mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 11:21:47 +00:00
Merge pull request #66033 from liggitt/x509-cleanup
Automatic merge from submit-queue (batch tested with PRs 65931, 65705, 66033). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Remove unused x509 code We don't intend to use/support these user extraction methods ```release-note NONE ```
This commit is contained in:
commit
4b4408c339
@ -19,7 +19,6 @@ package x509
|
||||
import (
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/asn1"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"time"
|
||||
@ -191,25 +190,3 @@ var CommonNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate
|
||||
Groups: chain[0].Subject.Organization,
|
||||
}, true, nil
|
||||
})
|
||||
|
||||
// DNSNameUserConversion builds user info from a certificate chain using the first DNSName on the certificate
|
||||
var DNSNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
|
||||
if len(chain[0].DNSNames) == 0 {
|
||||
return nil, false, nil
|
||||
}
|
||||
return &user.DefaultInfo{Name: chain[0].DNSNames[0]}, true, nil
|
||||
})
|
||||
|
||||
// EmailAddressUserConversion builds user info from a certificate chain using the first EmailAddress on the certificate
|
||||
var EmailAddressUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
|
||||
var emailAddressOID asn1.ObjectIdentifier = []int{1, 2, 840, 113549, 1, 9, 1}
|
||||
if len(chain[0].EmailAddresses) == 0 {
|
||||
for _, name := range chain[0].Subject.Names {
|
||||
if name.Type.Equal(emailAddressOID) {
|
||||
return &user.DefaultInfo{Name: name.Value.(string)}, true, nil
|
||||
}
|
||||
}
|
||||
return nil, false, nil
|
||||
}
|
||||
return &user.DefaultInfo{Name: chain[0].EmailAddresses[0]}, true, nil
|
||||
})
|
||||
|
@ -586,41 +586,6 @@ func TestX509(t *testing.T) {
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"empty dns": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: DNSNameUserConversion,
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"dns": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientDNSCert),
|
||||
User: DNSNameUserConversion,
|
||||
|
||||
ExpectUserName: "client_dns.example.com",
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
|
||||
"empty email": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: EmailAddressUserConversion,
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"email": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientEmailCert),
|
||||
User: EmailAddressUserConversion,
|
||||
|
||||
ExpectUserName: "client_email@example.com",
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
|
||||
"custom conversion error": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
|
Loading…
Reference in New Issue
Block a user