ebf8e5308a
* port SSCT OSS * port header hmac key to ent and generate token proto without make command * remove extra nil check in request handling * add changelog * add comment to router.go * change test var to use length constants * remove local index is 0 check and extra defer which can be removed after use of ExternalID
60 lines
1.7 KiB
Go
60 lines
1.7 KiB
Go
package vault
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
)
|
|
|
|
const sscGenCounterPath string = "core/sscGenCounter/"
|
|
|
|
type SSCTokenGenerationCounter struct {
|
|
Counter int
|
|
}
|
|
|
|
func (ts *TokenStore) GetSSCTokensGenerationCounter() int {
|
|
return ts.sscTokensGenerationCounter.Counter
|
|
}
|
|
|
|
func (ts *TokenStore) loadSSCTokensGenerationCounter(ctx context.Context) error {
|
|
sscTokensGenerationCounterStorageVal, err := ts.core.barrier.Get(ctx, sscGenCounterPath)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to retrieve SSCTokenGenerationCounter from storage: err %w", err)
|
|
}
|
|
if sscTokensGenerationCounterStorageVal == nil {
|
|
ts.logger.Trace("no token generation counter found in storage")
|
|
ts.sscTokensGenerationCounter = SSCTokenGenerationCounter{Counter: 0}
|
|
return nil
|
|
}
|
|
var sscTokensGenerationCounter SSCTokenGenerationCounter
|
|
err = json.Unmarshal(sscTokensGenerationCounterStorageVal.Value, &sscTokensGenerationCounter)
|
|
if err != nil {
|
|
return fmt.Errorf("malformed token generation counter found in storage: err %w", err)
|
|
}
|
|
ts.sscTokensGenerationCounter = sscTokensGenerationCounter
|
|
return nil
|
|
}
|
|
|
|
func (ts *TokenStore) UpdateSSCTokensGenerationCounter(ctx context.Context) error {
|
|
ts.sscTokensGenerationCounter.Counter += 1
|
|
if ts.sscTokensGenerationCounter.Counter <= 0 {
|
|
// Don't store the 0 value
|
|
ts.logger.Warn("attempt to store non-positive token generation counter was ignored",
|
|
"sscTokensGenerationCounter", ts.sscTokensGenerationCounter.Counter)
|
|
}
|
|
marshalledCtr, err := json.Marshal(ts.sscTokensGenerationCounter)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = ts.core.barrier.Put(ctx, &logical.StorageEntry{
|
|
Key: sscGenCounterPath,
|
|
Value: marshalledCtr,
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|