luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/builtin/logical/pki
History
Alexander Scheel 7781b037da
Validate identifiers against role when creating order (#20410) 
* Validate identifiers against role when creating order

Perform some initial validation against the order's requested
identifiers during creation; this gives a client a heads up that their
request might be rejected by the server before they have to solve
challenges for these, only to find out during CSR submission time that
there is no way to request the specified certificate.

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add unit tests and switch errors to ErrRejectedIdentifier

 - Change the error messages from validating identifiers against the
   role to ErrRejectedIdentifier errors if they do occur
 - Add unit tests to validate that we validate against the various
   roles somewhat okay.

* go doc

* Fix typo in test godoc

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-04-28 19:21:26 +00:00
..
cmd/pki adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
dnstest Add custom DNS resolver to ACME configuration (#20400) 2023-04-27 15:30:29 -04:00
acme_authorizations.go Better ACME wildcard validation (#20289) 2023-04-21 12:54:19 -04:00
acme_challenge_engine.go Add PKI ACME IP SANS test case (#20398) 2023-04-27 16:05:23 -04:00
acme_challenges.go Add custom DNS resolver to ACME configuration (#20400) 2023-04-27 15:30:29 -04:00
acme_challenges_test.go Add custom DNS resolver to ACME configuration (#20400) 2023-04-27 15:30:29 -04:00
acme_errors.go Add the ability to disable ACME through an OS environment variable (#20369) 2023-04-26 17:21:00 +00:00
acme_jws.go Add acme challenge validation engine (#20221) 2023-04-19 12:31:19 -04:00
acme_state.go Add custom DNS resolver to ACME configuration (#20400) 2023-04-27 15:30:29 -04:00
acme_state_test.go Move all ACME wrappers into a dedicated go file (#20174) 2023-04-14 14:12:31 -04:00
acme_wrappers.go Integrate acme config enable/disable into tests (#20407) 2023-04-27 20:31:13 +00:00
acme_wrappers_test.go Integrate acme config enable/disable into tests (#20407) 2023-04-27 20:31:13 +00:00
backend.go Add custom DNS resolver to ACME configuration (#20400) 2023-04-27 15:30:29 -04:00
backend_test.go Vault 13349 acme create new global configuration endpoints (#20228) 2023-04-26 17:16:09 +00:00
ca_test.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
ca_util.go Add support to load roles and issuers within ACME wrapper (#20333) 2023-04-25 13:29:07 +00:00
cert_util.go Better ACME wildcard validation (#20289) 2023-04-21 12:54:19 -04:00
cert_util_test.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
chain_test.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
chain_util.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
config_util.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
crl_test.go Implement ACME CSR signing and certificate retrieval (#20266) 2023-04-21 09:38:06 -04:00
crl_util.go Add warnings to crl rebuilds, allowing notifying operator of empty issuer equivalency sets (#20253) 2023-04-19 16:55:37 +00:00
fields.go Add support to load roles and issuers within ACME wrapper (#20333) 2023-04-25 13:29:07 +00:00
integration_test.go Move OCSP/PKI interop test to PKI engine (#20273) 2023-04-20 14:57:20 +00:00
key_util.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
managed_key_util.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
path_acme_account.go Enforce ACME accounts to a specific directory path (#20363) 2023-04-26 12:47:31 -04:00
path_acme_authorizations.go Add tests for fetching ACME authorizations and challenges (#20205) 2023-04-17 17:52:54 +00:00
path_acme_challenges.go Add acme challenge validation engine (#20221) 2023-04-19 12:31:19 -04:00
path_acme_directory.go Add a helper function to build ACME API patterns (#20180) 2023-04-14 18:48:33 +00:00
path_acme_nonce.go Add a helper function to build ACME API patterns (#20180) 2023-04-14 18:48:33 +00:00
path_acme_order.go Validate identifiers against role when creating order (#20410) 2023-04-28 19:21:26 +00:00
path_acme_order_test.go Validate identifiers against role when creating order (#20410) 2023-04-28 19:21:26 +00:00
path_acme_revoke.go Add ACME revocation handlers (#20340) 2023-04-25 16:48:30 -04:00
path_acme_test.go Integrate acme config enable/disable into tests (#20407) 2023-04-27 20:31:13 +00:00
path_config_acme.go Integrate acme config enable/disable into tests (#20407) 2023-04-27 20:31:13 +00:00
path_config_ca.go openapi: Add display attributes for PKI plugin (#19422) 2023-04-06 11:10:01 -04:00
path_config_cluster.go openapi: Add display attributes for PKI plugin (#19422) 2023-04-06 11:10:01 -04:00
path_config_crl.go Add warnings to crl rebuilds, allowing notifying operator of empty issuer equivalency sets (#20253) 2023-04-19 16:55:37 +00:00
path_config_urls.go openapi: Add display attributes for PKI plugin (#19422) 2023-04-06 11:10:01 -04:00
path_fetch.go openapi: Add display attributes for PKI plugin (#19422) 2023-04-06 11:10:01 -04:00
path_fetch_issuers.go Fix reading issuer's enable_aia_url_templating value (#20354) 2023-04-25 16:48:05 -04:00
path_fetch_keys.go openapi: Add display attributes for PKI plugin (#19422) 2023-04-06 11:10:01 -04:00
path_intermediate.go openapi: Add display attributes for PKI plugin (#19422) 2023-04-06 11:10:01 -04:00
path_issue_sign.go Add support to load roles and issuers within ACME wrapper (#20333) 2023-04-25 13:29:07 +00:00
path_manage_issuers.go Add warnings to crl rebuilds, allowing notifying operator of empty issuer equivalency sets (#20253) 2023-04-19 16:55:37 +00:00
path_manage_keys.go openapi: Add display attributes for PKI plugin (#19422) 2023-04-06 11:10:01 -04:00
path_manage_keys_test.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
path_ocsp.go Remove extraneous certificate from OCSP response (#20201) 2023-04-17 16:40:26 +00:00
path_ocsp_test.go Remove extraneous certificate from OCSP response (#20201) 2023-04-17 16:40:26 +00:00
path_resign_crls.go openapi: Add display attributes for PKI plugin (#19422) 2023-04-06 11:10:01 -04:00
path_resign_crls_test.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
path_revoke.go Add ACME revocation handlers (#20340) 2023-04-25 16:48:30 -04:00
path_roles.go Add support to load roles and issuers within ACME wrapper (#20333) 2023-04-25 13:29:07 +00:00
path_roles_test.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
path_root.go Add warnings to crl rebuilds, allowing notifying operator of empty issuer equivalency sets (#20253) 2023-04-19 16:55:37 +00:00
path_sign_issuers.go openapi: Add display attributes for PKI plugin (#19422) 2023-04-06 11:10:01 -04:00
path_tidy.go Add warnings to crl rebuilds, allowing notifying operator of empty issuer equivalency sets (#20253) 2023-04-19 16:55:37 +00:00
path_tidy_test.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
periodic.go Fix building unified delta WAL, unified delta CRLs (#20058) 2023-04-11 18:02:58 +00:00
secret_certs.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
storage.go Add acme challenge validation engine (#20221) 2023-04-19 12:31:19 -04:00
storage_migrations.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
storage_migrations_test.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
storage_test.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
storage_unified.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00
test_helpers.go Initial ACME new-nonce API (#19822) 2023-03-29 18:22:48 +00:00
util.go adding copyright header (#19555) 2023-03-15 09:00:52 -07:00