Jeff Mitchell
8bf935bc2b
Add list support to certs in cert auth backend.
...
Fixes #1212
2016-03-15 14:07:40 -04:00
Jeff Mitchell
5a17735dcb
Add subject/authority key id to cert metadata
2016-03-07 14:59:00 -05:00
vishalnayak
44208455f6
continue if non-CA policy is not found
2016-03-01 16:43:51 -05:00
vishalnayak
9a3ddc9696
Added ExtKeyUsageAny, changed big.Int comparison and fixed code flow
2016-03-01 16:37:01 -05:00
vishalnayak
cc1592e27a
corrections, policy matching changes and test cert changes
2016-03-01 16:37:01 -05:00
vishalnayak
09eef70853
Added testcase for cert writes
2016-03-01 16:37:01 -05:00
vishalnayak
f056e8a5a5
supporting non-ca certs for verification
2016-03-01 16:37:01 -05:00
vishalnayak
aee006ba2d
moved the test cert keys to appropriate test-fixtures folder
2016-02-29 15:49:08 -05:00
vishalnayak
cf672400d6
fixed the error log message
2016-02-29 10:41:10 -05:00
vishalnayak
dca18aec2e
replaced old certs, with new certs generated from PKI backend, containing IP SANs
2016-02-28 22:15:54 -05:00
vishalnayak
69bcbb28aa
rename verify_cert as disable_binding and invert the logic
2016-02-24 21:01:21 -05:00
vishalnayak
902c780f2b
make the verification of certs in renewal configurable
2016-02-24 16:42:20 -05:00
vishalnayak
bc4710eb06
Cert: renewal enhancements
2016-02-24 14:31:38 -05:00
Jeff Mitchell
fab2d8687a
Remove root requirement for certs/ and crls/ in TLS auth backend.
...
Fixes #468
2016-02-21 15:33:33 -05:00
Jeff Mitchell
d3a705f17b
Make backends much more consistent:
...
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
2016-01-29 20:03:37 -05:00
Jack DeLoach
8fecccde21
Add STS path to AWS backend.
...
The new STS path allows for obtaining the same credentials that you would get
from the AWS "creds" path, except it will also provide a security token, and
will not have an annoyingly long propagation time before returning to the user.
2016-01-21 14:05:09 -05:00
Jeff Mitchell
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
Jeff Mitchell
5e72453b49
Use TypeDurationSecond instead of TypeString
2015-11-03 10:52:20 -05:00
Jeff Mitchell
154fc24777
Address first round of feedback from review
2015-11-03 10:52:20 -05:00
Jeff Mitchell
59cc61cc79
Add documentation for CRLs and some minor cleanup.
2015-11-03 10:52:20 -05:00
Jeff Mitchell
5d562693bd
Add tests for the crls path, and fix a couple bugs
2015-11-03 10:52:20 -05:00
Jeff Mitchell
b6b62f7dc1
Drastically simplify the method and logic; keep an in-memory cache and use that for most operations, only affecting the backend storage when needed.
2015-11-03 10:52:20 -05:00
Jeff Mitchell
c66f0918be
Add delete method, and ability to delete only one serial as well as an entire set.
2015-11-03 10:52:20 -05:00
Jeff Mitchell
be1a2266cc
Add CRLSets endpoints; write method is done. Add verification logic to
...
login path. Change certs "ttl" field to be a string to match common
backend behavior.
2015-11-03 10:52:19 -05:00
Jeff Mitchell
9c5dcac90c
Make TLS backend honor SystemView default values. Expose lease TTLs on read. Make auth command show lease TTL if one exists. Addresses most of #527
2015-09-18 14:01:28 -04:00
Jeff Mitchell
959a727acd
Don't re-use tls configuration, to fix a possible race issue during test
2015-09-03 13:04:32 -04:00
Jeff Mitchell
5695d57ba0
Merge pull request #561 from hashicorp/fix-wild-cards
...
Allow hyphens in endpoint patterns of most backends
2015-08-21 11:40:42 -07:00
vishalnayak
6c2927ede0
Vault: Fix wild card paths for all backends
2015-08-21 00:56:13 -07:00
Jeff Mitchell
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
Jeff Mitchell
133380915a
Disallow non-client X509 key usages for client TLS cert authentication.
2015-08-20 15:50:47 -07:00
Michael S. Fischer
21ab4d526c
Provide working example of TLS certificate authentication
...
Fixes #474
2015-08-07 15:15:53 -07:00
Armon Dadgar
4b27e4d8c5
Remove SetLogger, and unify on framework.Setup
2015-06-30 17:45:20 -07:00
Armon Dadgar
5d69e7da90
Updating for backend API change
2015-06-30 17:36:12 -07:00
Karl Gutwin
0062d923cc
Better error messages.
2015-06-30 08:59:38 -04:00
Karl Gutwin
dafcc5b2ce
enable CLI cert login
2015-06-29 23:29:41 -04:00
Armon Dadgar
45d3c512fb
builtin: fixing API change in logical framework
2015-06-17 14:34:11 -07:00
Christian Svensson
e3d3012795
Record the common name in TLS metadata
...
It is useful to be able to save the client cert's Common Name for auditing purposes when using a central CA.
This adds a "common_name" value to the Metadata structure passed from login.
2015-06-14 23:18:21 +01:00
Armon Dadgar
cc966d6b52
auth/cert: Guard against empty certs. Fixes #214
2015-05-18 16:11:09 -07:00
Armon Dadgar
9087471bad
credential/cert: support leasing and renewal
2015-04-24 12:58:39 -07:00
Armon Dadgar
3a9e20748b
credential/cert: default display name
2015-04-24 10:52:17 -07:00
Armon Dadgar
7b4ceeb7e6
credential/cert: more validation on cert setup
2015-04-24 10:39:44 -07:00
Armon Dadgar
d57c8ea0f0
credential/cert: return logical error if invalid
2015-04-24 10:36:25 -07:00
Armon Dadgar
ae272b83ce
credential/cert: major refactor
2015-04-24 10:31:57 -07:00
Armon Dadgar
28b18422b7
credential/cert: First pass at public key credential backend
2015-04-23 21:46:21 -07:00