public class CSRUtils extends Object
Modifier and Type | Field and Description |
---|---|
static String |
CSR_USAGE_CLIENT_AUTH |
static String |
SIGNER_NAME_KUBE_APISERVER_CLIENT |
Constructor and Description |
---|
CSRUtils() |
Modifier and Type | Method and Description |
---|---|
static void |
approve(io.kubernetes.client.openapi.ApiClient apiClient,
String csrObjName)
Approves a CertificateSigningRequest by requesting "/approve" subresource.
|
static byte[] |
createAndWaitUntilCertificateSigned(io.kubernetes.client.openapi.ApiClient bootstrapApiClient,
io.kubernetes.client.openapi.models.V1CertificateSigningRequest csr)
Creates the given CertificateSigningRequest object if it doesn't exist, then waits until it's
approved.
|
static boolean |
createIfAbsent(io.kubernetes.client.openapi.ApiClient apiClient,
io.kubernetes.client.openapi.models.V1CertificateSigningRequest csr)
Creates if the CertificateSigningRequest is absent in the cluster.
|
static Optional<byte[]> |
getCertificate(io.kubernetes.client.openapi.models.V1CertificateSigningRequest csr)
Gets certificate data from the CertificateSigningRequest object.
|
static boolean |
isIdentical(io.kubernetes.client.openapi.models.V1CertificateSigningRequest left,
io.kubernetes.client.openapi.models.V1CertificateSigningRequest right)
Checks if the two CertificateSigningRequest is identical.
|
static io.kubernetes.client.openapi.models.V1CertificateSigningRequest |
newV1CertificateSigningRequest(String csrObjName,
byte[] csrBytes) |
static io.kubernetes.client.openapi.models.V1CertificateSigningRequest |
newV1CertificateSigningRequest(String csrObjName,
byte[] csrBytes,
String signerName,
String usage) |
static byte[] |
sign(KeyPair keyPair,
String commonName)
Sign CSR from the key-pair.
|
static byte[] |
sign(KeyPair keyPair,
String csrAlgo,
String subjects)
Sign CSR from the key-pair.
|
static byte[] |
sign(KeyPair keyPair,
String csrAlgo,
String commonName,
String organizationName)
Sign CSR from the key-pair.
|
static byte[] |
waitUntilCertificateSigned(io.kubernetes.client.openapi.ApiClient apiClient,
String csrObjectName)
Wait until the CertificateSigningRequest is approved within a timeout of 30 minutes.
|
static byte[] |
waitUntilCertificateSigned(io.kubernetes.client.openapi.ApiClient apiClient,
String csrObjectName,
Duration retryInterval,
Duration timeout)
Wait until the CertificateSigningRequest is approved within a timeout of 30 minutes.
|
public static final String CSR_USAGE_CLIENT_AUTH
public static final String SIGNER_NAME_KUBE_APISERVER_CLIENT
public static void approve(io.kubernetes.client.openapi.ApiClient apiClient, String csrObjName) throws io.kubernetes.client.openapi.ApiException
apiClient
- the api clientcsrObjName
- the csr obj nameio.kubernetes.client.openapi.ApiException
- the api exceptionpublic static byte[] createAndWaitUntilCertificateSigned(io.kubernetes.client.openapi.ApiClient bootstrapApiClient, io.kubernetes.client.openapi.models.V1CertificateSigningRequest csr) throws CSRNotApprovedException, io.kubernetes.client.openapi.ApiException
It's short-cut combo of CSRUtils#createIfAbsent and CSRUtils#waitUntilCertificateSigned
bootstrapApiClient
- the bootstrap api clientcsr
- the csrCSRNotApprovedException
- the csr not approved exceptionio.kubernetes.client.openapi.ApiException
- the api exceptionpublic static boolean createIfAbsent(io.kubernetes.client.openapi.ApiClient apiClient, io.kubernetes.client.openapi.models.V1CertificateSigningRequest csr) throws io.kubernetes.client.openapi.ApiException
apiClient
- the api clientcsr
- the csrio.kubernetes.client.openapi.ApiException
- the api exceptionpublic static byte[] waitUntilCertificateSigned(io.kubernetes.client.openapi.ApiClient apiClient, String csrObjectName) throws CSRNotApprovedException
apiClient
- the api clientcsrObjectName
- the csr object nameCSRNotApprovedException
- the csr not approved exceptionpublic static byte[] waitUntilCertificateSigned(io.kubernetes.client.openapi.ApiClient apiClient, String csrObjectName, Duration retryInterval, Duration timeout) throws CSRNotApprovedException
apiClient
- the api clientcsrObjectName
- the csr object nameretryInterval
- the retry intervaltimeout
- the timeoutCSRNotApprovedException
- the csr not approved exceptionpublic static Optional<byte[]> getCertificate(io.kubernetes.client.openapi.models.V1CertificateSigningRequest csr)
csr
- the csrpublic static boolean isIdentical(io.kubernetes.client.openapi.models.V1CertificateSigningRequest left, io.kubernetes.client.openapi.models.V1CertificateSigningRequest right)
left
- the leftright
- the rightpublic static byte[] sign(KeyPair keyPair, String commonName) throws CSRSigningException
keyPair
- the key paircommonName
- the common nameCSRSigningException
- the csr signing exceptionpublic static byte[] sign(KeyPair keyPair, String csrAlgo, String commonName, String organizationName) throws CSRSigningException
keyPair
- the key paircsrAlgo
- the csr algocommonName
- the common nameorganizationName
- the organization nameCSRSigningException
- the csr signing exceptionpublic static byte[] sign(KeyPair keyPair, String csrAlgo, String subjects) throws CSRSigningException
keyPair
- the key paircsrAlgo
- the csr algosubjects
- the subjectsCSRSigningException
- the csr signing exceptionpublic static io.kubernetes.client.openapi.models.V1CertificateSigningRequest newV1CertificateSigningRequest(String csrObjName, byte[] csrBytes)
Copyright © 2021. All rights reserved.