diff options
| author | KubeEdge Bot <48982446+kubeedge-bot@users.noreply.github.com> | 2021-09-28 16:05:46 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-28 16:05:46 +0800 |
| commit | 7e10d011bddf2916ba1e0111206ad1a074a7a7bd (patch) | |
| tree | 3319d89026b768f99ccf9388f88b6fe6eeb35afb | |
| parent | Merge pull request #3191 from siredmar/automated-cherry-pick-of-#3114-origin-... (diff) | |
| parent | perf: cloudcore ecertificate application restful api supports certificate usages (diff) | |
| download | kubeedge-origin/release-1.8.tar.gz | |
Merge pull request #3205 from khalid-jobs/automated-cherry-pick-of-#3177-upstream-release-1.8v1.8.2origin/release-1.8
Automated cherry pick of #3177: perf: cloudcore ecertificate application restful api supports
| -rw-r--r-- | cloud/pkg/cloudhub/servers/httpserver/server.go | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/cloud/pkg/cloudhub/servers/httpserver/server.go b/cloud/pkg/cloudhub/servers/httpserver/server.go index 443a818f9..53bf1b779 100644 --- a/cloud/pkg/cloudhub/servers/httpserver/server.go +++ b/cloud/pkg/cloudhub/servers/httpserver/server.go @@ -22,6 +22,7 @@ import ( "crypto/tls" "crypto/x509" "crypto/x509/pkix" + "encoding/json" "encoding/pem" "fmt" "io/ioutil" @@ -180,8 +181,19 @@ func signEdgeCert(w http.ResponseWriter, r *http.Request) { klog.Errorf("fail to ParseCertificateRequest of edgenode: %s! error:%v", r.Header.Get(constants.NodeName), err) return } - subject := csr.Subject - clientCertDER, err := signCerts(subject, csr.PublicKey) + usagesStr := r.Header.Get("ExtKeyUsages") + var usages []x509.ExtKeyUsage + if usagesStr == "" { + usages = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth} + } else { + err := json.Unmarshal([]byte(usagesStr), &usages) + if err != nil { + klog.Errorf("unmarshal http header ExtKeyUsages fail, err: %v", err) + return + } + } + klog.V(4).Infof("receive sign crt request, ExtKeyUsages: %v", usages) + clientCertDER, err := signCerts(csr.Subject, csr.PublicKey, usages) if err != nil { klog.Errorf("fail to signCerts for edgenode:%s! error:%v", r.Header.Get(constants.NodeName), err) return @@ -193,11 +205,11 @@ func signEdgeCert(w http.ResponseWriter, r *http.Request) { } // signCerts will create a certificate for EdgeCore -func signCerts(subInfo pkix.Name, pbKey crypto.PublicKey) ([]byte, error) { +func signCerts(subInfo pkix.Name, pbKey crypto.PublicKey, usages []x509.ExtKeyUsage) ([]byte, error) { cfgs := &certutil.Config{ CommonName: subInfo.CommonName, Organization: subInfo.Organization, - Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, + Usages: usages, } clientKey := pbKey |