) x.Type.CodecEncodeSelf(e) } - if yyr85 || yy2arr85 { + if yyr92 || yy2arr92 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq85[1] { - yym88 := z.EncBinary() - _ = yym88 - if false { - } else { - r.EncodeString(codecSelferC_UTF81234, string(x.Reason)) - } - } else { - r.EncodeString(codecSelferC_UTF81234, "") - } - } else { - if yyq85[1] { - z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("reason")) - z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym89 := z.EncBinary() - _ = yym89 - if false { - } else { - r.EncodeString(codecSelferC_UTF81234, string(x.Reason)) - } - } - } - if yyr85 || yy2arr85 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq85[2] { - yym91 := z.EncBinary() - _ = yym91 - if false { - } else { - r.EncodeString(codecSelferC_UTF81234, string(x.Message)) - } - } else { - r.EncodeString(codecSelferC_UTF81234, "") - } - } else { - if yyq85[2] { - z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("message")) - z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym92 := z.EncBinary() - _ = yym92 - if false { - } else { - r.EncodeString(codecSelferC_UTF81234, string(x.Message)) - } - } - } - if yyr85 || yy2arr85 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq85[3] { - yy94 := &x.LastUpdateTime + if yyq92[1] { yym95 := z.EncBinary() _ = yym95 if false { - } else if z.HasExtensions() && z.EncExt(yy94) { - } else if yym95 { - z.EncBinaryMarshal(yy94) - } else if !yym95 && z.IsJSONHandle() { - z.EncJSONMarshal(yy94) } else { - z.EncFallback(yy94) + r.EncodeString(codecSelferC_UTF81234, string(x.Reason)) + } + } else { + r.EncodeString(codecSelferC_UTF81234, "") + } + } else { + if yyq92[1] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("reason")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yym96 := z.EncBinary() + _ = yym96 + if false { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x.Reason)) + } + } + } + if yyr92 || yy2arr92 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq92[2] { + yym98 := z.EncBinary() + _ = yym98 + if false { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x.Message)) + } + } else { + r.EncodeString(codecSelferC_UTF81234, "") + } + } else { + if yyq92[2] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("message")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yym99 := z.EncBinary() + _ = yym99 + if false { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x.Message)) + } + } + } + if yyr92 || yy2arr92 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq92[3] { + yy101 := &x.LastUpdateTime + yym102 := z.EncBinary() + _ = yym102 + if false { + } else if z.HasExtensions() && z.EncExt(yy101) { + } else if yym102 { + z.EncBinaryMarshal(yy101) + } else if !yym102 && z.IsJSONHandle() { + z.EncJSONMarshal(yy101) + } else { + z.EncFallback(yy101) } } else { r.EncodeNil() } } else { - if yyq85[3] { + if yyq92[3] { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("lastUpdateTime")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy96 := &x.LastUpdateTime - yym97 := z.EncBinary() - _ = yym97 + yy103 := &x.LastUpdateTime + yym104 := z.EncBinary() + _ = yym104 if false { - } else if z.HasExtensions() && z.EncExt(yy96) { - } else if yym97 { - z.EncBinaryMarshal(yy96) - } else if !yym97 && z.IsJSONHandle() { - z.EncJSONMarshal(yy96) + } else if z.HasExtensions() && z.EncExt(yy103) { + } else if yym104 { + z.EncBinaryMarshal(yy103) + } else if !yym104 && z.IsJSONHandle() { + z.EncJSONMarshal(yy103) } else { - z.EncFallback(yy96) + z.EncFallback(yy103) } } } - if yyr85 || yy2arr85 { + if yyr92 || yy2arr92 { z.EncSendContainerState(codecSelfer_containerArrayEnd1234) } else { z.EncSendContainerState(codecSelfer_containerMapEnd1234) @@ -1185,25 +1253,25 @@ func (x *CertificateSigningRequestCondition) CodecDecodeSelf(d *codec1978.Decode var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - yym98 := z.DecBinary() - _ = yym98 + yym105 := z.DecBinary() + _ = yym105 if false { } else if z.HasExtensions() && z.DecExt(x) { } else { - yyct99 := r.ContainerType() - if yyct99 == codecSelferValueTypeMap1234 { - yyl99 := r.ReadMapStart() - if yyl99 == 0 { + yyct106 := r.ContainerType() + if yyct106 == codecSelferValueTypeMap1234 { + yyl106 := r.ReadMapStart() + if yyl106 == 0 { z.DecSendContainerState(codecSelfer_containerMapEnd1234) } else { - x.codecDecodeSelfFromMap(yyl99, d) + x.codecDecodeSelfFromMap(yyl106, d) } - } else if yyct99 == codecSelferValueTypeArray1234 { - yyl99 := r.ReadArrayStart() - if yyl99 == 0 { + } else if yyct106 == codecSelferValueTypeArray1234 { + yyl106 := r.ReadArrayStart() + if yyl106 == 0 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) } else { - x.codecDecodeSelfFromArray(yyl99, d) + x.codecDecodeSelfFromArray(yyl106, d) } } else { panic(codecSelferOnlyMapOrArrayEncodeToStructErr1234) @@ -1215,12 +1283,12 @@ func (x *CertificateSigningRequestCondition) codecDecodeSelfFromMap(l int, d *co var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - var yys100Slc = z.DecScratchBuffer() // default slice to decode into - _ = yys100Slc - var yyhl100 bool = l >= 0 - for yyj100 := 0; ; yyj100++ { - if yyhl100 { - if yyj100 >= l { + var yys107Slc = z.DecScratchBuffer() // default slice to decode into + _ = yys107Slc + var yyhl107 bool = l >= 0 + for yyj107 := 0; ; yyj107++ { + if yyhl107 { + if yyj107 >= l { break } } else { @@ -1229,10 +1297,10 @@ func (x *CertificateSigningRequestCondition) codecDecodeSelfFromMap(l int, d *co } } z.DecSendContainerState(codecSelfer_containerMapKey1234) - yys100Slc = r.DecodeBytes(yys100Slc, true, true) - yys100 := string(yys100Slc) + yys107Slc = r.DecodeBytes(yys107Slc, true, true) + yys107 := string(yys107Slc) z.DecSendContainerState(codecSelfer_containerMapValue1234) - switch yys100 { + switch yys107 { case "type": if r.TryDecodeAsNil() { x.Type = "" @@ -1255,23 +1323,23 @@ func (x *CertificateSigningRequestCondition) codecDecodeSelfFromMap(l int, d *co if r.TryDecodeAsNil() { x.LastUpdateTime = pkg1_v1.Time{} } else { - yyv104 := &x.LastUpdateTime - yym105 := z.DecBinary() - _ = yym105 + yyv111 := &x.LastUpdateTime + yym112 := z.DecBinary() + _ = yym112 if false { - } else if z.HasExtensions() && z.DecExt(yyv104) { - } else if yym105 { - z.DecBinaryUnmarshal(yyv104) - } else if !yym105 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv104) + } else if z.HasExtensions() && z.DecExt(yyv111) { + } else if yym112 { + z.DecBinaryUnmarshal(yyv111) + } else if !yym112 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv111) } else { - z.DecFallback(yyv104, false) + z.DecFallback(yyv111, false) } } default: - z.DecStructFieldNotFound(-1, yys100) - } // end switch yys100 - } // end for yyj100 + z.DecStructFieldNotFound(-1, yys107) + } // end switch yys107 + } // end for yyj107 z.DecSendContainerState(codecSelfer_containerMapEnd1234) } @@ -1279,16 +1347,16 @@ func (x *CertificateSigningRequestCondition) codecDecodeSelfFromArray(l int, d * var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - var yyj106 int - var yyb106 bool - var yyhl106 bool = l >= 0 - yyj106++ - if yyhl106 { - yyb106 = yyj106 > l + var yyj113 int + var yyb113 bool + var yyhl113 bool = l >= 0 + yyj113++ + if yyhl113 { + yyb113 = yyj113 > l } else { - yyb106 = r.CheckBreak() + yyb113 = r.CheckBreak() } - if yyb106 { + if yyb113 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -1298,13 +1366,13 @@ func (x *CertificateSigningRequestCondition) codecDecodeSelfFromArray(l int, d * } else { x.Type = RequestConditionType(r.DecodeString()) } - yyj106++ - if yyhl106 { - yyb106 = yyj106 > l + yyj113++ + if yyhl113 { + yyb113 = yyj113 > l } else { - yyb106 = r.CheckBreak() + yyb113 = r.CheckBreak() } - if yyb106 { + if yyb113 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -1314,13 +1382,13 @@ func (x *CertificateSigningRequestCondition) codecDecodeSelfFromArray(l int, d * } else { x.Reason = string(r.DecodeString()) } - yyj106++ - if yyhl106 { - yyb106 = yyj106 > l + yyj113++ + if yyhl113 { + yyb113 = yyj113 > l } else { - yyb106 = r.CheckBreak() + yyb113 = r.CheckBreak() } - if yyb106 { + if yyb113 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -1330,13 +1398,13 @@ func (x *CertificateSigningRequestCondition) codecDecodeSelfFromArray(l int, d * } else { x.Message = string(r.DecodeString()) } - yyj106++ - if yyhl106 { - yyb106 = yyj106 > l + yyj113++ + if yyhl113 { + yyb113 = yyj113 > l } else { - yyb106 = r.CheckBreak() + yyb113 = r.CheckBreak() } - if yyb106 { + if yyb113 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -1344,31 +1412,31 @@ func (x *CertificateSigningRequestCondition) codecDecodeSelfFromArray(l int, d * if r.TryDecodeAsNil() { x.LastUpdateTime = pkg1_v1.Time{} } else { - yyv110 := &x.LastUpdateTime - yym111 := z.DecBinary() - _ = yym111 + yyv117 := &x.LastUpdateTime + yym118 := z.DecBinary() + _ = yym118 if false { - } else if z.HasExtensions() && z.DecExt(yyv110) { - } else if yym111 { - z.DecBinaryUnmarshal(yyv110) - } else if !yym111 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv110) + } else if z.HasExtensions() && z.DecExt(yyv117) { + } else if yym118 { + z.DecBinaryUnmarshal(yyv117) + } else if !yym118 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv117) } else { - z.DecFallback(yyv110, false) + z.DecFallback(yyv117, false) } } for { - yyj106++ - if yyhl106 { - yyb106 = yyj106 > l + yyj113++ + if yyhl113 { + yyb113 = yyj113 > l } else { - yyb106 = r.CheckBreak() + yyb113 = r.CheckBreak() } - if yyb106 { + if yyb113 { break } z.DecSendContainerState(codecSelfer_containerArrayElem1234) - z.DecStructFieldNotFound(yyj106-1, "") + z.DecStructFieldNotFound(yyj113-1, "") } z.DecSendContainerState(codecSelfer_containerArrayEnd1234) } @@ -1380,118 +1448,118 @@ func (x *CertificateSigningRequestList) CodecEncodeSelf(e *codec1978.Encoder) { if x == nil { r.EncodeNil() } else { - yym112 := z.EncBinary() - _ = yym112 + yym119 := z.EncBinary() + _ = yym119 if false { } else if z.HasExtensions() && z.EncExt(x) { } else { - yysep113 := !z.EncBinary() - yy2arr113 := z.EncBasicHandle().StructToArray - var yyq113 [4]bool - _, _, _ = yysep113, yyq113, yy2arr113 - const yyr113 bool = false - yyq113[0] = x.Kind != "" - yyq113[1] = x.APIVersion != "" - yyq113[2] = true - var yynn113 int - if yyr113 || yy2arr113 { + yysep120 := !z.EncBinary() + yy2arr120 := z.EncBasicHandle().StructToArray + var yyq120 [4]bool + _, _, _ = yysep120, yyq120, yy2arr120 + const yyr120 bool = false + yyq120[0] = x.Kind != "" + yyq120[1] = x.APIVersion != "" + yyq120[2] = true + var yynn120 int + if yyr120 || yy2arr120 { r.EncodeArrayStart(4) } else { - yynn113 = 1 - for _, b := range yyq113 { + yynn120 = 1 + for _, b := range yyq120 { if b { - yynn113++ + yynn120++ } } - r.EncodeMapStart(yynn113) - yynn113 = 0 + r.EncodeMapStart(yynn120) + yynn120 = 0 } - if yyr113 || yy2arr113 { + if yyr120 || yy2arr120 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq113[0] { - yym115 := z.EncBinary() - _ = yym115 - if false { - } else { - r.EncodeString(codecSelferC_UTF81234, string(x.Kind)) - } - } else { - r.EncodeString(codecSelferC_UTF81234, "") - } - } else { - if yyq113[0] { - z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("kind")) - z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym116 := z.EncBinary() - _ = yym116 - if