Scott Miller
f753db2783
OSS side changes for PKI HSM type handling fix ( #14364 )
2022-03-03 15:30:18 -06:00
Steven Clark
e7edaaffee
Force certain PKI operations to go to the Primary Performance cluster immediately ( #14287 )
2022-02-25 13:26:34 -05:00
Tom Proctor
5032cfaf47
Add make fmt CI check ( #13803 )
...
* Add make fmt CI check
* Don't suppress patch output
2022-01-31 23:24:16 +00:00
Steven Clark
43087c96b2
OSS integration of the PKI plugin with managed key infrastructure ( #13793 )
...
- The OSS side of things to leverage managed keys from the PKI secrets engine
2022-01-26 23:06:25 -05:00
Scott Miller
33d7dc5fb4
Use the system rand reader for CA root and intermediate generation ( #12559 )
...
* Use the system rand reader for CA root and intermediate generation
* changelog
2021-09-15 11:59:12 -05:00
Lars Lehtonen
d8f7dd364a
builtin: deprecate errwrap.Wrapf() throughout ( #11430 )
...
* audit: deprecate errwrap.Wrapf()
* builtin/audit/file: deprecate errwrap.Wrapf()
* builtin/crediential/app-id: deprecate errwrap.Wrapf()
* builtin/credential/approle: deprecate errwrap.Wrapf()
* builtin/credential/aws: deprecate errwrap.Wrapf()
* builtin/credentials/token: deprecate errwrap.Wrapf()
* builtin/credential/github: deprecate errwrap.Wrapf()
* builtin/credential/cert: deprecate errwrap.Wrapf()
* builtin/logical/transit: deprecate errwrap.Wrapf()
* builtin/logical/totp: deprecate errwrap.Wrapf()
* builtin/logical/ssh: deprecate errwrap.Wrapf()
* builtin/logical/rabbitmq: deprecate errwrap.Wrapf()
* builtin/logical/postgresql: deprecate errwrap.Wrapf()
* builtin/logical/pki: deprecate errwrap.Wrapf()
* builtin/logical/nomad: deprecate errwrap.Wrapf()
* builtin/logical/mssql: deprecate errwrap.Wrapf()
* builtin/logical/database: deprecate errwrap.Wrapf()
* builtin/logical/consul: deprecate errwrap.Wrapf()
* builtin/logical/cassandra: deprecate errwrap.Wrapf()
* builtin/logical/aws: deprecate errwrap.Wrapf()
2021-04-22 11:20:59 -04:00
Brian Kassouf
303c2aee7c
Run a more strict formatter over the code ( #11312 )
...
* Update tooling
* Run gofumpt
* go mod vendor
2021-04-08 09:43:39 -07:00
Denis Subbotin
a9e605cc43
fix minor potential nil-pointer panic on line 89 ( #8488 )
2020-03-06 13:32:36 -08:00
ncabatoff
c48936c4fd
Refactor cert util ( #6676 )
...
Break dataBundle into two pieces: inputBundle, which contains data that
is specific to the pki backend, and creationBundle, which is a more
generic bundle of validated inputs given to certificate creation/signing routines.
Move functions that only take creationBundle to certutil and make them public.
2019-05-09 11:43:11 -04:00
Jeff Mitchell
9ebc57581d
Switch to go modules ( #6585 )
...
* Switch to go modules
* Make fmt
2019-04-13 03:44:06 -04:00
Jeff Mitchell
8bcb533a1b
Create sdk/ and api/ submodules ( #6583 )
2019-04-12 17:54:35 -04:00
Jeff Mitchell
051bb9fc13
Two PKI improvements: ( #5134 )
...
* Disallow adding CA's serial to revocation list
* Allow disabling revocation list generation. This returns an empty (but
signed) list, but does not affect tracking of revocations so turning it
back on will populate the list properly.
2018-08-21 11:20:57 -04:00
Vishal Nayak
28e3eb9e2c
Errwrap everywhere ( #4252 )
...
* package api
* package builtin/credential
* package builtin/logical
* package command
* package helper
* package http and logical
* package physical
* package shamir
* package vault
* package vault
* address feedback
* more fixes
2018-04-05 11:49:21 -04:00
Jeff Mitchell
48a6ce618a
Add ability to set CA:true when generating intermediate CSR. ( #4163 )
...
Fixes #3883
2018-03-20 10:09:59 -04:00
Jeff Mitchell
f29bde0052
Support other names in SANs ( #3889 )
2018-02-16 17:19:34 -05:00
Brian Kassouf
2f19de0305
Add context to storage backends and wire it through a lot of places ( #3817 )
2018-01-19 01:44:44 -05:00
Brian Kassouf
1c190d4bda
Pass context to backends ( #3750 )
...
* Start work on passing context to backends
* More work on passing context
* Unindent logical system
* Unindent token store
* Unindent passthrough
* Unindent cubbyhole
* Fix tests
* use requestContext in rollback and expiration managers
2018-01-08 10:31:38 -08:00
Jeff Mitchell
17310654a1
Add PKCS8 marshaling to PKI ( #3518 )
2017-11-06 12:05:07 -05:00
Seth Rutner
3874b63af3
Fix typos in error message ( #2692 )
2017-05-10 10:28:35 -04:00
Calvin Leung Huang
a00a7815f6
Include and use normalizeSerial func
2017-05-03 10:12:58 -04:00
Jeff Mitchell
822d86ad90
Change storage of entries from colons to hyphens and add a
...
lookup/migration path
Still TODO: tests on migration path
Fixes #2552
2017-04-18 11:14:23 -04:00
Chris Hoffman
d235acf809
Adding support for chained intermediate CAs in pki backend ( #1694 )
2016-09-27 17:50:17 -07:00
vishalnayak
cff7aada7a
Fix invalid input getting marked as internal error
2016-07-28 16:23:11 -04:00
Jeff Mitchell
7d41607b6e
Add "tidy/" which allows removing expired certificates.
...
A buffer is used to ensure that we only remove certificates that are
both expired and for which the buffer has past. Options allow removal
from revoked/ and/or certs/.
2016-02-24 21:24:48 -05:00
Tom Ritter
940a58cb9d
Typo in error message in path_intermediate.go
2016-02-09 15:08:30 -06:00
Jeff Mitchell
fc6d23a54e
Allow the format to be specified as pem_bundle, which creates a
...
concatenated PEM file.
Fixes #992
2016-02-01 13:19:41 -05:00
Jeff Mitchell
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
Jeff Mitchell
25e359084c
Update documentation, some comments, make code cleaner, and make generated roots be revoked when their TTL is up
2015-11-19 17:14:22 -05:00
Jeff Mitchell
a95228e4ee
Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint.
2015-11-19 09:51:18 -05:00