github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-08 15:13:55 -05:00
Code Issues Packages Projects Releases Wiki Activity

Remove ACMESANType usage on redundant issuance param

Browse Source
This commit is contained in:
Carlos Monastyrski
2025-12-02 16:26:36 -03:00
parent 6772eb5478
commit ec115bc4fb
9 changed files with 16 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
backend/src/server/routes/v1/certificate-router.ts
View File

@@ -11,12 +11,7 @@ import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
import { addNoCacheHeaders } from "@app/server/lib/caching";
import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
import { AuthMode } from "@app/services/auth/auth-type";
import {
ACMESANType,
CertKeyAlgorithm,
CertSignatureAlgorithm,
CrlReason
} from "@app/services/certificate/certificate-types";
import { CertKeyAlgorithm, CertSignatureAlgorithm, CrlReason } from "@app/services/certificate/certificate-types";
import { CaType } from "@app/services/certificate-authority/certificate-authority-enums";
import { validateCaDateField } from "@app/services/certificate-authority/certificate-authority-validators";
import {
@@ -129,18 +124,6 @@ export const registerCertificateRouter = async (server: FastifyZodProvider) => {
.optional(),
signatureAlgorithm: z.nativeEnum(CertSignatureAlgorithm).optional(),
keyAlgorithm: z.nativeEnum(CertKeyAlgorithm).optional(),
subjectAlternativeNames: z
.array(
z.object({
type: z.nativeEnum(ACMESANType),
value: z
.string()
.trim()
.min(1, "SAN value cannot be empty")
.max(255, "SAN value must be less than 255 characters")
})
)
.optional(),
ttl: z
.string()
.trim()
@@ -199,19 +182,9 @@ export const registerCertificateRouter = async (server: FastifyZodProvider) => {
useOrderFlow = caType !== CaType.INTERNAL;
}
if (attributes?.subjectAlternativeNames?.length || useOrderFlow) {
let acmeAltNames: Array<{ type: ACMESANType; value: string }> | undefined = attributes?.subjectAlternativeNames;
if (useOrderFlow && !attributes?.subjectAlternativeNames && attributes?.altNames?.length) {
acmeAltNames = attributes.altNames.map((alt: { type: CertSubjectAlternativeNameType; value: string }) => ({
type: (alt.type === CertSubjectAlternativeNameType.DNS_NAME
? ACMESANType.DNS
: ACMESANType.IP) as ACMESANType,
value: alt.value
}));
}
if (useOrderFlow) {
const certificateOrderObject = {
altNames: acmeAltNames || [],
altNames: attributes?.altNames || [],
validity: { ttl: attributes?.ttl || "" },
commonName: attributes?.commonName,
keyUsages: attributes?.keyUsages,
@@ -579,7 +552,7 @@ export const registerCertificateRouter = async (server: FastifyZodProvider) => {
profileId: z.string().uuid(),
subjectAlternativeNames: z.array(
z.object({
type: z.nativeEnum(ACMESANType),
type: z.nativeEnum(CertSubjectAlternativeNameType),
value: z
.string()
.trim()

4
backend/src/server/routes/v3/deprecated-certificates-router.ts
View File

@@ -7,7 +7,7 @@ import { ms } from "@app/lib/ms";
import { writeLimit } from "@app/server/config/rateLimiter";
import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
import { AuthMode } from "@app/services/auth/auth-type";
import { ACMESANType, CertKeyAlgorithm, CertSignatureAlgorithm } from "@app/services/certificate/certificate-types";
import { CertKeyAlgorithm, CertSignatureAlgorithm } from "@app/services/certificate/certificate-types";
import { validateCaDateField } from "@app/services/certificate-authority/certificate-authority-validators";
import {
CertExtendedKeyUsageType,
@@ -305,7 +305,7 @@ export const registerCertificatesRouter = async (server: FastifyZodProvider) =>
profileId: z.string().uuid(),
subjectAlternativeNames: z.array(
z.object({
type: z.nativeEnum(ACMESANType),
type: z.nativeEnum(CertSubjectAlternativeNameType),
value: z
.string()
.trim()

2
backend/src/services/certificate-authority/certificate-issuance-queue.ts
View File

@@ -208,7 +208,7 @@ export const certificateIssuanceQueueFactory = ({
const [, generatedCsr] = await acme.crypto.createCsr(
{
altNames: altNames || [],
altNames: altNames ? [...altNames] : [],
commonName: commonName || ""
},
skLeaf