false { - } else { - r.EncodeString(codecSelferC_UTF81234, string(x.Kind)) - } - } - } - if yyr113 || yy2arr113 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq113[1] { - yym118 := z.EncBinary() - _ = yym118 - if false { - } else { - r.EncodeString(codecSelferC_UTF81234, string(x.APIVersion)) - } - } else { - r.EncodeString(codecSelferC_UTF81234, "") - } - } else { - if yyq113[1] { - z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("apiVersion")) - z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym119 := z.EncBinary() - _ = yym119 - if false { - } else { - r.EncodeString(codecSelferC_UTF81234, string(x.APIVersion)) - } - } - } - if yyr113 || yy2arr113 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq113[2] { - yy121 := &x.ListMeta + if yyq120[0] { yym122 := z.EncBinary() _ = yym122 if false { - } else if z.HasExtensions() && z.EncExt(yy121) { } else { - z.EncFallback(yy121) + r.EncodeString(codecSelferC_UTF81234, string(x.Kind)) + } + } else { + r.EncodeString(codecSelferC_UTF81234, "") + } + } else { + if yyq120[0] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("kind")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yym123 := z.EncBinary() + _ = yym123 + if false { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x.Kind)) + } + } + } + if yyr120 || yy2arr120 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq120[1] { + yym125 := z.EncBinary() + _ = yym125 + if false { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x.APIVersion)) + } + } else { + r.EncodeString(codecSelferC_UTF81234, "") + } + } else { + if yyq120[1] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("apiVersion")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yym126 := z.EncBinary() + _ = yym126 + if false { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x.APIVersion)) + } + } + } + if yyr120 || yy2arr120 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq120[2] { + yy128 := &x.ListMeta + yym129 := z.EncBinary() + _ = yym129 + if false { + } else if z.HasExtensions() && z.EncExt(yy128) { + } else { + z.EncFallback(yy128) } } else { r.EncodeNil() } } else { - if yyq113[2] { + if yyq120[2] { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("metadata")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy123 := &x.ListMeta - yym124 := z.EncBinary() - _ = yym124 + yy130 := &x.ListMeta + yym131 := z.EncBinary() + _ = yym131 if false { - } else if z.HasExtensions() && z.EncExt(yy123) { + } else if z.HasExtensions() && z.EncExt(yy130) { } else { - z.EncFallback(yy123) + z.EncFallback(yy130) } } } - if yyr113 || yy2arr113 { + if yyr120 || yy2arr120 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) if x.Items == nil { r.EncodeNil() } else { - yym126 := z.EncBinary() - _ = yym126 + yym133 := z.EncBinary() + _ = yym133 if false { } else { h.encSliceCertificateSigningRequest(([]CertificateSigningRequest)(x.Items), e) @@ -1504,15 +1572,15 @@ func (x *CertificateSigningRequestList) CodecEncodeSelf(e *codec1978.Encoder) { if x.Items == nil { r.EncodeNil() } else { - yym127 := z.EncBinary() - _ = yym127 + yym134 := z.EncBinary() + _ = yym134 if false { } else { h.encSliceCertificateSigningRequest(([]CertificateSigningRequest)(x.Items), e) } } } - if yyr113 || yy2arr113 { + if yyr120 || yy2arr120 { z.EncSendContainerState(codecSelfer_containerArrayEnd1234) } else { z.EncSendContainerState(codecSelfer_containerMapEnd1234) @@ -1525,25 +1593,25 @@ func (x *CertificateSigningRequestList) CodecDecodeSelf(d *codec1978.Decoder) { var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - yym128 := z.DecBinary() - _ = yym128 + yym135 := z.DecBinary() + _ = yym135 if false { } else if z.HasExtensions() && z.DecExt(x) { } else { - yyct129 := r.ContainerType() - if yyct129 == codecSelferValueTypeMap1234 { - yyl129 := r.ReadMapStart() - if yyl129 == 0 { + yyct136 := r.ContainerType() + if yyct136 == codecSelferValueTypeMap1234 { + yyl136 := r.ReadMapStart() + if yyl136 == 0 { z.DecSendContainerState(codecSelfer_containerMapEnd1234) } else { - x.codecDecodeSelfFromMap(yyl129, d) + x.codecDecodeSelfFromMap(yyl136, d) } - } else if yyct129 == codecSelferValueTypeArray1234 { - yyl129 := r.ReadArrayStart() - if yyl129 == 0 { + } else if yyct136 == codecSelferValueTypeArray1234 { + yyl136 := r.ReadArrayStart() + if yyl136 == 0 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) } else { - x.codecDecodeSelfFromArray(yyl129, d) + x.codecDecodeSelfFromArray(yyl136, d) } } else { panic(codecSelferOnlyMapOrArrayEncodeToStructErr1234) @@ -1555,12 +1623,12 @@ func (x *CertificateSigningRequestList) codecDecodeSelfFromMap(l int, d *codec19 var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - var yys130Slc = z.DecScratchBuffer() // default slice to decode into - _ = yys130Slc - var yyhl130 bool = l >= 0 - for yyj130 := 0; ; yyj130++ { - if yyhl130 { - if yyj130 >= l { + var yys137Slc = z.DecScratchBuffer() // default slice to decode into + _ = yys137Slc + var yyhl137 bool = l >= 0 + for yyj137 := 0; ; yyj137++ { + if yyhl137 { + if yyj137 >= l { break } } else { @@ -1569,10 +1637,10 @@ func (x *CertificateSigningRequestList) codecDecodeSelfFromMap(l int, d *codec19 } } z.DecSendContainerState(codecSelfer_containerMapKey1234) - yys130Slc = r.DecodeBytes(yys130Slc, true, true) - yys130 := string(yys130Slc) + yys137Slc = r.DecodeBytes(yys137Slc, true, true) + yys137 := string(yys137Slc) z.DecSendContainerState(codecSelfer_containerMapValue1234) - switch yys130 { + switch yys137 { case "kind": if r.TryDecodeAsNil() { x.Kind = "" @@ -1589,31 +1657,31 @@ func (x *CertificateSigningRequestList) codecDecodeSelfFromMap(l int, d *codec19 