open-vault/builtin/logical/pki/secret_certs.go
Jeff Mitchell a6fc48b854 A few things:
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-19 12:48:18 -04:00

60 lines
1.5 KiB
Go

package pki
import (
"fmt"
"strings"
"time"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)
// SecretCertsType is the name used to identify this type
const SecretCertsType = "pki"
func secretCerts(b *backend) *framework.Secret {
return &framework.Secret{
Type: SecretCertsType,
Fields: map[string]*framework.FieldSchema{
"certificate": &framework.FieldSchema{
Type: framework.TypeString,
Description: `The PEM-encoded concatenated certificate and
issuing certificate authority`,
},
"private_key": &framework.FieldSchema{
Type: framework.TypeString,
Description: "The PEM-encoded private key for the certificate",
},
"serial": &framework.FieldSchema{
Type: framework.TypeString,
Description: `The serial number of the certificate, for handy
reference`,
},
},
DefaultDuration: 168 * time.Hour,
DefaultGracePeriod: 10 * time.Minute,
Revoke: b.secretCredsRevoke,
}
}
func (b *backend) secretCredsRevoke(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
if req.Secret == nil {
return nil, fmt.Errorf("Secret is nil in request")
}
serialInt, ok := req.Secret.InternalData["serial_number"]
if !ok {
return nil, fmt.Errorf("Could not find serial in internal secret data")
}
serial := strings.Replace(strings.ToLower(serialInt.(string)), "-", ":", -1)
b.revokeStorageLock.Lock()
defer b.revokeStorageLock.Unlock()
return revokeCert(b, req, serial)
}