github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor cfssl and cfssljson

Browse Source
This commit is contained in:
Christoph Blecker
2018-08-06 16:30:17 -07:00
parent 1c5b968152
commit 952fc9f6f8
245 changed files with 251725 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
vendor/github.com/cloudflare/cfssl/cli/ocspsign/BUILD generated vendored Normal file
View File

@@ -0,0 +1,29 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = ["ocspsign.go"],
importmap = "k8s.io/kubernetes/vendor/github.com/cloudflare/cfssl/cli/ocspsign",
importpath = "github.com/cloudflare/cfssl/cli/ocspsign",
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/cloudflare/cfssl/cli:go_default_library",
"//vendor/github.com/cloudflare/cfssl/helpers:go_default_library",
"//vendor/github.com/cloudflare/cfssl/log:go_default_library",
"//vendor/github.com/cloudflare/cfssl/ocsp:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)

93
vendor/github.com/cloudflare/cfssl/cli/ocspsign/ocspsign.go generated vendored Normal file
View File

@@ -0,0 +1,93 @@
// Package ocspsign implements the ocspsign command.
package ocspsign
import (
"io/ioutil"
"time"
"github.com/cloudflare/cfssl/cli"
"github.com/cloudflare/cfssl/helpers"
"github.com/cloudflare/cfssl/log"
"github.com/cloudflare/cfssl/ocsp"
)
// Usage text of 'cfssl ocspsign'
var ocspSignerUsageText = `cfssl ocspsign -- signs an OCSP response for a given CA, cert, and status.
Returns a base64-encoded OCSP response.
Usage of ocspsign:
cfssl ocspsign -ca cert -responder cert -responder-key key -cert cert [-status status] [-reason code] [-revoked-at YYYY-MM-DD] [-interval 96h]
Flags:
`
// Flags of 'cfssl ocspsign'
var ocspSignerFlags = []string{"ca", "responder", "responder-key", "reason", "status", "revoked-at", "interval"}
// ocspSignerMain is the main CLI of OCSP signer functionality.
func ocspSignerMain(args []string, c cli.Config) (err error) {
// Read the cert to be revoked from file
certBytes, err := ioutil.ReadFile(c.CertFile)
if err != nil {
log.Critical("Unable to read certificate: ", err)
return
}
cert, err := helpers.ParseCertificatePEM(certBytes)
if err != nil {
log.Critical("Unable to parse certificate: ", err)
return
}
req := ocsp.SignRequest{
Certificate: cert,
Status: c.Status,
}
if c.Status == "revoked" {
var reasonCode int
reasonCode, err = ocsp.ReasonStringToCode(c.Reason)
if err != nil {
log.Critical("Invalid reason code: ", err)
return
}
req.Reason = reasonCode
req.RevokedAt = time.Now()
if c.RevokedAt != "now" {
req.RevokedAt, err = time.Parse("2006-01-02", c.RevokedAt)
if err != nil {
log.Critical("Malformed revocation time: ", c.RevokedAt)
return
}
}
}
s, err := SignerFromConfig(c)
if err != nil {
log.Critical("Unable to create OCSP signer: ", err)
return
}
resp, err := s.Sign(req)
if err != nil {
log.Critical("Unable to sign OCSP response: ", err)
return
}
cli.PrintOCSPResponse(resp)
return
}
// SignerFromConfig creates a signer from a cli.Config as a helper for cli and serve
func SignerFromConfig(c cli.Config) (ocsp.Signer, error) {
//if this is called from serve then we need to use the specific responder key file
//fallback to key for backwards-compatibility
k := c.ResponderKeyFile
if k == "" {
k = c.KeyFile
}
return ocsp.NewSignerFromFile(c.CAFile, c.ResponderFile, k, time.Duration(c.Interval))
}
// Command assembles the definition of Command 'ocspsign'
var Command = &cli.Command{UsageText: ocspSignerUsageText, Flags: ocspSignerFlags, Main: ocspSignerMain}