Closed BarthV closed 6 months ago
Hey @BarthV! Thanks for the contribution. I agree with your logic to use the in-tree cert-manager crypto libraries where available. I'll keep an eye on this PR and merge the changes in when you're at a good stopping point.
commits should be stable now. I simplified the x509 to PEMbundle interface without encoding a pem string like it was before.
tests seems to need to be retriggered due to third party registry issue now 😅
Don't worry about the other CI tasks - all I care about is this one! Thanks a lot for your contribution.
Implement a solution for https://github.com/Keyfactor/ejbca-cert-manager-issuer/issues/3
It uses cert-manager pki utils ( https://github.com/cert-manager/cert-manager/blob/master/pkg/util/pki/parse_certificate_chain.go#L50-L68 ) that helps a lot dealing with leaf / chain / root.
It makes ejbca integration with cert-manager smoother and more aligned with certificateSigningRequest expected reconciliation.
It passes all current tests, but please tell me if you feel this is too ugly ! Thanks