envoyconfig: add virtual host domains for certificates in addition to routes (#3593)

* envoyconfig: add virtual host domains for certificates in addition to routes * Update pkg/cryptutil/certificates.go Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update pkg/cryptutil/tls.go Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * comments Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
2025-05-21 21:17:13 +02:00 · 2022-08-31 10:35:45 -06:00 · 2022-08-31 10:35:45 -06:00 · 33794ff316
commit 33794ff316
parent 23c42da8ec
6 changed files with 99 additions and 14 deletions
--- a/pkg/cryptutil/tls.go
+++ b/pkg/cryptutil/tls.go
@ -63,6 +63,30 @@ func GetCertificateForDomain(certificates []tls.Certificate, domain string) (*tl
 	return GenerateSelfSignedCertificate(domain)
 }

+// GetCertificateDomains gets all the certificate's matching domain names.
+// Will return an empty slice if certificate is nil, empty, or x509 parsing fails.
+func GetCertificateDomains(cert *tls.Certificate) []string {
+	if cert == nil || len(cert.Certificate) == 0 {
+		return nil
+	}
+
+	xcert, err := x509.ParseCertificate(cert.Certificate[0])
+	if err != nil {
+		return nil
+	}
+
+	var domains []string
+	if xcert.Subject.CommonName != "" {
+		domains = append(domains, xcert.Subject.CommonName)
+	}
+	for _, dnsName := range xcert.DNSNames {
+		if dnsName != "" {
+			domains = append(domains, dnsName)
+		}
+	}
+	return domains
+}
+
 func matchesDomain(cert *tls.Certificate, domain string) bool {
 	if cert == nil || len(cert.Certificate) == 0 {
 		return false