From dee6aa0e1ae7359589dbecf8bd8dca93031b9812 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 25 Oct 2024 11:06:30 +0200 Subject: [PATCH 1/3] add missing RSA 3072bit key size Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/certificate/certificate.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/certificate/certificate.go b/pkg/certificate/certificate.go index 0185b802..8ece2621 100644 --- a/pkg/certificate/certificate.go +++ b/pkg/certificate/certificate.go @@ -41,7 +41,7 @@ const ( ) func AllSupportedKeySizes() []int { - return []int{1024, DefaultRSAlength, 4096, 8192} + return []int{1024, DefaultRSAlength, 3072, 4096, 8192} } //SSH Certificate structures From 38e2cb0f1d48474f1759f94ac4546f7fee1af8d4 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 5 Nov 2024 19:21:38 +0100 Subject: [PATCH 2/3] modify test to match AllSupportedKeySizes change Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/venafi/tpp/connector_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/venafi/tpp/connector_test.go b/pkg/venafi/tpp/connector_test.go index 8604f696..d0cabfc5 100644 --- a/pkg/venafi/tpp/connector_test.go +++ b/pkg/venafi/tpp/connector_test.go @@ -2002,7 +2002,7 @@ func TestReadPolicyConfiguration(t *testing.T) { []string{"^Utah$"}, []string{"^Salt Lake$"}, []string{"^US$"}, - []endpoint.AllowedKeyConfiguration{{certificate.KeyTypeRSA, []int{2048, 4096, 8192}, nil}}, + []endpoint.AllowedKeyConfiguration{{certificate.KeyTypeRSA, []int{2048, 3072, 4096, 8192}, nil}}, []string{`^([\p{L}\p{N}-*]+\.)*vfidev\.com$`, `^([\p{L}\p{N}-*]+\.)*vfidev\.net$`, `^([\p{L}\p{N}-*]+\.)*vfide\.org$`}, []string{".*"}, []string{".*"}, From 79d4b5fd78995e619630173199bc36ff86f696cf Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 21 Nov 2024 15:59:21 +0100 Subject: [PATCH 3/3] fix test based on feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/venafi/tpp/tpp_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/venafi/tpp/tpp_test.go b/pkg/venafi/tpp/tpp_test.go index 310709a5..1e55c63f 100644 --- a/pkg/venafi/tpp/tpp_test.go +++ b/pkg/venafi/tpp/tpp_test.go @@ -311,7 +311,7 @@ func TestConvertServerPolicyToInternalPolicy(t *testing.T) { if k.KeyType != certificate.KeyTypeRSA { t.Fatal("invalid key type") } - if len(k.KeySizes) != 3 || k.KeySizes[0] != 2048 || k.KeySizes[1] != 4096 || k.KeySizes[2] != 8192 { + if len(k.KeySizes) != 4 || k.KeySizes[0] != 2048 || k.KeySizes[1] != 3072 || k.KeySizes[2] != 4096 || k.KeySizes[3] != 8192 { t.Fatal("bad key lengths") } @@ -399,7 +399,7 @@ func TestConvertServerPolicyToInternalPolicy(t *testing.T) { if k.KeyType != certificate.KeyTypeRSA { t.Fatal("invalid key type") } - if len(k.KeySizes) != 3 || k.KeySizes[0] != 2048 || k.KeySizes[1] != 4096 || k.KeySizes[2] != 8192 { + if len(k.KeySizes) != 4 || k.KeySizes[0] != 2048 || k.KeySizes[1] != 3072 || k.KeySizes[2] != 4096 || k.KeySizes[3] != 8192 { t.Fatal("bad key lengths") } k = p.AllowedKeyConfigurations[1]