| // Copyright Istio Authors |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| package util |
| |
| import ( |
| "fmt" |
| "strings" |
| ) |
| |
| // DualUseCommonName extracts a valid CommonName from a comma-delimited host string |
| // for dual-use certificates. |
| func DualUseCommonName(host string) (string, error) { |
| // cn uses one hostname, drop the rest |
| first := strings.SplitN(host, ",", 2)[0] |
| |
| // cn max length is 64 (ub-common-name @ https://tools.ietf.org/html/rfc5280) |
| if l := len(first); l > 64 { |
| return "", fmt.Errorf("certificate CN upper bound exceeded (%v>64): %s", l, first) |
| } |
| |
| return first, nil |
| } |
