k8s.io/apiserver@v0.31.1/pkg/server/dynamiccertificates/util.go (about) 1 /* 2 Copyright 2019 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package dynamiccertificates 18 19 import ( 20 "crypto/x509" 21 "fmt" 22 "strings" 23 "time" 24 ) 25 26 // GetHumanCertDetail is a convenient method for printing compact details of certificate that helps when debugging 27 // kube-apiserver usage of certs. 28 func GetHumanCertDetail(certificate *x509.Certificate) string { 29 humanName := certificate.Subject.CommonName 30 signerHumanName := certificate.Issuer.CommonName 31 if certificate.Subject.CommonName == certificate.Issuer.CommonName { 32 signerHumanName = "<self>" 33 } 34 35 usages := []string{} 36 for _, curr := range certificate.ExtKeyUsage { 37 if curr == x509.ExtKeyUsageClientAuth { 38 usages = append(usages, "client") 39 continue 40 } 41 if curr == x509.ExtKeyUsageServerAuth { 42 usages = append(usages, "serving") 43 continue 44 } 45 46 usages = append(usages, fmt.Sprintf("%d", curr)) 47 } 48 49 validServingNames := []string{} 50 for _, ip := range certificate.IPAddresses { 51 validServingNames = append(validServingNames, ip.String()) 52 } 53 validServingNames = append(validServingNames, certificate.DNSNames...) 54 servingString := "" 55 if len(validServingNames) > 0 { 56 servingString = fmt.Sprintf(" validServingFor=[%s]", strings.Join(validServingNames, ",")) 57 } 58 59 groupString := "" 60 if len(certificate.Subject.Organization) > 0 { 61 groupString = fmt.Sprintf(" groups=[%s]", strings.Join(certificate.Subject.Organization, ",")) 62 } 63 64 return fmt.Sprintf("%q [%s]%s%s issuer=%q (%v to %v (now=%v))", humanName, strings.Join(usages, ","), groupString, servingString, signerHumanName, certificate.NotBefore.UTC(), certificate.NotAfter.UTC(), 65 time.Now().UTC()) 66 }