7
backend/src/services/certificate-v3/certificate-v3-service.test.ts
View File

@@ -11,7 +11,7 @@ import { TPkiAcmeAccountDALFactory } from "@app/ee/services/pki-acme/pki-acme-ac
import { BadRequestError, ForbiddenRequestError, NotFoundError } from "@app/lib/errors";
import { TCertificateDALFactory } from "@app/services/certificate/certificate-dal";
import { TCertificateSecretDALFactory } from "@app/services/certificate/certificate-secret-dal";
import { ACMESANType, CertStatus } from "@app/services/certificate/certificate-types";
import { CertStatus } from "@app/services/certificate/certificate-types";
import { TCertificateAuthorityDALFactory } from "@app/services/certificate-authority/certificate-authority-dal";
import { CaStatus } from "@app/services/certificate-authority/certificate-authority-enums";
import { TInternalCertificateAuthorityServiceFactory } from "@app/services/certificate-authority/internal/internal-certificate-authority-service";
@@ -19,7 +19,8 @@ import {
CertExtendedKeyUsageType,
CertIncludeType,
CertKeyUsageType,
CertSubjectAttributeType
CertSubjectAttributeType,
CertSubjectAlternativeNameType
} from "@app/services/certificate-common/certificate-constants";
import { TCertificateProfileDALFactory } from "@app/services/certificate-profile/certificate-profile-dal";
import { EnrollmentType, IssuerType } from "@app/services/certificate-profile/certificate-profile-types";
@@ -853,7 +854,7 @@ describe("CertificateV3Service", () => {
describe("orderCertificateFromProfile", () => {
const mockCertificateOrder = {
altNames: [{ type: ACMESANType.DNS, value: "example.com" }],
altNames: [{ type: CertSubjectAlternativeNameType.DNS_NAME, value: "example.com" }],
validity: { ttl: "30d" },
commonName: "example.com",
keyUsages: [CertKeyUsageType.DIGITAL_SIGNATURE],

22
backend/src/services/certificate-v3/certificate-v3-service.ts
View File

@@ -1054,7 +1054,7 @@ export const certificateV3ServiceFactory = ({
tx
});
const certificateRecord = await certificateDAL.findById(certResult.certificateId);
const certificateRecord = await certificateDAL.findById(certResult.certificateId, tx);
if (!certificateRecord) {
throw new NotFoundError({ message: "Certificate was issued but could not be found in database" });
}
@@ -1307,25 +1307,7 @@ export const certificateV3ServiceFactory = ({
commonName: certificateOrder.commonName,
keyUsages: certificateOrder.keyUsages,
extendedKeyUsages: certificateOrder.extendedKeyUsages,
subjectAlternativeNames: certificateOrder.altNames?.map((san) => {
let certType: CertSubjectAlternativeNameType;
switch (san.type) {
case "dns":
certType = CertSubjectAlternativeNameType.DNS_NAME;
break;
case "ip":
certType = CertSubjectAlternativeNameType.IP_ADDRESS;
break;
default:
throw new BadRequestError({
message: `Unsupported Subject Alternative Name type: ${san.type as string}`
});
}
return {
type: certType,
value: san.value
};
}),
subjectAlternativeNames: certificateOrder.altNames,
validity: certificateOrder.validity,
notBefore: certificateOrder.notBefore,
notAfter: certificateOrder.notAfter,

3
backend/src/services/certificate-v3/certificate-v3-types.ts
View File

@@ -1,6 +1,5 @@
import { TProjectPermission } from "@app/lib/types";
import { ACMESANType } from "../certificate/certificate-types";
import {
CertExtendedKeyUsageType,
CertKeyUsageType,
@@ -45,7 +44,7 @@ export type TOrderCertificateFromProfileDTO = {
profileId: string;
certificateOrder: {
altNames: Array<{
type: ACMESANType;
type: CertSubjectAlternativeNameType;
value: string;
}>;
validity: {

2
frontend/src/hooks/api/certificates/index.tsx
View File

@@ -7,4 +7,4 @@ export {
useRevokeCert,
useUpdateRenewalConfig
} from "./mutations";
export { useGetCert, useGetCertBody, useGetCertificateRequest } from "./queries";
export { useGetCert, useGetCertBody } from "./queries";