if r.TryDecodeAsNil() { x.ListMeta = pkg1_v1.ListMeta{} } else { - yyv133 := &x.ListMeta - yym134 := z.DecBinary() - _ = yym134 + yyv140 := &x.ListMeta + yym141 := z.DecBinary() + _ = yym141 if false { - } else if z.HasExtensions() && z.DecExt(yyv133) { + } else if z.HasExtensions() && z.DecExt(yyv140) { } else { - z.DecFallback(yyv133, false) + z.DecFallback(yyv140, false) } } case "items": if r.TryDecodeAsNil() { x.Items = nil } else { - yyv135 := &x.Items - yym136 := z.DecBinary() - _ = yym136 + yyv142 := &x.Items + yym143 := z.DecBinary() + _ = yym143 if false { } else { - h.decSliceCertificateSigningRequest((*[]CertificateSigningRequest)(yyv135), d) + h.decSliceCertificateSigningRequest((*[]CertificateSigningRequest)(yyv142), d) } } default: - z.DecStructFieldNotFound(-1, yys130) - } // end switch yys130 - } // end for yyj130 + z.DecStructFieldNotFound(-1, yys137) + } // end switch yys137 + } // end for yyj137 z.DecSendContainerState(codecSelfer_containerMapEnd1234) } @@ -1621,16 +1689,16 @@ func (x *CertificateSigningRequestList) codecDecodeSelfFromArray(l int, d *codec var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - var yyj137 int - var yyb137 bool - var yyhl137 bool = l >= 0 - yyj137++ - if yyhl137 { - yyb137 = yyj137 > l + var yyj144 int + var yyb144 bool + var yyhl144 bool = l >= 0 + yyj144++ + if yyhl144 { + yyb144 = yyj144 > l } else { - yyb137 = r.CheckBreak() + yyb144 = r.CheckBreak() } - if yyb137 { + if yyb144 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -1640,13 +1708,13 @@ func (x *CertificateSigningRequestList) codecDecodeSelfFromArray(l int, d *codec } else { x.Kind = string(r.DecodeString()) } - yyj137++ - if yyhl137 { - yyb137 = yyj137 > l + yyj144++ + if yyhl144 { + yyb144 = yyj144 > l } else { - yyb137 = r.CheckBreak() + yyb144 = r.CheckBreak() } - if yyb137 { + if yyb144 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -1656,13 +1724,13 @@ func (x *CertificateSigningRequestList) codecDecodeSelfFromArray(l int, d *codec } else { x.APIVersion = string(r.DecodeString()) } - yyj137++ - if yyhl137 { - yyb137 = yyj137 > l + yyj144++ + if yyhl144 { + yyb144 = yyj144 > l } else { - yyb137 = r.CheckBreak() + yyb144 = r.CheckBreak() } - if yyb137 { + if yyb144 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -1670,22 +1738,22 @@ func (x *CertificateSigningRequestList) codecDecodeSelfFromArray(l int, d *codec if r.TryDecodeAsNil() { x.ListMeta = pkg1_v1.ListMeta{} } else { - yyv140 := &x.ListMeta - yym141 := z.DecBinary() - _ = yym141 + yyv147 := &x.ListMeta + yym148 := z.DecBinary() + _ = yym148 if false { - } else if z.HasExtensions() && z.DecExt(yyv140) { + } else if z.HasExtensions() && z.DecExt(yyv147) { } else { - z.DecFallback(yyv140, false) + z.DecFallback(yyv147, false) } } - yyj137++ - if yyhl137 { - yyb137 = yyj137 > l + yyj144++ + if yyhl144 { + yyb144 = yyj144 > l } else { - yyb137 = r.CheckBreak() + yyb144 = r.CheckBreak() } - if yyb137 { + if yyb144 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -1693,39 +1761,172 @@ func (x *CertificateSigningRequestList) codecDecodeSelfFromArray(l int, d *codec if r.TryDecodeAsNil() { x.Items = nil } else { - yyv142 := &x.Items - yym143 := z.DecBinary() - _ = yym143 + yyv149 := &x.Items + yym150 := z.DecBinary() + _ = yym150 if false { } else { - h.decSliceCertificateSigningRequest((*[]CertificateSigningRequest)(yyv142), d) + h.decSliceCertificateSigningRequest((*[]CertificateSigningRequest)(yyv149), d) } } for { - yyj137++ - if yyhl137 { - yyb137 = yyj137 > l + yyj144++ + if yyhl144 { + yyb144 = yyj144 > l } else { - yyb137 = r.CheckBreak() + yyb144 = r.CheckBreak() } - if yyb137 { + if yyb144 { break } z.DecSendContainerState(codecSelfer_containerArrayElem1234) - z.DecStructFieldNotFound(yyj137-1, "") + z.DecStructFieldNotFound(yyj144-1, "") } z.DecSendContainerState(codecSelfer_containerArrayEnd1234) } +func (x KeyUsage) CodecEncodeSelf(e *codec1978.Encoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperEncoder(e) + _, _, _ = h, z, r + yym151 := z.EncBinary() + _ = yym151 + if false { + } else if z.HasExtensions() && z.EncExt(x) { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x)) + } +} + +func (x *KeyUsage) CodecDecodeSelf(d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + yym152 := z.DecBinary() + _ = yym152 + if false { + } else if z.HasExtensions() && z.DecExt(x) { + } else { + *((*string)(x)) = r.DecodeString() + } +} + +func (x codecSelfer1234) encSliceKeyUsage(v []KeyUsage, e *codec1978.Encoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperEncoder(e) + _, _, _ = h, z, r + r.EncodeArrayStart(len(v)) + for _, yyv153 := range v { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yyv153.CodecEncodeSelf(e) + } + z.EncSendContainerState(codecSelfer_containerArrayEnd1234) +} + +func (x codecSelfer1234) decSliceKeyUsage(v *[]KeyUsage, d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + + yyv154 := *v + yyh154, yyl154 := z.DecSliceHelperStart() + var yyc154 bool + if yyl154 == 0 { + if yyv154 == nil { + yyv154 = []KeyUsage{} + yyc154 = true + } else if len(yyv154) != 0 { + yyv154 = yyv154[:0] + yyc154 = true + } + } else if yyl154 > 0 { + var yyrr154, yyrl154 int + var yyrt154 bool + if yyl154 > cap(yyv154) { + + yyrl154, yyrt154 = z.DecInferLen(yyl154, z.DecBasicHandle().MaxInitLen, 16) + if yyrt154 { + if yyrl154 <= cap(yyv154) { + yyv154 = yyv154[:yyrl154] + } else { + yyv154 = make([]KeyUsage, yyrl154) + } + } else { + yyv154 = make([]KeyUsage, yyrl154) + } + yyc154 = true + yyrr154 = len(yyv154) + } else if yyl154 != len(yyv154) { + yyv154 = yyv154[:yyl154] + yyc154 = true + } + yyj154 := 0 + for ; yyj154 < yyrr154; yyj154++ { + yyh154.ElemContainerState(yyj154) + if r.TryDecodeAsNil() { + yyv154[yyj154] = "" + } else { + yyv154[yyj154] = KeyUsage(r.DecodeString()) + } + + } + if yyrt154 { + for ; yyj154 < yyl154; yyj154++ { + yyv154 = append(yyv154, "") + yyh154.ElemContainerState(yyj154) + if r.TryDecodeAsNil() { + yyv154[yyj154] = "" + } else { + yyv154[yyj154] = KeyUsage(r.DecodeString()) + } + + } + } + + } else { + yyj154 := 0 + for ; !r.CheckBreak(); yyj154++ { + + if yyj154 >= len(yyv154) { + yyv154 = append(yyv154, "") // var yyz154 KeyUsage + yyc154 = true + } + yyh154.ElemContainerState(yyj154) + if yyj154 < len(yyv154) { + if r.TryDecodeAsNil() { + yyv154[yyj154] = "" + } else { + yyv154[yyj154] = KeyUsage(r.DecodeString()) + } + + } else { + z.DecSwallow() + } + + } + if yyj154 < len(yyv154) { + yyv154 = yyv154[:yyj154] + yyc154 = true + } else if yyj154 == 0 && yyv154 == nil { + yyv154 = []KeyUsage{} + yyc154 = true + } + } + yyh154.End() + if yyc154 { + *v = yyv154 + } +} + func (x codecSelfer1234) encSliceCertificateSigningRequestCondition(v []CertificateSigningRequestCondition, e *codec1978.Encoder) { var h codecSelfer1234 z, r := codec1978.GenHelperEncoder(e) _, _, _ = h, z, r r.EncodeArrayStart(len(v)) - for _, yyv144 := range v { + for _, yyv158 := range v { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy145 := &yyv144 - yy145.CodecEncodeSelf(e) + yy159 := &yyv158 + yy159.CodecEncodeSelf(e) } z.EncSendContainerState(codecSelfer_containerArrayEnd1234) } @@ -1735,83 +1936,83 @@ func (x codecSelfer1234) decSliceCertificateSigningRequestCondition(v *[]Certifi z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - yyv146 := *v - yyh146, yyl146 := z.DecSliceHelperStart() - var yyc146 bool - if yyl146 == 0 { - if yyv146 == nil { - yyv146 = []CertificateSigningRequestCondition{} - yyc146 = true - } else if len(yyv146) != 0 { - yyv146 = yyv146[:0] - yyc146 = true + yyv160 := *v + yyh160, yyl160 := z.DecSliceHelperStart() + var yyc160 bool + if yyl160 == 0 { + if yyv160 == nil { + yyv160 = []CertificateSigningRequestCondition{} + yyc160 = true + } else if len(yyv160) != 0 { + yyv160 = yyv160[:0] + yyc160 = true } - } else if yyl146 > 0 { - var yyrr146, yyrl146 int - var yyrt146 bool - if yyl146 > cap(yyv146) { + } else if yyl160 > 0 { + var yyrr160, yyrl160 int + var yyrt160 bool + if yyl160 > cap(yyv160) { - yyrg146 := len(yyv146) > 0 - yyv2146 := yyv146 - yyrl146, yyrt146 = z.DecInferLen(yyl146, z.DecBasicHandle().MaxInitLen, 72) - if yyrt146 { - if yyrl146 <= cap(yyv146) { - yyv146 = yyv146[:yyrl146] + yyrg160 := len(yyv160) > 0 + yyv2160 := yyv160 + yyrl160, yyrt160 = z.DecInferLen(yyl160, z.DecBasicHandle().MaxInitLen, 72) + if yyrt160 { + if yyrl160 <= cap(yyv160) { + yyv160 = yyv160[:yyrl160] } else { - yyv146 = make([]CertificateSigningRequestCondition, yyrl146) + yyv160 = make([]CertificateSigningRequestCondition, yyrl160) } } else { - yyv146 = make([]CertificateSigningRequestCondition, yyrl146) + yyv160 = make([]CertificateSigningRequestCondition, yyrl160) } - yyc146 = true - yyrr146 = len(yyv146) - if yyrg146 { - copy(yyv146, yyv2146) + yyc160 = true + yyrr160 = len(yyv160) + if yyrg160 { + copy(yyv160, yyv2160) } - } else if yyl146 != len(yyv146) { - yyv146 = yyv146[:yyl146] - yyc146 = true + } else if yyl160 != len(yyv160) { + yyv160 = yyv160[:yyl160] + yyc160 = true } - yyj146 := 0 - for ; yyj146 < yyrr146; yyj146++ { - yyh146.ElemContainerState(yyj146) + yyj160 := 0 + for ; yyj160 < yyrr160; yyj160++ { + yyh160.ElemContainerState(yyj160) if r.TryDecodeAsNil() { - yyv146[yyj146] = CertificateSigningRequestCondition{} + yyv160[yyj160] = CertificateSigningRequestCondition{} } else { - yyv147 := &yyv146[yyj146] - yyv147.CodecDecodeSelf(d) + yyv161 := &yyv160[yyj160] + yyv161.CodecDecodeSelf(d) } } - if yyrt146 { - for ; yyj146 < yyl146; yyj146++ { - yyv146 = append(yyv146, CertificateSigningRequestCondition{}) - yyh146.ElemContainerState(yyj146) + if yyrt160 { + for ; yyj160 < yyl160; yyj160++ { + yyv160 = append(yyv160, CertificateSigningRequestCondition{}) + yyh160.ElemContainerState(yyj160) if r.TryDecodeAsNil() { - yyv146[yyj146] = CertificateSigningRequestCondition{} + yyv160[yyj160] = CertificateSigningRequestCondition{} } else { - yyv148 := &yyv146[yyj146] - yyv148.CodecDecodeSelf(d) + yyv162 := &yyv160[yyj160] + yyv162.CodecDecodeSelf(d) } } } } else { - yyj146 := 0 - for ; !r.CheckBreak(); yyj146++ { + yyj160 := 0 + for ; !r.CheckBreak(); yyj160++ { - if yyj146 >= len(yyv146) { - yyv146 = append(yyv146, CertificateSigningRequestCondition{}) // var yyz146 CertificateSigningRequestCondition - yyc146 = true + if yyj160 >= len(yyv160) { + yyv160 = append(yyv160, CertificateSigningRequestCondition{}) // var yyz160 CertificateSigningRequestCondition + yyc160 = true } - yyh146.ElemContainerState(yyj146) - if yyj146 < len(yyv146) { + yyh160.ElemContainerState(yyj160) + if yyj160 < len(yyv160) { if r.TryDecodeAsNil() { - yyv146[yyj146] = CertificateSigningRequestCondition{} + yyv160[yyj160] = CertificateSigningRequestCondition{} } else { - yyv149 := &yyv146[yyj146] - yyv149.CodecDecodeSelf(d) + yyv163 := &yyv160[yyj160] + yyv163.CodecDecodeSelf(d) } } else { @@ -1819,17 +2020,17 @@ func (x codecSelfer1234) decSliceCertificateSigningRequestCondition(v *[]Certifi } } - if yyj146 < len(yyv146) { - yyv146 = yyv146[:yyj146] - yyc146 = true - } else if yyj146 == 0 && yyv146 == nil { - yyv146 = []CertificateSigningRequestCondition{} - yyc146 = true + if yyj160 < len(yyv160) { + yyv160 = yyv160[:yyj160] + yyc160 = true + } else if yyj160 == 0 && yyv160 == nil { + yyv160 = []CertificateSigningRequestCondition{} + yyc160 = true } } - yyh146.End() - if yyc146 { - *v = yyv146 + yyh160.End() + if yyc160 { + *v = yyv160 } } @@ -1838,10 +2039,10 @@ func (x codecSelfer1234) encSliceCertificateSigningRequest(v []CertificateSignin z, r := codec1978.GenHelperEncoder(e) _, _, _ = h, z, r r.EncodeArrayStart(len(v)) - for _, yyv150 := range v { + for _, yyv164 := range v { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy151 := &yyv150 - yy151.CodecEncodeSelf(e) + yy165 := &yyv164 + yy165.CodecEncodeSelf(e) } z.EncSendContainerState(codecSelfer_containerArrayEnd1234) } @@ -1851,83 +2052,83 @@ func (x codecSelfer1234) decSliceCertificateSigningRequest(v *[]CertificateSigni z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - yyv152 := *v - yyh152, yyl152 := z.DecSliceHelperStart() - var yyc152 bool - if yyl152 == 0 { - if yyv152 == nil { - yyv152 = []CertificateSigningRequest{} - yyc152 = true - } else if len(yyv152) != 0 { - yyv152 = yyv152[:0] - yyc152 = true + yyv166 := *v + yyh166, yyl166 := z.DecSliceHelperStart() + var yyc166 bool + if yyl166 == 0 { + if yyv166 == nil { + yyv166 = []CertificateSigningRequest{} + yyc166 = true + } else if len(yyv166) != 0 { + yyv166 = yyv166[:0] + yyc166 = true } - } else if yyl152 > 0 { - var yyrr152, yyrl152 int - var yyrt152 bool - if yyl152 > cap(yyv152) { + } else if yyl166 > 0 { + var yyrr166, yyrl166 int + var yyrt166 bool + if yyl166 > cap(yyv166) { - yyrg152 := len(yyv152) > 0 - yyv2152 := yyv152 - yyrl152, yyrt152 = z.DecInferLen(yyl152, z.DecBasicHandle().MaxInitLen, 384) - if yyrt152 { - if yyrl152 <= cap(yyv152) { - yyv152 = yyv152[:yyrl152] + yyrg166 := len(yyv166) > 0 + yyv2166 := yyv166 + yyrl166, yyrt166 = z.DecInferLen(yyl166, z.DecBasicHandle().MaxInitLen, 408) + if yyrt166 { + if yyrl166 <= cap(yyv166) { + yyv166 = yyv166[:yyrl166] } else { - yyv152 = make([]CertificateSigningRequest, yyrl152) + yyv166 = make([]CertificateSigningRequest, yyrl166) } } else { - yyv152 = make([]CertificateSigningRequest, yyrl152) + yyv166 = make([]CertificateSigningRequest, yyrl166) } - yyc152 = true - yyrr152 = len(yyv152) - if yyrg152 { - copy(yyv152, yyv2152) + yyc166 = true + yyrr166 = len(yyv166) + if yyrg166 { + copy(yyv166, yyv2166) } - } else if yyl152 != len(yyv152) { - yyv152 = yyv152[:yyl152] - yyc152 = true + } else if yyl166 != len(yyv166) { + yyv166 = yyv166[:yyl166] + yyc166 = true } - yyj152 := 0 - for ; yyj152 < yyrr152; yyj152++ { - yyh152.ElemContainerState(yyj152) + yyj166 := 0 + for ; yyj166 < yyrr166; yyj166++ { + yyh166.ElemContainerState(yyj166) if r.TryDecodeAsNil() { - yyv152[yyj152] = CertificateSigningRequest{} + yyv166[yyj166] = CertificateSigningRequest{} } else { - yyv153 := &yyv152[yyj152] - yyv153.CodecDecodeSelf(d) + yyv167 := &yyv166[yyj166] + yyv167.CodecDecodeSelf(d) } } - if yyrt152 { - for ; yyj152 < yyl152; yyj152++ { - yyv152 = append(yyv152, CertificateSigningRequest{}) - yyh152.ElemContainerState(yyj152) + if yyrt166 { + for ; yyj166 < yyl166; yyj166++ { + yyv166 = append(yyv166, CertificateSigningRequest{}) + yyh166.ElemContainerState(yyj166) if r.TryDecodeAsNil() { - yyv152[yyj152] = CertificateSigningRequest{} + yyv166[yyj166] = CertificateSigningRequest{} } else { - yyv154 := &yyv152[yyj152] - yyv154.CodecDecodeSelf(d) + yyv168 := &yyv166[yyj166] + yyv168.CodecDecodeSelf(d) } } } } else { - yyj152 := 0 - for ; !r.CheckBreak(); yyj152++ { + yyj166 := 0 + for ; !r.CheckBreak(); yyj166++ { - if yyj152 >= len(yyv152) { - yyv152 = append(yyv152, CertificateSigningRequest{}) // var yyz152 CertificateSigningRequest - yyc152 = true + if yyj166 >= len(yyv166) { + yyv166 = append(yyv166, CertificateSigningRequest{}) // var yyz166 CertificateSigningRequest + yyc166 = true } - yyh152.ElemContainerState(yyj152) - if yyj152 < len(yyv152) { + yyh166.ElemContainerState(yyj166) + if yyj166 < len(yyv166) { if r.TryDecodeAsNil() { - yyv152[yyj152] = CertificateSigningRequest{} + yyv166[yyj166] = CertificateSigningRequest{} } else { - yyv155 := &yyv152[yyj152] - yyv155.CodecDecodeSelf(d) + yyv169 := &yyv166[yyj166] + yyv169.CodecDecodeSelf(d) } } else { @@ -1935,16 +2136,16 @@ func (x codecSelfer1234) decSliceCertificateSigningRequest(v *[]CertificateSigni } } - if yyj152 < len(yyv152) { - yyv152 = yyv152[:yyj152] - yyc152 = true - } else if yyj152 == 0 && yyv152 == nil { - yyv152 = []CertificateSigningRequest{} - yyc152 = true + if yyj166 < len(yyv166) { + yyv166 = yyv166[:yyj166] + yyc166 = true + } else if yyj166 == 0 && yyv166 == nil { + yyv166 = []CertificateSigningRequest{} + yyc166 = true } } - yyh152.End() - if yyc152 { - *v = yyv152 + yyh166.End() + if yyc166 { + *v = yyv166 } } diff --git a/pkg/apis/certificates/v1alpha1/types_swagger_doc_generated.go b/pkg/apis/certificates/v1alpha1/types_swagger_doc_generated.go index cf66d07467a..26a9dceba1c 100644 --- a/pkg/apis/certificates/v1alpha1/types_swagger_doc_generated.go +++ b/pkg/apis/certificates/v1alpha1/types_swagger_doc_generated.go @@ -51,6 +51,7 @@ func (CertificateSigningRequestCondition) SwaggerDoc() map[string]string { var map_CertificateSigningRequestSpec = map[string]string{ "": "This information is immutable after the request is created. Only the Request and ExtraInfo fields can be set on creation, other fields are derived by Kubernetes and cannot be modified by users.", "request": "Base64-encoded PKCS#10 CSR data", + "usages": "allowedUsages specifies a set of usage contexts the key will be valid for. