|
1 | | -import { pki } from 'node-forge'; |
2 | | - |
3 | 1 | import { IoK8sApiCoreV1Secret } from '@kubev2v/types'; |
4 | 2 |
|
5 | 3 | import { safeBase64Decode } from '../../../helpers'; |
6 | 4 | import { validateIpv4, validateURL, ValidationMsg } from '../../common'; |
7 | 5 |
|
8 | | -export const urlMatchesCertFqdn = (urlHostname: string, caCert: string): boolean => { |
9 | | - try { |
10 | | - const decodedCaCert = safeBase64Decode(caCert); |
11 | | - const cert = pki.certificateFromPem(decodedCaCert); |
12 | | - const dnsAltName = cert.extensions |
13 | | - .find((ext) => ext.name === 'subjectAltName') |
14 | | - ?.altNames.find((altName) => altName.type === 2)?.value; |
15 | | - const commonName = cert.subject.attributes.find((attr) => attr.name === 'commonName')?.value; |
16 | | - |
17 | | - return urlHostname === commonName || urlHostname === dnsAltName; |
18 | | - } catch (e) { |
19 | | - console.error('Unable to parse certificate object from PEM.'); |
20 | | - } |
21 | | - |
22 | | - return false; |
23 | | -}; |
24 | | - |
25 | 6 | export const validateVCenterURL = (url: string, secret?: IoK8sApiCoreV1Secret): ValidationMsg => { |
26 | 7 | // For a newly opened form where the field is not set yet, set the validation type to default. |
27 | 8 | if (url === undefined) { |
@@ -58,16 +39,8 @@ export const validateVCenterURL = (url: string, secret?: IoK8sApiCoreV1Secret): |
58 | 39 | } |
59 | 40 |
|
60 | 41 | if (isSecure) { |
61 | | - const caCert = secret?.data?.cacert; |
62 | 42 | const isValidIpAddress = validateIpv4(urlHostname); |
63 | 43 |
|
64 | | - if (!isValidIpAddress && caCert && !urlMatchesCertFqdn(urlHostname, caCert)) { |
65 | | - return { |
66 | | - type: 'error', |
67 | | - msg: 'Invalid URL. The URL must be a fully qualified domain name (FQDN) and match the FQDN in the certificate you uploaded.', |
68 | | - }; |
69 | | - } |
70 | | - |
71 | 44 | if (isValidIpAddress) { |
72 | 45 | return { |
73 | 46 | type: 'warning', |
|
0 commit comments