github.com/openshift/installer@v1.4.17/pkg/asset/tls/journalcertkey.go

github.com/openshift/installer@v1.4.17/pkg/asset/tls/journalcertkey.go (about)

     1  package tls
     2  
     3  import (
     4  	"context"
     5  	"crypto/x509"
     6  	"crypto/x509/pkix"
     7  
     8  	"github.com/openshift/installer/pkg/asset"
     9  )
    10  
    11  // JournalCertKey is the asset that generates the key/cert pair that is used to
    12  // authenticate with journal-gatewayd on the bootstrap node.
    13  type JournalCertKey struct {
    14  	SignedCertKey
    15  }
    16  
    17  var _ asset.WritableAsset = (*JournalCertKey)(nil)
    18  
    19  // Dependencies returns the dependency of the the cert/key pair, which includes
    20  // the parent CA, and install config if it depends on the install config for
    21  // DNS names, etc.
    22  func (a *JournalCertKey) Dependencies() []asset.Asset {
    23  	return []asset.Asset{
    24  		&RootCA{},
    25  	}
    26  }
    27  
    28  // Generate generates the cert/key pair based on its dependencies.
    29  func (a *JournalCertKey) Generate(ctx context.Context, dependencies asset.Parents) error {
    30  	ca := &RootCA{}
    31  	dependencies.Get(ca)
    32  
    33  	cfg := &CertCfg{
    34  		Subject:      pkix.Name{CommonName: "journal-gatewayd", Organization: []string{"OpenShift Bootstrap"}},
    35  		KeyUsages:    x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
    36  		ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
    37  		Validity:     ValidityTenYears,
    38  	}
    39  
    40  	return a.SignedCertKey.Generate(ctx, cfg, ca, "journal-gatewayd", DoNotAppendParent)
    41  }
    42  
    43  // Name returns the human-friendly name of the asset.
    44  func (a *JournalCertKey) Name() string {
    45  	return "Certificate (journal-gatewayd)"
    46  }