luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
5550 commits 1 branch 0 tags 214 MiB
Commit graph

19 commits

Author SHA1 Message Date
Jeff Mitchell c81582fea0 More porting from rep (#2388) 
* More porting from rep

* Address review feedback
 2017-02-16 16:29:30 -05:00
Chris Hoffman d235acf809 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
vishalnayak 0760a89eb4 Backend() functions should return 'backend' objects. 
If they return pointers to 'framework.Backend' objects, the receiver functions can't be tested.
 2016-06-10 15:53:02 -04:00
Laura Bennett 2f2a80e2be Add PKI listing 2016-06-08 11:50:59 -04:00
Jeff Mitchell 7d41607b6e Add "tidy/" which allows removing expired certificates. 
A buffer is used to ensure that we only remove certificates that are
both expired and for which the buffer has past. Options allow removal
from revoked/ and/or certs/.
 2016-02-24 21:24:48 -05:00
Jeff Mitchell 2015118958 Add listing of roles to PKI 2016-01-28 15:18:07 -05:00
Jeff Mitchell a95228e4ee Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint. 2015-11-19 09:51:18 -05:00
Jeff Mitchell ed62afec14 Large documentation updates, remove the pathlength path in favor of 
making that a parameter at CA generation/sign time, and allow more
fields to be configured at CSR generation time.
 2015-11-19 09:51:18 -05:00
Jeff Mitchell 5970cb76b6 Add path length paths and unit tests to verify same. 2015-11-19 09:51:18 -05:00
Jeff Mitchell deb5131cd3 Add config/urls CRUD operations to get and set the URLs encoded into 
certificates for the issuing certificate URL, CRL distribution points,
and OCSP servers.
 2015-11-19 09:51:17 -05:00
Jeff Mitchell b3eb5c4957 Add sign method (untested) 2015-11-19 09:51:17 -05:00
Jeff Mitchell 6ea626e9ad Don't show field names when not needed 2015-11-19 09:51:17 -05:00
Jeff Mitchell 1cec03d9ca Implement CA cert/CSR generation. CA certs can be self-signed or 
generate an intermediate CSR, which can be signed.
 2015-11-19 09:51:17 -05:00
Armon Dadgar 4b27e4d8c5 Remove SetLogger, and unify on framework.Setup 2015-06-30 17:45:20 -07:00
Armon Dadgar 5d69e7da90 Updating for backend API change 2015-06-30 17:36:12 -07:00
Jeff Mitchell a6fc48b854 A few things: 
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-19 12:48:18 -04:00
Jeff Mitchell ae1cbc1a7a Erp, forgot this feedback... 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-11 23:16:13 -04:00
Jeff Mitchell 018c0ec7f5 Address most of Armon's initial feedback. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-11 21:57:05 -04:00
Jeff Mitchell 0d832de65d Initial PKI backend implementation. 
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint

Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00