luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/ui/app/utils/parse-pki-cert-oids.js
claire bontempo 069b00b031
UI: pki rotate root cert (#19739) 
* add rotate root route

* add page component

* add modal

* fix modal image styling

* add radio buttons

* add jsonToCert function to pki parser

* add verify function

* add verify to details route

* nest rotate-root under issuer/

* copy values from old root ca

* pull detail info rows into a separate component

* add type declaration files

* add parsing error warning to rotate root component file

* add comments

* add capabilities to controller

* update icon

* revert issuer details

* refactor pki info table rows

* add parsedparameters to pki helper

* add alert banner

* update attrs, fix info rows

* add endpoint to action router

* update alert banner

* hide toolbar from generate root display

* add download buttons to toolbar

* add banner getter

* fix typo in issuer details

* fix assertion

* move alert banner after generating root to parent

* rename issuer index route file

* refactor routing so model can be passed from route

* add confirmLeave and done button to use existin settings done form

* rename serial number to differentiate between two types

* fix links, update ids to issuerId not response id

* update ts declaration

* change variable names add comments

* update existing tests

* fix comment typo

* add download button test

* update serializer to change subject_serial_number to serial_number for backend

* remove pageTitle getter

* remove old arg

* round 1 of testing complete..

* finish endpoint tests

* finish component tests

* move toolbars to parent route

* add acceptance test for rotate route

* add const to hold radio button string values

* remove action, fix link
2023-03-31 15:47:23 -06:00

90 lines
2.9 KiB
JavaScript
Raw Blame History

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: MPL-2.0
*/
import camelizeKeys from 'vault/utils/camelize-object-keys';
//* lookup OIDs: http://oid-info.com/basic-search.htm
export const SUBJECT_OIDs = {
common_name: '2.5.4.3',
subject_serial_number: '2.5.4.5',
ou: '2.5.4.11',
organization: '2.5.4.10',
country: '2.5.4.6',
locality: '2.5.4.7',
province: '2.5.4.8',
street_address: '2.5.4.9',
postal_code: '2.5.4.17',
};
export const EXTENSION_OIDs = {
key_usage: '2.5.29.15', // contains keyUsage values (KEY_USAGE_BITS below)
subject_alt_name: '2.5.29.17', // contains SAN_TYPES below
basic_constraints: '2.5.29.19', // contains max_path_length
name_constraints: '2.5.29.30', // contains permitted_dns_domains
};
// these are allowed ext oids, but not parsed and passed to cross-signed certs
export const IGNORED_OIDs = {
// These two extensions are controlled by the parent authority.
authority_key_identifier: '2.5.29.35',
authority_access_info: '1.3.6.1.5.5.7.1.1',
// This extension is based off the key material of the new issuer, which
// will automatically match the existing issuer's key material.
subject_key_identifier: '2.5.29.14',
};
export const KEY_USAGE_BITS = [
'DigitalSignature',
'ContentCommitment',
'KeyEncipherment',
'DataEncipherment',
'KeyAgreement',
'CertSign',
'CRLSign',
'EncipherOnly',
'DecipherOnly',
];
// SubjectAltName/GeneralName types (scroll up to page 38 -> https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.7 )
export const SAN_TYPES = {
other_sans: 0, // <OID>;UTF8:<value>
alt_names: 2, // dNSName
uri_sans: 6, // uniformResourceIdentifier
ip_sans: 7, // iPAddress - OCTET STRING
};
export const SIGNATURE_ALGORITHM_OIDs = {
'1.2.840.113549.1.1.2': '0', // MD2-RSA
'1.2.840.113549.1.1.4': '0', // MD5-RSA
'1.2.840.113549.1.1.5': '0', // SHA1-RSA
'1.2.840.113549.1.1.11': '256', // SHA256-RSA
'1.2.840.113549.1.1.12': '384', // SHA384-RSA
'1.2.840.113549.1.1.13': '512', // SHA512-RSA
'1.2.840.113549.1.1.10': {
// RSA-PSS have additional OIDs that need to be mapped
'2.16.840.1.101.3.4.2.1': '256', // SHA-256
'2.16.840.1.101.3.4.2.2': '384', // SHA-384
'2.16.840.1.101.3.4.2.3': '512', // SHA-512
},
'1.2.840.10040.4.3': '0', // DSA-SHA1
'2.16.840.1.101.3.4.3.2': '256', // DSA-SHA256
'1.2.840.10045.4.1': '0', // ECDSA-SHA1
'1.2.840.10045.4.3.2': '256', // ECDSA-SHA256
'1.2.840.10045.4.3.3': '384', // ECDSA-SHA384
'1.2.840.10045.4.3.4': '512', // ECDSA-SHA512
'1.3.101.112': '0', // Ed25519
};
// returns array of strings that correspond to model attributes
// can be passed to display views in details pages containing certificates
export const parsedParameters = [
...Object.keys(camelizeKeys(SUBJECT_OIDs)),
...Object.keys(camelizeKeys(EXTENSION_OIDs)),
...Object.keys(camelizeKeys(SAN_TYPES)),
'usePss',
'notValidBefore',
'notValidAfter',
];
Reference in a new issue View git blame Copy permalink