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3\n https://tools.ietf.org/html/rfc5280#section-4.2.1.12", "username": "Information about the requesting user (if relevant) See user.Info interface for details", } diff --git a/pkg/apis/certificates/v1alpha1/zz_generated.conversion.go b/pkg/apis/certificates/v1alpha1/zz_generated.conversion.go index 8410105e723..934559d0d6f 100644 --- a/pkg/apis/certificates/v1alpha1/zz_generated.conversion.go +++ b/pkg/apis/certificates/v1alpha1/zz_generated.conversion.go @@ -130,6 +130,7 @@ func Convert_certificates_CertificateSigningRequestList_To_v1alpha1_CertificateS func autoConvert_v1alpha1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(in *CertificateSigningRequestSpec, out *certificates.CertificateSigningRequestSpec, s conversion.Scope) error { out.Request = *(*[]byte)(unsafe.Pointer(&in.Request)) + out.Usages = *(*[]certificates.KeyUsage)(unsafe.Pointer(&in.Usages)) out.Username = in.Username out.UID = in.UID out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) @@ -142,6 +143,7 @@ func Convert_v1alpha1_CertificateSigningRequestSpec_To_certificates_CertificateS func autoConvert_certificates_CertificateSigningRequestSpec_To_v1alpha1_CertificateSigningRequestSpec(in *certificates.CertificateSigningRequestSpec, out *CertificateSigningRequestSpec, s conversion.Scope) error { out.Request = *(*[]byte)(unsafe.Pointer(&in.Request)) + out.Usages = *(*[]KeyUsage)(unsafe.Pointer(&in.Usages)) out.Username = in.Username out.UID = in.UID out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) diff --git a/pkg/apis/certificates/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/certificates/v1alpha1/zz_generated.deepcopy.go index 51b280e733a..45c3bc8567c 100644 --- a/pkg/apis/certificates/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/certificates/v1alpha1/zz_generated.deepcopy.go @@ -99,6 +99,13 @@ func DeepCopy_v1alpha1_CertificateSigningRequestSpec(in interface{}, out interfa *out = make([]byte, len(*in)) copy(*out, *in) } + if in.Usages != nil { + in, out := &in.Usages, &out.Usages + *out = make([]KeyUsage, len(*in)) + for i := range *in { + (*out)[i] = (*in)[i] + } + } if in.Groups != nil { in, out := &in.Groups, &out.Groups *out = make([]string, len(*in)) diff --git a/pkg/apis/certificates/zz_generated.deepcopy.go b/pkg/apis/certificates/zz_generated.deepcopy.go index ecd183415cd..2b45b553ec2 100644 --- a/pkg/apis/certificates/zz_generated.deepcopy.go +++ b/pkg/apis/certificates/zz_generated.deepcopy.go @@ -99,6 +99,13 @@ func DeepCopy_certificates_CertificateSigningRequestSpec(in interface{}, out int *out = make([]byte, len(*in)) copy(*out, *in) } + if in.Usages != nil { + in, out := &in.Usages, &out.Usages + *out = make([]KeyUsage, len(*in)) + for i := range *in { + (*out)[i] = (*in)[i] + } + } if in.Groups != nil { in, out := &in.Groups, &out.Groups *out = make([]string, len(*in)) diff --git a/pkg/controller/certificates/BUILD b/pkg/controller/certificates/BUILD index 9540ee798f4..95d8ec20a67 100644 --- a/pkg/controller/certificates/BUILD +++ b/pkg/controller/certificates/BUILD @@ -12,6 +12,7 @@ go_library( srcs = [ "certificate_controller.go", "certificate_controller_utils.go", + "cfssl_signer.go", "doc.go", "groupapprove.go", ], diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index 59f0c3eebc0..6c76a992d89 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -8930,6 +8930,20 @@ var OpenAPIDefinitions *common.OpenAPIDefinitions = &common.OpenAPIDefinitions{ Format: "byte", }, }, + "usages": { + SchemaProps: spec.SchemaProps{ + Description: "allowedUsages specifies a set of usage contexts the key will be valid for. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3\n https://tools.ietf.org/html/rfc5280#section-4.2.1.12", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, "username": { SchemaProps: spec.SchemaProps{ Description: "Information about the requesting user (if relevant) See user.Info interface for details", From bc522113043fbd8e82d6d8cd47e8b0abc06650d8 Mon Sep 17 00:00:00 2001 From: Mike Danese Date: Fri, 6 Jan 2017 19:41:33 -0800 Subject: [PATCH 3/3] add unit tests for the signer --- pkg/controller/certificates/BUILD | 17 ++++ .../certificates/cfssl_signer_test.go | 82 +++++++++++++++++++ pkg/controller/certificates/testdata/ca.crt | 18 ++++ pkg/controller/certificates/testdata/ca.key | 27 ++++++ .../certificates/testdata/kubelet.csr | 8 ++ 5 files changed, 152 insertions(+) create mode 100644 pkg/controller/certificates/cfssl_signer_test.go create mode 100644 pkg/controller/certificates/testdata/ca.crt create mode 100644 pkg/controller/certificates/testdata/ca.key create mode 100644 pkg/controller/certificates/testdata/kubelet.csr diff --git a/pkg/controller/certificates/BUILD b/pkg/controller/certificates/BUILD index 95d8ec20a67..3b661ba9971 100644 --- a/pkg/controller/certificates/BUILD +++ b/pkg/controller/certificates/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) load( "@io_bazel_rules_go//go:def.bzl", "go_library", + "go_test", ) go_library( @@ -52,3 +53,19 @@ filegroup( srcs = [":package-srcs"], tags = ["automanaged"], ) + +go_test( + name = "go_default_test", + srcs = ["cfssl_signer_test.go"], + data = [ + "testdata/ca.crt", + "testdata/ca.key", + "testdata/kubelet.csr", + ], + library = ":go_default_library", + tags = ["automanaged"], + deps = [ + "//pkg/apis/certificates/v1alpha1:go_default_library", + "//pkg/util/cert:go_default_library", + ], +) diff --git a/pkg/controller/certificates/cfssl_signer_test.go b/pkg/controller/certificates/cfssl_signer_test.go new file mode 100644 index 00000000000..3abd425cb4f --- /dev/null +++ b/pkg/controller/certificates/cfssl_signer_test.go @@ -0,0 +1,82 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package certificates + +import ( + "crypto/x509" + "io/ioutil" + "reflect" + "testing" + + capi "k8s.io/kubernetes/pkg/apis/certificates/v1alpha1" + "k8s.io/kubernetes/pkg/util/cert" +) + +func TestSigner(t *testing.T) { + s, err := NewCFSSLSigner("./testdata/ca.crt", "./testdata/ca.key") + if err != nil { + t.Fatalf("failed to create signer: %v", err) + } + + csrb, err := ioutil.ReadFile("./testdata/kubelet.csr") + if err != nil { + t.Fatalf("failed to read CSR: %v", err) + } + + csr := &capi.CertificateSigningRequest{ + Spec: capi.CertificateSigningRequestSpec{ + Request: []byte(csrb), + Usages: []capi.KeyUsage{ + capi.UsageSigning, + capi.UsageKeyEncipherment, + capi.UsageServerAuth, + capi.UsageClientAuth, + }, + }, + } + + certData, err := s.Sign(csr) + if err != nil { + t.Fatalf("failed to sign CSR: %v", err) + } + if len(certData) == 0 { + t.Fatalf("expected a certificate after signing") + } + + certs, err := cert.ParseCertsPEM(certData) + if err != nil { + t.Fatalf("failed to parse certificate: %v", err) + } + if len(certs) != 1 { + t.Fatalf("expected one certificate") + } + + crt := certs[0] + + if crt.Subject.CommonName != "system:node:k-a-node-s36b" { + t.Errorf("expected common name of 'system:node:k-a-node-s36b', but got: %v", certs[0].Subject.CommonName) + } + if !reflect.DeepEqual(crt.Subject.Organization, []string{"system:nodes"}) { + t.Errorf("expected organization to be [system:nodes] but got: %v", crt.Subject.Organization) + } + if crt.KeyUsage != x509.KeyUsageDigitalSignature|x509.KeyUsageKeyEncipherment { + t.Errorf("bad key usage") + } + if !reflect.DeepEqual(crt.ExtKeyUsage, []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}) { + t.Errorf("bad extended key usage") + } +} diff --git a/pkg/controller/certificates/testdata/ca.crt b/pkg/controller/certificates/testdata/ca.crt new file mode 100644 index 00000000000..419f970016b --- /dev/null +++ b/pkg/controller/certificates/testdata/ca.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9zCCAd+gAwIBAgIJAOWJ8tWNUIsZMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV +BAMMB2t1YmUtY2EwHhcNMTYxMjIyMDAyNTI5WhcNNDQwNTA5MDAyNTI5WjASMRAw +DgYDVQQDDAdrdWJlLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +1HK1d2p7N7UC6px8lVtABw8jPpVyNYjrJmI+TKTTdCgWGsUTFMCw4t4Q/KQDDlvB +P19uPhbfp8aLwOWXBCxOPZzlM2mAEjSUgKjbyGCW/8vaXa2VgQm3tKZdydKiFvIo +fEsNA+58w8A0WWEB8wYFcdCt8uPyQ0ws/TxE+WW3u7EPlC0/inIX9JqeZZMpDk3N +lHEv/pGEjQmoet/hBwGHq9PKepkN5/V6rrSADJ5I4Uklp2f7G9MCP/zV8xKfs0lK +CMoJsIPK3nL9N3C0rqBQPfcyKE2fnEkxC3UVZA8brvLTkBfOgmM2eVg/nauU1ejv +zOJL7tDwUioLriw2hiGrFwIDAQABo1AwTjAdBgNVHQ4EFgQUbGJxJeW7BgZ4xSmW +d3Aw3gq8YZUwHwYDVR0jBBgwFoAUbGJxJeW7BgZ4xSmWd3Aw3gq8YZUwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAunzpYAxpzguzxG83pK5n3ObsGDwO +78d38qX1VRvMLPvioZxYgquqqFPdLI3xe8b8KdZNzb65549tgjAI17tTKGTRgJu5 +yzLU1tO4vNaAFecMCtPvElYfkrAv2vbGCVJ1bYKTnjdu3083jG3sY9TDj0364A57 +lNwKEd5uxHGWg4H+NbyHkDqfKmllzLvJ9XjSWBPmNVLSW50hV+h9fUXgz9LN+qVY +VEDfAEWqb6PVy9ANw8A8QLnuSRxbd7hAigtlC4MwzYJ6tyFIIH6bCIgfoZuA+brm +WGcpIxl4fKEGafSgjsK/6Yhb61mkhHmG16mzEUZNkNsjiYJuF2QxpOlQrw== +-----END CERTIFICATE----- diff --git a/pkg/controller/certificates/testdata/ca.key b/pkg/controller/certificates/testdata/ca.key new file mode 100644 index 00000000000..fdf489609a8 --- /dev/null +++ b/pkg/controller/certificates/testdata/ca.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA1HK1d2p7N7UC6px8lVtABw8jPpVyNYjrJmI+TKTTdCgWGsUT +FMCw4t4Q/KQDDlvBP19uPhbfp8aLwOWXBCxOPZzlM2mAEjSUgKjbyGCW/8vaXa2V +gQm3tKZdydKiFvIofEsNA+58w8A0WWEB8wYFcdCt8uPyQ0ws/TxE+WW3u7EPlC0/ +inIX9JqeZZMpDk3NlHEv/pGEjQmoet/hBwGHq9PKepkN5/V6rrSADJ5I4Uklp2f7 +G9MCP/zV8xKfs0lKCMoJsIPK3nL9N3C0rqBQPfcyKE2fnEkxC3UVZA8brvLTkBfO +gmM2eVg/nauU1ejvzOJL7tDwUioLriw2hiGrFwIDAQABAoIBAFJCmEFE2bEYRajS +LusmCgSxt9PjyfUwrtyN7dF/gODZJLX42QqQEe3GTo2EdCp7HLiNGwKvmKo+Fp76 +Rx82iJUSyyy9DPn/ogCvYWqU++LP7B2ZuOnd+WPZhzc+d8Sqv0JhTQjYrzaclaiG +B1syWalYRAJogMXOGR102MA4wovJrlHFuTVSWiDe0uguLxyjoTMIRqbib9ZAMSLX +bfcM2abGpXgq10abda3KKAJbZyr2fnBvqKTs4a4zYeHJpQT+NBPMiryb2WnPFg+b +93nrjDxUtPsx8NJz6HGkSQLagXkZX2J1JpT8loaNIdyQHab1LNXptc84LR8xxusy +bs5NowECgYEA+j+SwVgeC+NCUIfxr3F9zPAD9A0Tk3gD4z+j0opfLIMghX4jtK0e +9fQyglecAbojlkEUk/js5IVZ0IIhBNPWXxKtdShZO7EmJ6Z5IEmFrZK1xUomYBa2 +BfysqSAkxVLsTDIfI0Q4DHQNDOV+iY3j8WoaR51cXr+IY+mYBGSNI80CgYEA2VS5 +X5QHDxoh3r5ORiyab3ciubEofJ29D3NR1tCe9ZgSYRV5Y7T/4KPpZdpsEX/ydYD6 +X4DyURuYNK7PUR8DSlX7/VuMzHThqGJMaT0LE+alU4bruiad33X1WXgtcPTGCic0 +8il50TZTgba0CwxuCO1eVb3IijwgJBX/byM67nMCgYEA7As1KSwtwzbMoVtpa/xY +Fgu7HuOKuIn22M55fylH1puk/GXb1huJ3aNGVU2/+J0T3jFq8JxXDsJ90kA8Vupe +BXV/qceyS6yv+ax8Cilvbya4T+y+P9qMPR912V1Zccri2ohYeJJrb8uzV5vM/ICb +JmbXfP+AVlrBksSOwG37920CgYEAsSi2X6o8QtxLhdZd2ihbz8cu4G4AkezHhAO+ +T70KBytquAcYR+Xwu38CMEvn0jAZRh3YeueTH/i9jxx81STRutPysSni0Xvpwyg2 +H4dqM1PNqxQNrlXyVYlDciZb7HsrwHULXOfgbGG7mr6Db4o3XEGap4woID84+BGS +glcWn+8CgYEA36uulmZcodfet04qQvlDtr1d7mwLdTR/JAO0ZBIgFH7eGZdEVh8O +DoTJTdSSJGiv8J35PwEXfhKHjhgOjDocLYu+yCOwVj7jRdHqlDS1BaE36Hzdw0rb +mWkBRMGJtGhzhoRJEFHAnoLXc9danRfnHwVR58drlf7bjR5I9eU9u1I= +-----END RSA PRIVATE KEY----- diff --git a/pkg/controller/certificates/testdata/kubelet.csr b/pkg/controller/certificates/testdata/kubelet.csr new file mode 100644 index 00000000000..1153a0435d0 --- /dev/null +++ b/pkg/controller/certificates/testdata/kubelet.csr @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIH1MIGdAgEAMDsxFTATBgNVBAoTDHN5c3RlbTpub2RlczEiMCAGA1UEAxMZc3lz +dGVtOm5vZGU6ay1hLW5vZGUtczM2YjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BJbxa5Y8SrUJVHpOoWD5ceqH+5R9mjIhwVP2sqfTcLkjvbitzOiLlxSq/LwJ+qq7 +kVpf9f3GopZVhRWbYSCg0YGgADAKBggqhkjOPQQDAgNHADBEAiAabb6XFtPOJUCQ ++84NhxLEvPANhrtwFq3Q0qFZ9TzH5QIgc/697RTTcbri2lVj+10dLFIC3VYJ7br4 +QjA7haCYXrA= +-----END CERTIFICATE REQUEST-----