open-vault

History

Gabriel Santos ff5ff849fd PKI - Honor header If-Modified-Since if present (#16249 ) * honor header if-modified-since if present * pathGetIssuerCRL first version * check if modified since for CA endpoints * fix date comparison for CA endpoints * suggested changes and refactoring * add writeIssuer to updateDefaultIssuerId and fix error * Move methods out of storage.go into util.go For the most part, these take a SC as param, but aren't directly storage relevant operations. Move them out of storage.go as a result. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Use UTC timezone for storage Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Rework path_fetch for better if-modified-since handling Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Invalidate all issuers, CRLs on default write When the default is updated, access under earlier timestamps will not work as we're unclear if the timestamp is for this issuer or a previous issuer. Thus, we need to invalidate the CRL and both issuers involved (previous, next) by updating their LastModifiedTimes. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add tests for If-Modified-Since Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Correctly invalidate default issuer changes When the default issuer changes, we'll have to mark the invalidation on PR secondary clusters, so they know to update their CRL mapping as well. The swapped issuers will have an updated modification time (which will eventually replicate down and thus be correct), but the CRL modification time is cluster-local information and thus won't be replicated. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * make fmt Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Refactor sendNotModifiedResponseIfNecessary Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog entry Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add documentation on if-modified-since Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>		2022-08-29 15:28:47 -04:00
..
cmd/pki
backend.go	PKI - Honor header If-Modified-Since if present (#16249 )	2022-08-29 15:28:47 -04:00
backend_test.go	PKI - Honor header If-Modified-Since if present (#16249 )	2022-08-29 15:28:47 -04:00
ca_test.go	Make PKI tests run in parallel (#16514 )	2022-08-01 16:43:38 -04:00
ca_util.go	Add PSS support to PKI Secrets Engine (#16519 )	2022-08-03 12:42:24 -04:00
cert_util.go	Support for generating Delta CRLs (#16773 )	2022-08-29 11:37:09 -04:00
cert_util_test.go	Make PKI tests run in parallel (#16514 )	2022-08-01 16:43:38 -04:00
chain_test.go	Cleanup changes around issuer revocation (#16874 )	2022-08-25 11:36:37 -04:00
chain_util.go	Fix CodeQL Errors - check allocation is smaller than 2^30 (#16869 )	2022-08-26 13:26:11 -04:00
config_util.go	PKI - Honor header If-Modified-Since if present (#16249 )	2022-08-29 15:28:47 -04:00
crl_test.go	Support for generating Delta CRLs (#16773 )	2022-08-29 11:37:09 -04:00
crl_util.go	PKI - Honor header If-Modified-Since if present (#16249 )	2022-08-29 15:28:47 -04:00
fields.go	Add PSS support to PKI Secrets Engine (#16519 )	2022-08-03 12:42:24 -04:00
integation_test.go	Make PKI tests run in parallel (#16514 )	2022-08-01 16:43:38 -04:00
key_util.go
managed_key_util.go
ocsp.go	Add ocsp_expiry configuration field to PKI crl config (#16888 )	2022-08-25 16:01:39 -04:00
ocsp_test.go	Add ocsp_expiry configuration field to PKI crl config (#16888 )	2022-08-25 16:01:39 -04:00
path_config_ca.go
path_config_crl.go	Support for generating Delta CRLs (#16773 )	2022-08-29 11:37:09 -04:00
path_config_urls.go	Add per-issuer AIA URI information to PKI secrets engine (#16563 )	2022-08-19 11:43:44 -04:00
path_fetch.go	PKI - Honor header If-Modified-Since if present (#16249 )	2022-08-29 15:28:47 -04:00
path_fetch_issuers.go	PKI - Honor header If-Modified-Since if present (#16249 )	2022-08-29 15:28:47 -04:00
path_fetch_keys.go
path_intermediate.go	Add per-issuer AIA URI information to PKI secrets engine (#16563 )	2022-08-19 11:43:44 -04:00
path_issue_sign.go	Add PSS support to PKI Secrets Engine (#16519 )	2022-08-03 12:42:24 -04:00
path_manage_issuers.go	Add per-issuer AIA URI information to PKI secrets engine (#16563 )	2022-08-19 11:43:44 -04:00
path_manage_keys.go
path_manage_keys_test.go	Make PKI tests run in parallel (#16514 )	2022-08-01 16:43:38 -04:00
path_revoke.go	Add proof possession revocation for PKI secrets engine (#16566 )	2022-08-16 14:01:26 -04:00
path_roles.go	Add warning when generate_lease=true (#16398 )	2022-08-08 13:26:10 -04:00
path_roles_test.go	Make PKI tests run in parallel (#16514 )	2022-08-01 16:43:38 -04:00
path_root.go	Add per-issuer AIA URI information to PKI secrets engine (#16563 )	2022-08-19 11:43:44 -04:00
path_sign_issuers.go	Add PSS support to PKI Secrets Engine (#16519 )	2022-08-03 12:42:24 -04:00
path_tidy.go	Let PKI tidy associate revoked certs with their issuers (#16871 )	2022-08-26 10:13:45 -07:00
secret_certs.go
storage.go	PKI - Honor header If-Modified-Since if present (#16249 )	2022-08-29 15:28:47 -04:00
storage_migrations.go	Add an OCSP responder to Vault's PKI plugin (#16723 )	2022-08-22 14:06:15 -04:00
storage_migrations_test.go	Migrate existing PKI mounts that only contains a key (#16813 )	2022-08-22 10:11:21 -07:00
storage_test.go	Add an OCSP responder to Vault's PKI plugin (#16723 )	2022-08-22 14:06:15 -04:00
test_helpers.go	Add an OCSP responder to Vault's PKI plugin (#16723 )	2022-08-22 14:06:15 -04:00
util.go	PKI - Honor header If-Modified-Since if present (#16249 )	2022-08-29 15:28:47 -04:00