Merge pull request #66033 from liggitt/x509-cleanup

Automatic merge from submit-queue (batch tested with PRs 65931, 65705, 66033). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Remove unused x509 code We don't intend to use/support these user extraction methods ```release-note NONE ```
2025-07-24 04:06:03 +00:00 · 2018-07-10 14:09:12 -07:00 · 2018-07-10 14:09:12 -07:00 · 4b4408c339
commit 4b4408c339
parent d51175901a 82f603c327
2 changed files with 0 additions and 58 deletions
--- a/staging/src/k8s.io/apiserver/pkg/authentication/request/x509/x509.go
+++ b/staging/src/k8s.io/apiserver/pkg/authentication/request/x509/x509.go
@ -19,7 +19,6 @@ package x509
 import (
 	"crypto/x509"
 	"crypto/x509/pkix"
-	"encoding/asn1"
 	"fmt"
 	"net/http"
 	"time"
@ -191,25 +190,3 @@ var CommonNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate
 		Groups: chain[0].Subject.Organization,
 	}, true, nil
 })
-
-// DNSNameUserConversion builds user info from a certificate chain using the first DNSName on the certificate
-var DNSNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
-	if len(chain[0].DNSNames) == 0 {
-		return nil, false, nil
-	}
-	return &user.DefaultInfo{Name: chain[0].DNSNames[0]}, true, nil
-})
-
-// EmailAddressUserConversion builds user info from a certificate chain using the first EmailAddress on the certificate
-var EmailAddressUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
-	var emailAddressOID asn1.ObjectIdentifier = []int{1, 2, 840, 113549, 1, 9, 1}
-	if len(chain[0].EmailAddresses) == 0 {
-		for _, name := range chain[0].Subject.Names {
-			if name.Type.Equal(emailAddressOID) {
-				return &user.DefaultInfo{Name: name.Value.(string)}, true, nil
-			}
-		}
-		return nil, false, nil
-	}
-	return &user.DefaultInfo{Name: chain[0].EmailAddresses[0]}, true, nil
-})
--- a/staging/src/k8s.io/apiserver/pkg/authentication/request/x509/x509_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/authentication/request/x509/x509_test.go
@ -586,41 +586,6 @@ func TestX509(t *testing.T) {
 			ExpectOK:       true,
 			ExpectErr:      false,
 		},
-		"empty dns": {
-			Opts:  getDefaultVerifyOptions(t),
-			Certs: getCerts(t, clientCNCert),
-			User:  DNSNameUserConversion,
-
-			ExpectOK:  false,
-			ExpectErr: false,
-		},
-		"dns": {
-			Opts:  getDefaultVerifyOptions(t),
-			Certs: getCerts(t, clientDNSCert),
-			User:  DNSNameUserConversion,
-
-			ExpectUserName: "client_dns.example.com",
-			ExpectOK:       true,
-			ExpectErr:      false,
-		},
-
-		"empty email": {
-			Opts:  getDefaultVerifyOptions(t),
-			Certs: getCerts(t, clientCNCert),
-			User:  EmailAddressUserConversion,
-
-			ExpectOK:  false,
-			ExpectErr: false,
-		},
-		"email": {
-			Opts:  getDefaultVerifyOptions(t),
-			Certs: getCerts(t, clientEmailCert),
-			User:  EmailAddressUserConversion,
-
-			ExpectUserName: "client_email@example.com",
-			ExpectOK:       true,
-			ExpectErr:      false,
-		},

 		"custom conversion error": {
 			Opts:  getDefaultVerifyOptions(t),