luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/builtin/logical/pki
History
Alexander Scheel 96ea52343a
Identify issuer on revocation (#16763) 
* Identify issuer on revocation

When we attempt to revoke a leaf certificate, we already parse all of
the issuers within the mount (to x509.Certificate) to ensure we don't
accidentally revoke an issuer via the leaf revocation endpoint. We can
reuse this information to associate the issuer (via issuer/subject
comparison and signature checking) to the revoked cert in its revocation
info. This will help OCSP, avoiding the case where the OCSP handler
needs to associate a certificate to its issuer.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add test to ensure issuers are identified

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-08-24 12:23:27 -04:00
..
cmd/pki Update to api 1.0.1 and sdk 0.1.8 2019-04-15 14:10:07 -04:00
backend.go Finish refactor to remove global crlLifetime (#16835) 2022-08-23 15:19:11 -04:00
backend_test.go Don't allow crl-signing issuer usage without CRLSign KeyUsage (#16865) 2022-08-24 07:45:54 -07:00
ca_test.go Make PKI tests run in parallel (#16514) 2022-08-01 16:43:38 -04:00
ca_util.go Add PSS support to PKI Secrets Engine (#16519) 2022-08-03 12:42:24 -04:00
cert_util.go Add an OCSP responder to Vault's PKI plugin (#16723) 2022-08-22 14:06:15 -04:00
cert_util_test.go Make PKI tests run in parallel (#16514) 2022-08-01 16:43:38 -04:00
chain_test.go Allow old certs to be cross-signed (#16494) 2022-08-03 06:34:21 -07:00
chain_util.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
config_util.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
crl_test.go Identify issuer on revocation (#16763) 2022-08-24 12:23:27 -04:00
crl_util.go Identify issuer on revocation (#16763) 2022-08-24 12:23:27 -04:00
fields.go Add PSS support to PKI Secrets Engine (#16519) 2022-08-03 12:42:24 -04:00
integation_test.go Make PKI tests run in parallel (#16514) 2022-08-01 16:43:38 -04:00
key_util.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
managed_key_util.go secret/pki: Return correct algorithm type from key fetch API for managed keys (#15468) 2022-05-17 11:36:14 -04:00
ocsp.go Handle multiple matching issuers in OCSP requests (#16848) 2022-08-24 09:00:40 -04:00
ocsp_test.go Handle multiple matching issuers in OCSP requests (#16848) 2022-08-24 09:00:40 -04:00
path_config_ca.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
path_config_crl.go Enable periodic, automatic rebuilding of CRLs (#16762) 2022-08-23 13:27:15 -04:00
path_config_urls.go Add per-issuer AIA URI information to PKI secrets engine (#16563) 2022-08-19 11:43:44 -04:00
path_fetch.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
path_fetch_issuers.go Don't allow crl-signing issuer usage without CRLSign KeyUsage (#16865) 2022-08-24 07:45:54 -07:00
path_fetch_keys.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
path_intermediate.go Add per-issuer AIA URI information to PKI secrets engine (#16563) 2022-08-19 11:43:44 -04:00
path_issue_sign.go Add PSS support to PKI Secrets Engine (#16519) 2022-08-03 12:42:24 -04:00
path_manage_issuers.go Add per-issuer AIA URI information to PKI secrets engine (#16563) 2022-08-19 11:43:44 -04:00
path_manage_keys.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
path_manage_keys_test.go Make PKI tests run in parallel (#16514) 2022-08-01 16:43:38 -04:00
path_revoke.go Add proof possession revocation for PKI secrets engine (#16566) 2022-08-16 14:01:26 -04:00
path_roles.go Add warning when generate_lease=true (#16398) 2022-08-08 13:26:10 -04:00
path_roles_test.go Make PKI tests run in parallel (#16514) 2022-08-01 16:43:38 -04:00
path_root.go Add per-issuer AIA URI information to PKI secrets engine (#16563) 2022-08-19 11:43:44 -04:00
path_sign_issuers.go Add PSS support to PKI Secrets Engine (#16519) 2022-08-03 12:42:24 -04:00
path_tidy.go Enable periodic, automatic rebuilding of CRLs (#16762) 2022-08-23 13:27:15 -04:00
secret_certs.go Allow Multiple Issuers in PKI Secret Engine Mounts - PKI Pod (#15277) 2022-05-11 12:42:28 -04:00
storage.go Don't allow crl-signing issuer usage without CRLSign KeyUsage (#16865) 2022-08-24 07:45:54 -07:00
storage_migrations.go Add an OCSP responder to Vault's PKI plugin (#16723) 2022-08-22 14:06:15 -04:00
storage_migrations_test.go Migrate existing PKI mounts that only contains a key (#16813) 2022-08-22 10:11:21 -07:00
storage_test.go Add an OCSP responder to Vault's PKI plugin (#16723) 2022-08-22 14:06:15 -04:00
test_helpers.go Add an OCSP responder to Vault's PKI plugin (#16723) 2022-08-22 14:06:15 -04:00
util.go Add an OCSP responder to Vault's PKI plugin (#16723) 2022-08-22 14:06:15 -04:00