22
frontend/src/hooks/api/certificates/queries.tsx
View File

@@ -2,7 +2,7 @@ import { useQuery } from "@tanstack/react-query";
import { apiRequest } from "@app/config/request";
import { TCertificate, TCertificateRequestDetails } from "./types";
import { TCertificate } from "./types";
export const certKeys = {
getCertById: (serialNumber: string) => [{ serialNumber }, "cert"],
@@ -59,23 +59,3 @@ export const useGetCertBundle = (serialNumber: string) => {
enabled: Boolean(serialNumber)
});
};
export const useGetCertificateRequest = (requestId: string, projectSlug: string) => {
return useQuery({
queryKey: certKeys.getCertificateRequest(requestId, projectSlug),
queryFn: async () => {
const { data } = await apiRequest.get<TCertificateRequestDetails>(
`/api/v3/pki/certificates/requests/${requestId}`,
{
params: { projectSlug }
}
);
return data;
},
enabled: Boolean(requestId) && Boolean(projectSlug),
refetchInterval: (query) => {
// Only refetch if status is pending
return query.state.data?.status === "pending" ? 5000 : false;
}
});
};

110
frontend/src/pages/cert-manager/CertificatesPage/components/CertificateRequestTracker.tsx
View File

@@ -1,110 +0,0 @@
import { useEffect } from "react";
import { faCheck, faExclamationTriangle, faSpinner } from "@fortawesome/free-solid-svg-icons";
import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
import { useProject } from "@app/context";
import { useGetCertificateRequest } from "@app/hooks/api/certificates";
type CertificateInfo = {
id: string;
serialNumber: string;
commonName: string;
notAfter: string;
[key: string]: unknown;
};
type Props = {
requestId: string;
onCertificateIssued?: (certificate: CertificateInfo) => void;
};
export const CertificateRequestTracker = ({ requestId, onCertificateIssued }: Props) => {
const { currentProject } = useProject();
const { data: requestData, isLoading } = useGetCertificateRequest(
requestId,
currentProject?.slug || ""
);
useEffect(() => {
if (requestData?.status === "issued" && requestData.certificate && onCertificateIssued) {
onCertificateIssued(requestData.certificate);
}
}, [requestData, onCertificateIssued]);
if (isLoading) {
return (
<div className="flex items-center space-x-2">
<FontAwesomeIcon icon={faSpinner} className="animate-spin text-primary" />
<span className="text-sm text-mineshaft-400">Loading request status...</span>
</div>
);
}
const getStatusIcon = () => {
switch (requestData?.status) {
case "pending":
return <FontAwesomeIcon icon={faSpinner} className="animate-spin text-yellow-500" />;
case "issued":
return <FontAwesomeIcon icon={faCheck} className="text-green-500" />;
case "failed":
return <FontAwesomeIcon icon={faExclamationTriangle} className="text-red-500" />;
default:
return null;
}
};
const getStatusMessage = () => {
switch (requestData?.status) {
case "pending":
return "Certificate request is being processed...";
case "issued":
return "Certificate has been issued successfully!";
case "failed":
return `Certificate request failed: ${requestData.errorMessage || "Unknown error"}`;
default:
return "Unknown status";
}
};
return (
<div className="space-y-4">
<div className="flex items-center space-x-2">
{getStatusIcon()}
<span className="text-sm font-medium text-mineshaft-300">
Certificate Request ID: {requestId}
</span>
</div>
<div className="text-sm text-mineshaft-400">
Status: <span className="font-medium capitalize">{requestData?.status || "Unknown"}</span>
</div>
<div className="text-sm text-mineshaft-400">{getStatusMessage()}</div>
{requestData?.status === "issued" && requestData.certificate && (
<div className="mt-4 rounded-md border border-green-500/30 bg-green-900/20 p-3">
<div className="text-sm text-green-400">
<strong>Certificate Details:</strong>
<br />
Serial Number: {requestData.certificate.serialNumber}
<br />
Common Name: {requestData.certificate.commonName}
<br />
Valid Until: {new Date(requestData.certificate.notAfter).toLocaleDateString()}
</div>
</div>
)}
{requestData?.status === "failed" && requestData.errorMessage && (
<div className="mt-4 rounded-md border border-red-500/30 bg-red-900/20 p-3">
<div className="text-sm text-red-400">
<strong>Error Details:</strong>
<br />
{requestData.errorMessage}
</div>
</div>
)}
</div>
);
};