01f3056b8b
pki: Include private_key_type on DER-formatted responses from /pki/issue/ ( #2405 )
2017-02-24 11:17:59 -05:00
98df700495
allow roles to set OU value in certificates issued by the pki backend ( #2251 )
2017-01-23 12:44:45 -05:00
d235acf809
Adding support for chained intermediate CAs in pki backend ( #1694 )
2016-09-27 17:50:17 -07:00
897d3c6d2c
Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop.
2016-09-16 11:05:43 -04:00
cff7aada7a
Fix invalid input getting marked as internal error
2016-07-28 16:23:11 -04:00
f1cc16b77f
Remove manual selection of nextprotos from tls config coming from certutil; it's really not up to us to dictate third party requirements
2016-07-22 11:12:46 -04:00
3ec81debe7
Trim leading/trailing space around PEM bundles.
...
Fixes #1634
2016-07-20 13:57:49 -04:00
c14235b206
Merge branch 'master-oss' into json-use-number
...
Conflicts:
http/handler.go
logical/framework/field_data.go
logical/framework/wal.go
vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
f34f0ef503
Make 'tls_min_version' configurable
2016-07-12 19:32:47 -04:00
46d34130ac
Set minimum TLS version in all tls.Config objects
2016-07-12 17:06:28 -04:00
ad7cb2c8f1
Added JSON Decode and Encode helpers.
...
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
fb07d07ad9
all: Cleanup from running go vet
2016-04-13 14:38:29 -05:00
c81e5c41d2
Update PrivateKeyType to string, update switch statement.
2015-12-14 11:16:47 -07:00
100465fee8
Remove unnecessary cast
2015-12-14 06:17:20 -07:00
567282170f
Remove printf call from test
2015-12-11 15:47:00 -07:00
ae9e842841
Merge branch 'pkcs8'
2015-12-11 15:22:43 -07:00
43bd14a755
Add benchmark for certutil bundle parsing
2015-12-11 15:17:49 -07:00
551591fb70
Remove debugging print statement in compareCertBundleToParsedCertBundle
2015-12-11 15:17:49 -07:00
b277eb9f14
Remove flag check before trying pkcs8 parsing.
2015-12-11 15:17:49 -07:00
6f672a9589
Add pkcs8 flag setting in ParsePEMBundle
2015-12-11 15:17:49 -07:00
4da225d39e
Update tests and finish implementation of PKCS8 handling
2015-12-11 15:17:49 -07:00
25667df5f7
Update ParsePEMBundle to properly handle pkcs#8
...
Implementation based on be16001187/src/crypto/tls/tls.go (L273-L290)
2015-12-11 15:17:49 -07:00
2861be29a4
Move to pem.Block.Type-based decoding
2015-12-11 14:57:33 -07:00
9d97cc36c9
Add benchmark for certutil bundle parsing
2015-12-11 09:58:49 -07:00
e70b0b86e2
Merge branch 'master' into pkcs8
2015-12-10 21:02:59 -07:00
572f587093
Update flag to field with format info
2015-12-10 21:02:31 -07:00
889245c990
Remove debugging print statement in compareCertBundleToParsedCertBundle
2015-12-10 16:33:42 -07:00
cdeca4ed92
Remove flag check before trying pkcs8 parsing.
2015-12-09 19:41:32 -07:00
ef2be34985
Remove flag check before trying pkcs8 parsing.
2015-12-09 15:33:25 -07:00
a3b096e3fe
Add pkcs8 flag setting in ParsePEMBundle
2015-12-09 15:33:25 -07:00
7d274cbb0b
Update tests and finish implementation of PKCS8 handling
2015-12-09 15:33:25 -07:00
db48b7fccf
Update ParsePEMBundle to properly handle pkcs#8
...
Implementation based on be16001187/src/crypto/tls/tls.go (L273-L290)
2015-12-09 15:29:13 -07:00
0dbe15cb87
Mostly revert changes to certutil as the embedded struct stuff was being
...
problematic.
2015-11-19 14:18:39 -05:00
f41a2e562a
fix tests
2015-11-19 10:13:28 -05:00
26c8cf874d
Move public key comparison logic to its own function
2015-11-19 09:51:18 -05:00
4681d027c0
Move serial number generation and key validation into certutil; centralize format and key verification
2015-11-19 09:51:18 -05:00
5510a2b16f
Add unit tests for CSR bundle conversion
2015-11-19 09:51:18 -05:00
54fccb2ff4
Add support for EC CA keys, output to base64-encoded DER instead of PEM, and tests for all of those. Also note that Go 1.5 is now required.
2015-11-19 09:51:17 -05:00
b2df079446
Add unit tests to test signing logic, fix up test logic for names
2015-11-19 09:51:17 -05:00
1cec03d9ca
Implement CA cert/CSR generation. CA certs can be self-signed or
...
generate an intermediate CSR, which can be signed.
2015-11-19 09:51:17 -05:00
c66f0918be
Add delete method, and ability to delete only one serial as well as an entire set.
2015-11-03 10:52:20 -05:00
390f769d1a
Add unit tests for certutil, and fix a whitespace stripping issue.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-19 16:06:56 -04:00
a6fc48b854
A few things:
...
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-19 12:48:18 -04:00
34f495a354
Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-18 15:22:58 -04:00
9e00ca769a
Restructure a little bit to make the helper library fully standalone. This makes it easier to move around later if desired, and for use by external programs.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-18 06:42:57 -04:00
29e7ec3e21
A lot of refactoring: move PEM bundle parsing into helper/certutil, so that it is usable by other backends that want to use it to get the necessary data for TLS auth.
...
Also, enhance the raw cert bundle => parsed cert bundle to make it more useful and perform more validation checks.
More refactoring could be done within the PKI backend itself, but that can wait.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-17 16:07:20 -04:00
Saj Goonatilleke