Jeff Mitchell
b655f6b858
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 17:38:22 -04:00
Jeff Mitchell
8669a87fdd
When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes.
2015-08-26 07:59:50 -07:00
Jeff Mitchell
cc232e6f79
Address comments from review.
2015-08-25 15:33:58 -07:00
Jeff Mitchell
c887df93cc
Add support for pgp-keys argument to rekey, as well as tests, plus
...
refactor common bits out of init.
2015-08-25 14:52:13 -07:00
Bradley Girardeau
aa55d36f03
Clean up naming and add documentation
2015-07-30 17:36:40 -07:00
Bradley Girardeau
d26b77b4f4
mfa: code cleanup
2015-07-28 11:55:46 -07:00
Bradley Girardeau
6697012dd3
mfa: improve edge cases and documentation
2015-07-27 21:14:00 -07:00
Bradley Girardeau
15c9e0cfc3
mfa duo: better error messages
2015-07-27 21:14:00 -07:00
Bradley Girardeau
e45f957bcc
mfa: add test cases for MFA, Duo
2015-07-27 21:14:00 -07:00
Bradley Girardeau
5cf78d8ba2
mfa: add MFA wrapper with Duo second factor
2015-07-27 21:14:00 -07:00
Armon Dadgar
81f39fbc16
helper/kdf: changing argument name for clarity
2015-07-05 14:01:56 -07:00
Armon Dadgar
bd347e0430
helper/kdf: adding lib for key derivation from NIST800-108
2015-07-05 14:01:21 -07:00
Armon Dadgar
3084f64e5c
helper/salt: track if salt was generated
2015-06-30 16:47:49 -07:00
Armon Dadgar
a2eb1210a7
helper/salt: adding little helper for salting
2015-06-30 14:04:18 -07:00
Armon Dadgar
8bc99f8c23
helper/uuid: single generateUUID definition
2015-06-30 12:38:32 -07:00
Armon Dadgar
3902626163
Merge pull request #310 from jefferai/f-pki
...
Initial PKI backend implementation
2015-06-21 11:12:22 +01:00
Steve Wills
7244094509
allow building on FreeBSD
...
Allow this file to build on FreeBSD
2015-06-19 16:59:24 -04:00
Jeff Mitchell
390f769d1a
Add unit tests for certutil, and fix a whitespace stripping issue.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-19 16:06:56 -04:00
Jeff Mitchell
a6fc48b854
A few things:
...
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-19 12:48:18 -04:00
Jeff Mitchell
34f495a354
Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-18 15:22:58 -04:00
Jeff Mitchell
9e00ca769a
Restructure a little bit to make the helper library fully standalone. This makes it easier to move around later if desired, and for use by external programs.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-18 06:42:57 -04:00
Jeff Mitchell
29e7ec3e21
A lot of refactoring: move PEM bundle parsing into helper/certutil, so that it is usable by other backends that want to use it to get the necessary data for TLS auth.
...
Also, enhance the raw cert bundle => parsed cert bundle to make it more useful and perform more validation checks.
More refactoring could be done within the PKI backend itself, but that can wait.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-17 16:07:20 -04:00
Mitchell Hashimoto
8d39d21ac2
helper/kv-builder: blank values should not panic
2015-06-16 10:00:02 -07:00
Mark Junker
787a4bc4b5
Fixes #83
2015-04-29 10:20:09 +02:00
Mitchell Hashimoto
b5f8f3b05a
vault: add helper/mlock for doing mlock
2015-04-28 14:59:43 -07:00
Mitchell Hashimoto
fa80e90b1a
helper/passsword: fix windows compilation
2015-04-28 09:23:48 -07:00
Mitchell Hashimoto
8e3746d347
helper/kv-builder
2015-04-07 22:30:25 -07:00
Mitchell Hashimoto
481628c41f
command/auth: framework for supporting more auth methods
2015-04-05 20:50:18 -07:00
Mitchell Hashimoto
afc71d2a7b
command/server: cleaner output
2015-04-04 12:06:41 -07:00
Mitchell Hashimoto
2e9e4ee93d
helper/password: catch ctrl-c if possible
2015-04-01 17:27:29 -07:00
Mitchell Hashimoto
11f8423b4f
logical/framework, logical/testing
2015-03-15 16:39:49 -07:00
Mitchell Hashimoto
a0232eedd7
helper/backend: use logical package
2015-03-15 14:57:19 -07:00
Mitchell Hashimoto
857e00bcdc
helper/backend: start acceptance test framework
2015-03-14 17:18:19 -07:00
Mitchell Hashimoto
accd8c29ca
helper/backend: auto-generate help route
2015-03-14 10:12:50 -07:00
Mitchell Hashimoto
e8e55ef8b1
helper/backend: one callback per operation
2015-03-14 00:19:25 -07:00
Mitchell Hashimoto
7f87d9ea6f
helper/backend: HandleRequest works
2015-03-13 23:58:20 -07:00
Mitchell Hashimoto
d17c3d87d3
helper/backend: store captures for a path
2015-03-13 23:48:49 -07:00
Mitchell Hashimoto
c4e35ffb7d
helper/backend: cache route regexps (98% speedup)
...
benchmark old ns/op new ns/op delta
BenchmarkBackendRoute 49144 589 -98.80%
2015-03-13 23:25:17 -07:00
Mitchell Hashimoto
e5871abf77
helper/backend: benchmark route
2015-03-13 23:22:48 -07:00
Mitchell Hashimoto
0751c5db12
helper/backend: basic path routing (naive)
2015-03-13 23:17:25 -07:00
Mitchell Hashimoto
a68eb1a994
helper/backend: add default values
2015-03-13 21:15:20 -07:00
Mitchell Hashimoto
33a08fbfa0
helper/backend: start this thing
2015-03-13 21:11:19 -07:00
Mitchell Hashimoto
d88c20e293
command/server: add config loading
2015-03-12 15:21:11 -07:00
Mitchell Hashimoto
a524ef6537
helper/password: for reading passwords securely
2015-03-04 00:31:35 -08:00