/utils

Move juju/cert pkg into utils. #250

Merged
merged 2 commits into from Nov 10, 2016

Conversation

Reviewers

@perrito666 perrito666

@axw axw

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@hoenirvili @jujubot @perrito666 @axw
@hoenirvili
Contributor

hoenirvili commented Nov 10, 2016
Edited 1 time

As discussed in here #249
@axw @dooferlad
Move juju/cert pkg into utils. 
Signed-off-by: Salvatore Giulitti <sgiulitti@cloudbasesolutions.com>
08c7dcf

@hoenirvili hoenirvili referenced this pull request in juju/juju Nov 10, 2016

Merged

Make all juju/cert paths point now to utils/cert #6556

@axw

axw requested changes Nov 10, 2016
View changes

Just a few things to make this a bit more generic.

cert/cert.go
+
+// Verify verifies that the given server certificate is valid with
+// respect to the given CA certificate at the given time.
+func Verify(srvCertPEM, caCertPEM string, when time.Time) error {
@axw

axw Nov 10, 2016

Member

unless this is needed by winrm, I think we should leave this one in juju/cert. It has some juju-specifics, because of the "anyServer".

@hoenirvili

hoenirvili Nov 10, 2016

Contributor

This is not needed for winrm, winrm itself has built it function to verify the cert.

@hoenirvili

hoenirvili Nov 10, 2016

Contributor

Fixed !

cert/cert.go
+
+// NewCA generates a CA certificate/key pair suitable for signing server
+// keys for an environment with the given name.
+func NewCA(envName, UUID string, expiry time.Time) (certPEM, keyPEM string, err error) {
@axw

axw Nov 10, 2016

Member

Since this is meant to be generic, I think we should just pass in the common name and use it directly in the CommonName field. juju/cert can then have its own NewCA function which calls the one in this package with fmt.Sprintf(...)

@hoenirvili

hoenirvili Nov 10, 2016

Contributor

Fixed !

cert/cert.go
+}
+
+// newLeaf generates a certificate/key pair suitable for use by a leaf node.
+func newLeaf(caCertPEM, caKeyPEM string, expiry time.Time, hostnames []string, extKeyUsage []x509.ExtKeyUsage) (certPEM, keyPEM string, err error) {
@axw

axw Nov 10, 2016

Member

as above, I think this should take CommonName as an arg, and juju/cert can have its own version that passes in "*"

@hoenirvili

hoenirvili Nov 10, 2016

Contributor

Fixed !

cert/cert.go
+ return n, nil
+}
+
+// NewDefaultServer generates a certificate/key pair suitable for use by a server, with an
@axw

axw Nov 10, 2016

Member

can we just keep these two functions (NewDefaultServer and NewServer) in juju/cert, and expose newLeaf (NewLeaf)?

@hoenirvili

hoenirvili Nov 10, 2016

Contributor

Yeah sure ! Sounds reasonable.

@axw

axw approved these changes Nov 10, 2016
View changes

LGTM with a slight change. Thanks!

Changes after review. 
Signed-off-by: Salvatore Giulitti <sgiulitti@cloudbasesolutions.com>
No user is associated with the committer email.
Learn about signing commits
8f7f6d9
@hoenirvili
Contributor

hoenirvili commented Nov 10, 2016

$$merge$$
@jujubot
Contributor

jujubot commented Nov 10, 2016

Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju-utils

@jujubot jujubot merged commit a84e60d into juju:master Nov 10, 2016

@hoenirvili hoenirvili deleted the hoenirvili:move-cert-pkg branch Nov 10, 2016

jujubot added a commit to juju/juju that referenced this pull request Nov 11, 2016

@jujubot
Merge pull request #6556 from hoenirvili/move-cert-pkg 
Make all juju/cert paths point now to utils/cert

This patch depends on this patch to be merged juju/utils#250

This patch contains:
  -  moves  juju/cert into utils/ pkg.
  - update code path for all files.
  - update dependencies.tsv
a902b41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment