mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-28 14:11:10 +01:00
Code Issues Projects Releases Wiki Activity
6,740 Commits 2,849 Branches 460 Tags
Commit Graph

49 Commits

Author SHA1 Message Date
Jeff Mitchell
33cf98026e
Add PKCS8 marshaling to PKI (#3518) 2017-11-06 12:05:07 -05:00
Seth Rutner
8675332afa Fix typos in error message (#2692) 2017-05-10 10:28:35 -04:00
Vishal Nayak
c947e31d1b Return error message for failure to parse CSR (#2657) 2017-04-28 08:30:24 -04:00
Saj Goonatilleke
9cd9fbbad3 pki: Include private_key_type on DER-formatted responses from /pki/issue/ (#2405) 2017-02-24 11:17:59 -05:00
joe miller
90e32515ea allow roles to set OU value in certificates issued by the pki backend (#2251) 2017-01-23 12:44:45 -05:00
Chris Hoffman
10c8024fa3 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
Jeff Mitchell
6f6d1f7237 Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop. 2016-09-16 11:05:43 -04:00
vishalnayak
ddb6ae18a0 Fix invalid input getting marked as internal error 2016-07-28 16:23:11 -04:00
Jeff Mitchell
2767858507 Remove manual selection of nextprotos from tls config coming from certutil; it's really not up to us to dictate third party requirements 2016-07-22 11:12:46 -04:00
Jeff Mitchell
fda9473681 Trim leading/trailing space around PEM bundles. 
Fixes #1634
 2016-07-20 13:57:49 -04:00
vishalnayak
5b458db104 Merge branch 'master-oss' into json-use-number 
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
 2016-07-15 19:21:55 -04:00
vishalnayak
ee6ba1e85e Make 'tls_min_version' configurable 2016-07-12 19:32:47 -04:00
vishalnayak
f200a8568b Set minimum TLS version in all tls.Config objects 2016-07-12 17:06:28 -04:00
vishalnayak
ef97199360 Added JSON Decode and Encode helpers. 
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
 2016-07-06 12:25:40 -04:00
Adam Shannon
e0df8e9e88 all: Cleanup from running go vet 2016-04-13 14:38:29 -05:00
Andrew Stuart
fea21d9c08
Update PrivateKeyType to string, update switch statement. 2015-12-14 11:16:47 -07:00
Andrew Stuart
a73be107e1
Remove unnecessary cast 2015-12-14 06:17:20 -07:00
Andrew Stuart
44413fdb2f
Remove printf call from test 2015-12-11 15:47:00 -07:00
Andrew Stuart
7b9a0e81e1
Merge branch 'pkcs8' 2015-12-11 15:22:43 -07:00
Andrew Stuart
1c41726766
Add benchmark for certutil bundle parsing 2015-12-11 15:17:49 -07:00
Andrew Stuart
166c7ac0f9
Remove debugging print statement in compareCertBundleToParsedCertBundle 2015-12-11 15:17:49 -07:00
Andrew Stuart
7065500d16
Remove flag check before trying pkcs8 parsing. 2015-12-11 15:17:49 -07:00
Andrew Stuart
c481955401
Add pkcs8 flag setting in ParsePEMBundle 2015-12-11 15:17:49 -07:00
Andrew Stuart
e38596fc1c
Update tests and finish implementation of PKCS8 handling 2015-12-11 15:17:49 -07:00
Andrew Stuart
39a3a92e79
Update ParsePEMBundle to properly handle pkcs#8 
Implementation based on be16001187/src/crypto/tls/tls.go (L273-L290)
 2015-12-11 15:17:49 -07:00
Andrew Stuart
dfc052a755
Move to pem.Block.Type-based decoding 2015-12-11 14:57:33 -07:00
Andrew Stuart
ee563cdc32
Add benchmark for certutil bundle parsing 2015-12-11 09:58:49 -07:00
Andrew Stuart
1083c3b357
Merge branch 'master' into pkcs8 2015-12-10 21:02:59 -07:00
Andrew Stuart
ceb74f956c
Update flag to field with format info 2015-12-10 21:02:31 -07:00
Andrew Stuart
a9723189a1
Remove debugging print statement in compareCertBundleToParsedCertBundle 2015-12-10 16:33:42 -07:00
Andrew Stuart
7bba342ee3
Remove flag check before trying pkcs8 parsing. 2015-12-09 19:41:32 -07:00
Andrew Stuart
50b7be1c9a Remove flag check before trying pkcs8 parsing. 2015-12-09 15:33:25 -07:00
Andrew Stuart
c8d49c2d66 Add pkcs8 flag setting in ParsePEMBundle 2015-12-09 15:33:25 -07:00
Andrew Stuart
5af21130d7 Update tests and finish implementation of PKCS8 handling 2015-12-09 15:33:25 -07:00
Andrew Stuart
b59e15c33d Update ParsePEMBundle to properly handle pkcs#8 
Implementation based on be16001187/src/crypto/tls/tls.go (L273-L290)
 2015-12-09 15:29:13 -07:00
Jeff Mitchell
4f2f7a0e3b Mostly revert changes to certutil as the embedded struct stuff was being 
problematic.
 2015-11-19 14:18:39 -05:00
Jeff Mitchell
fcbdb5f30a fix tests 2015-11-19 10:13:28 -05:00
Jeff Mitchell
cb5514f3f3 Move public key comparison logic to its own function 2015-11-19 09:51:18 -05:00
Jeff Mitchell
b5423493ca Move serial number generation and key validation into certutil; centralize format and key verification 2015-11-19 09:51:18 -05:00
Jeff Mitchell
ba37e4bcb5 Add unit tests for CSR bundle conversion 2015-11-19 09:51:18 -05:00
Jeff Mitchell
4e73187837 Add support for EC CA keys, output to base64-encoded DER instead of PEM, and tests for all of those. Also note that Go 1.5 is now required. 2015-11-19 09:51:17 -05:00
Jeff Mitchell
e45af0a17b Add unit tests to test signing logic, fix up test logic for names 2015-11-19 09:51:17 -05:00
Jeff Mitchell
55fc4ba898 Implement CA cert/CSR generation. CA certs can be self-signed or 
generate an intermediate CSR, which can be signed.
 2015-11-19 09:51:17 -05:00
Jeff Mitchell
2737066e09 Add delete method, and ability to delete only one serial as well as an entire set. 2015-11-03 10:52:20 -05:00
Jeff Mitchell
15594561ab Add unit tests for certutil, and fix a whitespace stripping issue. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-19 16:06:56 -04:00
Jeff Mitchell
435aefc072 A few things: 
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-19 12:48:18 -04:00
Jeff Mitchell
23ba605068 Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-18 15:22:58 -04:00
Jeff Mitchell
c4256601f2 Restructure a little bit to make the helper library fully standalone. This makes it easier to move around later if desired, and for use by external programs. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-18 06:42:57 -04:00
Jeff Mitchell
31e680048e A lot of refactoring: move PEM bundle parsing into helper/certutil, so that it is usable by other backends that want to use it to get the necessary data for TLS auth. 
Also, enhance the raw cert bundle => parsed cert bundle to make it more useful and perform more validation checks.

More refactoring could be done within the PKI backend itself, but that can wait.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-17 16:07:20 -04:00