connect: store signingKeyId instead of authorityKeyId (#6005)
This commit is contained in:
Todd Radel
Hans Hasselberg
parent
7a6a83397a
commit
8ece11a24a
|
|
@ -1084,7 +1084,7 @@ func parseCARoot(pemValue, provider, clusterID string) (*structs.CARoot, error)
|
||||||
ID: id,
|
ID: id,
|
||||||
Name: fmt.Sprintf("%s CA Root Cert", strings.Title(provider)),
|
Name: fmt.Sprintf("%s CA Root Cert", strings.Title(provider)),
|
||||||
SerialNumber: rootCert.SerialNumber.Uint64(),
|
SerialNumber: rootCert.SerialNumber.Uint64(),
|
||||||
SigningKeyID: connect.HexString(rootCert.AuthorityKeyId),
|
SigningKeyID: connect.HexString(rootCert.SubjectKeyId),
|
||||||
ExternalTrustDomain: clusterID,
|
ExternalTrustDomain: clusterID,
|
||||||
NotBefore: rootCert.NotBefore,
|
NotBefore: rootCert.NotBefore,
|
||||||
NotAfter: rootCert.NotAfter,
|
NotAfter: rootCert.NotAfter,
|
||||||
|
|
|
||||||
|
|
@ -1301,3 +1301,47 @@ func TestLeader_ConfigEntryBootstrap(t *testing.T) {
|
||||||
require.Equal(t, global_entry_init.Config, global.Config)
|
require.Equal(t, global_entry_init.Config, global.Config)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestLeader_ParseCARoot(t *testing.T) {
|
||||||
|
type test struct {
|
||||||
|
pem string
|
||||||
|
expectedError bool
|
||||||
|
}
|
||||||
|
tests := []test{
|
||||||
|
{"", true},
|
||||||
|
{`-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDHDCCAsKgAwIBAgIQS+meruRVzrmVwEhXNrtk9jAKBggqhkjOPQQDAjCBuTEL
|
||||||
|
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
|
||||||
|
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
|
||||||
|
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMUAwPgYDVQQDEzdDb25zdWwgQWdlbnQgQ0Eg
|
||||||
|
MTkzNzYxNzQwMjcxNzUxOTkyMzAyMzE1NDkxNjUzODYyMzAwNzE3MB4XDTE5MDQx
|
||||||
|
MjA5MTg0NVoXDTIwMDQxMTA5MTg0NVowHDEaMBgGA1UEAxMRY2xpZW50LmRjMS5j
|
||||||
|
b25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS2UroGUh5k7eR//iPsn9ne
|
||||||
|
CMCVsERnjqQnK6eDWnM5kTXgXcPPe5pcAS9xs0g8BZ+oVsJSc7sH6RYvX+gw6bCl
|
||||||
|
o4IBRjCCAUIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
|
||||||
|
BgEFBQcDATAMBgNVHRMBAf8EAjAAMGgGA1UdDgRhBF84NDphNDplZjoxYTpjODo1
|
||||||
|
MzoxMDo1YTpjNTplYTpjZTphYTowZDo2ZjpjOTozODozZDphZjo0NTphZTo5OTo4
|
||||||
|
YzpiYjoyNzpiYzpiMzpmYTpmMDozMToxNDo4ZTozNDBqBgNVHSMEYzBhgF8yYTox
|
||||||
|
MjpjYTo0Mzo0NzowODpiZjoxYTo0Yjo4MTpkNDo2MzowNTo1ODowZToxYzo3Zjoy
|
||||||
|
NTo0ZjozNDpmNDozYjpmYzo5YTpkNzo4Mjo2YjpkYzpmODo3YjphMTo5ZDAtBgNV
|
||||||
|
HREEJjAkghFjbGllbnQuZGMxLmNvbnN1bIIJbG9jYWxob3N0hwR/AAABMAoGCCqG
|
||||||
|
SM49BAMCA0gAMEUCIHcLS74KSQ7RA+edwOprmkPTh1nolwXz9/y9CJ5nMVqEAiEA
|
||||||
|
h1IHCbxWsUT3AiARwj5/D/CUppy6BHIFkvcpOCQoVyo=
|
||||||
|
-----END CERTIFICATE-----`, false},
|
||||||
|
}
|
||||||
|
for _, test := range tests {
|
||||||
|
root, err := parseCARoot(test.pem, "consul", "cluster")
|
||||||
|
if err == nil && test.expectedError {
|
||||||
|
require.Error(t, err)
|
||||||
|
}
|
||||||
|
if test.pem != "" {
|
||||||
|
rootCert, err := connect.ParseCert(test.pem)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
// just to make sure these two are not the same
|
||||||
|
require.NotEqual(t, rootCert.AuthorityKeyId, rootCert.SubjectKeyId)
|
||||||
|
|
||||||
|
require.Equal(t, connect.HexString(rootCert.SubjectKeyId), root.SigningKeyID)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue