From 64e962aec68cc3d7cb4df73b6bcdb9a95b994979 Mon Sep 17 00:00:00 2001
From: Jon Edvald <edvald@gmail.com>
Date: Fri, 7 Sep 2018 17:30:17 -0700
Subject: [PATCH] refactor: get rid of native OpenSSL dependency

---
 garden-cli/package-lock.json                 | 28 ++++++++++++------
 garden-cli/package.json                      |  4 +--
 garden-cli/src/plugins/kubernetes/ingress.ts | 30 ++++++++++++++------
 3 files changed, 44 insertions(+), 18 deletions(-)

diff --git a/garden-cli/package-lock.json b/garden-cli/package-lock.json
index cdc8859dfc..751977726c 100644
--- a/garden-cli/package-lock.json
+++ b/garden-cli/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "garden-cli",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -1173,6 +1173,11 @@
         "safer-buffer": "~2.1.0"
       }
     },
+    "asn1js": {
+      "version": "1.2.12",
+      "resolved": "https://registry.npmjs.org/asn1js/-/asn1js-1.2.12.tgz",
+      "integrity": "sha1-h9XueXWWri0qPLAkciDcQv/D8hE="
+    },
     "assert-plus": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
@@ -1648,6 +1653,15 @@
         }
       }
     },
+    "certpem": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/certpem/-/certpem-1.1.2.tgz",
+      "integrity": "sha512-rqddNO1OdN6o7j1C486Os9USHgGEyoBSRHDgVAqx0jVAmGlgGQ1XPCrrl2KKxzdWBNC184V3gpV5BsvcDDQ+Vg==",
+      "requires": {
+        "asn1js": "^1.2.12",
+        "pkijs": "^1.3.27"
+      }
+    },
     "chai": {
       "version": "4.1.2",
       "resolved": "https://registry.npmjs.org/chai/-/chai-4.1.2.tgz",
@@ -8740,6 +8754,11 @@
         "find-up": "^2.1.0"
       }
     },
+    "pkijs": {
+      "version": "1.3.33",
+      "resolved": "https://registry.npmjs.org/pkijs/-/pkijs-1.3.33.tgz",
+      "integrity": "sha1-ponvYhE7fDSOH/wJll0iOeW7TJI="
+    },
     "plugin-error": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/plugin-error/-/plugin-error-1.0.1.tgz",
@@ -11097,13 +11116,6 @@
         "signal-exit": "^3.0.2"
       }
     },
-    "x509": {
-      "version": "github:stormwin/node-x509#40140051e55b2ef5bef73a4412bcdf8e2b672c6a",
-      "from": "github:stormwin/node-x509",
-      "requires": {
-        "nan": "2.10.0"
-      }
-    },
     "xdg-basedir": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/xdg-basedir/-/xdg-basedir-3.0.0.tgz",
diff --git a/garden-cli/package.json b/garden-cli/package.json
index aead163a27..43433eaeb8 100644
--- a/garden-cli/package.json
+++ b/garden-cli/package.json
@@ -28,6 +28,7 @@
     "async-lock": "^1.1.3",
     "axios": "^0.18.0",
     "bluebird": "^3.5.1",
+    "certpem": "^1.1.2",
     "chalk": "^2.4.1",
     "child-process-promise": "^2.2.1",
     "chokidar": "^2.0.4",
@@ -70,8 +71,7 @@
     "uniqid": "^5.0.3",
     "uuid": "^3.3.2",
     "winston": "^3.0.0",
-    "wrap-ansi": "^3.0.1",
-    "x509": "github:stormwin/node-x509"
+    "wrap-ansi": "^3.0.1"
   },
   "devDependencies": {
     "@commitlint/cli": "^7.0.0",
diff --git a/garden-cli/src/plugins/kubernetes/ingress.ts b/garden-cli/src/plugins/kubernetes/ingress.ts
index c383d6995b..f0fcfba63d 100644
--- a/garden-cli/src/plugins/kubernetes/ingress.ts
+++ b/garden-cli/src/plugins/kubernetes/ingress.ts
@@ -7,7 +7,7 @@
  */
 
 import { V1Secret } from "@kubernetes/client-node"
-import { groupBy, uniq, omit } from "lodash"
+import { groupBy, omit, find } from "lodash"
 import { findByName } from "../../util/util"
 import { ContainerService, ContainerEndpointSpec } from "../container"
 import { SecretRef, IngressTlsCertificate } from "./kubernetes"
@@ -15,7 +15,7 @@ import { ServiceEndpoint, ServiceProtocol } from "../../types/service"
 import * as Bluebird from "bluebird"
 import { KubeApi } from "./api"
 import { ConfigurationError, PluginError } from "../../exceptions"
-const x509 = require("x509")
+import { certpem } from "certpem"
 
 interface ServiceEndpointWithCert extends ServiceEndpoint {
   spec: ContainerEndpointSpec
@@ -181,14 +181,28 @@ async function getCertificateHostnames(api: KubeApi, cert: IngressTlsCertificate
       )
     }
 
-    const crt = Buffer.from(secret.data["tls.crt"], "base64").toString()
+    const crtData = Buffer.from(secret.data["tls.crt"], "base64").toString()
 
     try {
-      const subject = x509.getSubject(crt)
-      const hostnames = uniq([
-        ...(subject.commonName ? [subject.commonName] : []),
-        ...x509.getAltNames(crt),
-      ])
+      // Note: Can't use the certpem.info() method here because of multiple bugs.
+      // And yes, this API is insane. Crypto people are bonkers. Seriously. - JE
+      const certInfo = certpem.debug(crtData)
+
+      const hostnames: string[] = []
+
+      const commonNameField = find(certInfo.subject.types_and_values, ["type", "2.5.4.3"])
+      if (commonNameField) {
+        hostnames.push(commonNameField.value.value_block.value)
+      }
+
+      for (const ext of certInfo.extensions || []) {
+        if (ext.parsedValue && ext.parsedValue.altNames) {
+          for (const alt of ext.parsedValue.altNames) {
+            hostnames.push(alt.Name)
+          }
+        }
+      }
+
       certificateHostnames[cert.name] = hostnames
 
       return hostnames