luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/connect
History
Dhia Ayachi 53b45a8441
check expiry date of the root/intermediate before using it to sign a leaf (#10500) 
* ca: move provider creation into CAManager

This further decouples the CAManager from Server. It reduces the interface between them and
removes the need for the SetLogger method on providers.

* ca: move SignCertificate to CAManager

To reduce the scope of Server, and keep all the CA logic together

* ca: move SignCertificate to the file where it is used

* auto-config: move autoConfigBackend impl off of Server

Most of these methods are used exclusively for the AutoConfig RPC
endpoint. This PR uses a pattern that we've used in other places as an
incremental step to reducing the scope of Server.

* fix linter issues

* check error when `raftApplyMsgpack`

* ca: move SignCertificate to CAManager

To reduce the scope of Server, and keep all the CA logic together

* check expiry date of the intermediate before using it to sign a leaf

* fix typo in comment

Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>

* Fix test name

* do not check cert start date

* wrap error to mention it is the intermediate expired

* Fix failing test

* update comment

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* use shim to avoid sleep in test

* add root cert validation

* remove duplicate code

* Revert "fix linter issues"

This reverts commit 6356302b54f06c8f2dee8e59740409d49e84ef24.

* fix import issue

* gofmt leader_connect_ca

* add changelog entry

* update error message

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* fix error message in test

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
 		2021-07-13 12:15:06 -04:00
..
ca check expiry date of the root/intermediate before using it to sign a leaf (#10500) 2021-07-13 12:15:06 -04:00
authz.go Replace CertURI.Authorize() calls. 2021-03-15 18:06:04 -06:00
authz_test.go Replace CertURI.Authorize() calls. 2021-03-15 18:06:04 -06:00
common_names.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
csr.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
generate.go
generate_test.go
parsing.go
sni.go
sni_test.go
testing_ca.go ca: remove unused RotationPeriod field 2021-07-05 19:15:44 -04:00
testing_ca_test.go
testing_spiffe.go
uri.go Merge pull request #10560 from jkirschner-hashicorp/change-sane-to-reasonable 2021-07-06 11:46:04 -04:00
uri_agent.go connect: include optional partition prefixes in SPIFFE identifiers (#10507) 2021-06-25 16:47:47 -05:00
uri_agent_oss.go connect: include optional partition prefixes in SPIFFE identifiers (#10507) 2021-06-25 16:47:47 -05:00
uri_agent_oss_test.go connect: include optional partition prefixes in SPIFFE identifiers (#10507) 2021-06-25 16:47:47 -05:00
uri_service.go connect: include optional partition prefixes in SPIFFE identifiers (#10507) 2021-06-25 16:47:47 -05:00
uri_service_oss.go connect: include optional partition prefixes in SPIFFE identifiers (#10507) 2021-06-25 16:47:47 -05:00
uri_service_oss_test.go connect: include optional partition prefixes in SPIFFE identifiers (#10507) 2021-06-25 16:47:47 -05:00
uri_signing.go connect: include optional partition prefixes in SPIFFE identifiers (#10507) 2021-06-25 16:47:47 -05:00
uri_signing_test.go connect: include optional partition prefixes in SPIFFE identifiers (#10507) 2021-06-25 16:47:47 -05:00
uri_test.go connect: include optional partition prefixes in SPIFFE identifiers (#10507) 2021-06-25 16:47:47 -05:00
x509_patch.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
x509_patch_test.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00