connect: store signingKeyId instead of authorityKeyId (#6005)
This commit is contained in:
parent
7a6a83397a
commit
8ece11a24a
|
@ -1084,7 +1084,7 @@ func parseCARoot(pemValue, provider, clusterID string) (*structs.CARoot, error)
|
|||
ID: id,
|
||||
Name: fmt.Sprintf("%s CA Root Cert", strings.Title(provider)),
|
||||
SerialNumber: rootCert.SerialNumber.Uint64(),
|
||||
SigningKeyID: connect.HexString(rootCert.AuthorityKeyId),
|
||||
SigningKeyID: connect.HexString(rootCert.SubjectKeyId),
|
||||
ExternalTrustDomain: clusterID,
|
||||
NotBefore: rootCert.NotBefore,
|
||||
NotAfter: rootCert.NotAfter,
|
||||
|
|
|
@ -1301,3 +1301,47 @@ func TestLeader_ConfigEntryBootstrap(t *testing.T) {
|
|||
require.Equal(t, global_entry_init.Config, global.Config)
|
||||
})
|
||||
}
|
||||
|
||||
func TestLeader_ParseCARoot(t *testing.T) {
|
||||
type test struct {
|
||||
pem string
|
||||
expectedError bool
|
||||
}
|
||||
tests := []test{
|
||||
{"", true},
|
||||
{`-----BEGIN CERTIFICATE-----
|
||||
MIIDHDCCAsKgAwIBAgIQS+meruRVzrmVwEhXNrtk9jAKBggqhkjOPQQDAjCBuTEL
|
||||
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
|
||||
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
|
||||
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMUAwPgYDVQQDEzdDb25zdWwgQWdlbnQgQ0Eg
|
||||
MTkzNzYxNzQwMjcxNzUxOTkyMzAyMzE1NDkxNjUzODYyMzAwNzE3MB4XDTE5MDQx
|
||||
MjA5MTg0NVoXDTIwMDQxMTA5MTg0NVowHDEaMBgGA1UEAxMRY2xpZW50LmRjMS5j
|
||||
b25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS2UroGUh5k7eR//iPsn9ne
|
||||
CMCVsERnjqQnK6eDWnM5kTXgXcPPe5pcAS9xs0g8BZ+oVsJSc7sH6RYvX+gw6bCl
|
||||
o4IBRjCCAUIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
|
||||
BgEFBQcDATAMBgNVHRMBAf8EAjAAMGgGA1UdDgRhBF84NDphNDplZjoxYTpjODo1
|
||||
MzoxMDo1YTpjNTplYTpjZTphYTowZDo2ZjpjOTozODozZDphZjo0NTphZTo5OTo4
|
||||
YzpiYjoyNzpiYzpiMzpmYTpmMDozMToxNDo4ZTozNDBqBgNVHSMEYzBhgF8yYTox
|
||||
MjpjYTo0Mzo0NzowODpiZjoxYTo0Yjo4MTpkNDo2MzowNTo1ODowZToxYzo3Zjoy
|
||||
NTo0ZjozNDpmNDozYjpmYzo5YTpkNzo4Mjo2YjpkYzpmODo3YjphMTo5ZDAtBgNV
|
||||
HREEJjAkghFjbGllbnQuZGMxLmNvbnN1bIIJbG9jYWxob3N0hwR/AAABMAoGCCqG
|
||||
SM49BAMCA0gAMEUCIHcLS74KSQ7RA+edwOprmkPTh1nolwXz9/y9CJ5nMVqEAiEA
|
||||
h1IHCbxWsUT3AiARwj5/D/CUppy6BHIFkvcpOCQoVyo=
|
||||
-----END CERTIFICATE-----`, false},
|
||||
}
|
||||
for _, test := range tests {
|
||||
root, err := parseCARoot(test.pem, "consul", "cluster")
|
||||
if err == nil && test.expectedError {
|
||||
require.Error(t, err)
|
||||
}
|
||||
if test.pem != "" {
|
||||
rootCert, err := connect.ParseCert(test.pem)
|
||||
require.NoError(t, err)
|
||||
|
||||
// just to make sure these two are not the same
|
||||
require.NotEqual(t, rootCert.AuthorityKeyId, rootCert.SubjectKeyId)
|
||||
|
||||
require.Equal(t, connect.HexString(rootCert.SubjectKeyId), root.SigningKeyID)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue