scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 19:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revocation RevokerFactory interface, CE changes (#28203)

Browse Source
This commit is contained in:
Scott Miller
2024-08-27 16:35:11 -05:00
committed by GitHub
parent ba3d9c9aa0
commit 747b395da5
3 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
builtin/logical/pki/backend.go
View File

@@ -5,6 +5,7 @@ package pki
import ( import (
"context" "context"
"crypto/x509"
"fmt" "fmt"
"strings" "strings"
"sync" "sync"
@@ -342,6 +343,8 @@ type BackendOps interface {
pki_backend.SystemViewGetter pki_backend.SystemViewGetter
pki_backend.MountInfo pki_backend.MountInfo
pki_backend.Logger pki_backend.Logger
revocation.RevokerFactory
UseLegacyBundleCaStorage() bool UseLegacyBundleCaStorage() bool
CrlBuilder() *CrlBuilder CrlBuilder() *CrlBuilder
GetRevokeStorageLock() *sync.RWMutex GetRevokeStorageLock() *sync.RWMutex
@@ -805,3 +808,28 @@ func (b *backend) initializeStoredCertificateCounts(ctx context.Context) error {
certCounter.InitializeCountsFromStorage(entries, revokedEntries) certCounter.InitializeCountsFromStorage(entries, revokedEntries)
return nil return nil
} }
var _ revocation.Revoker = &revoker{}
type revoker struct {
backend *backend
storageContext *storageContext
crlConfig *pki_backend.CrlConfig
}
func (r *revoker) RevokeCert(cert *x509.Certificate) (*logical.Response, error) {
return revokeCert(r.storageContext, r.crlConfig, cert)
}
func (r *revoker) RevokeCertBySerial(serial string) (*logical.Response, error) {
return tryRevokeCertBySerial(r.storageContext, r.crlConfig, serial)
}
func (b *backend) GetRevoker(ctx context.Context, s logical.Storage) revocation.Revoker {
sc := b.makeStorageContext(ctx, s)
return &revoker{
backend: b,
crlConfig: &b.CrlBuilder().config,
storageContext: sc,
}
}

12
builtin/logical/pki/revocation/revoke.go
View File

@@ -5,10 +5,13 @@ package revocation
import ( import (
"bytes" "bytes"
"context"
"crypto/x509" "crypto/x509"
"fmt" "fmt"
"time" "time"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/builtin/logical/pki/issuing" "github.com/hashicorp/vault/builtin/logical/pki/issuing"
"github.com/hashicorp/vault/builtin/logical/pki/pki_backend" "github.com/hashicorp/vault/builtin/logical/pki/pki_backend"
"github.com/hashicorp/vault/sdk/helper/errutil" "github.com/hashicorp/vault/sdk/helper/errutil"
@@ -18,6 +21,15 @@ const (
RevokedPath = "revoked/" RevokedPath = "revoked/"
) )
type RevokerFactory interface {
GetRevoker(context.Context, logical.Storage) Revoker
}
type Revoker interface {
RevokeCert(cert *x509.Certificate) (*logical.Response, error)
RevokeCertBySerial(serial string) (*logical.Response, error)
}
type RevocationInfo struct { type RevocationInfo struct {
CertificateBytes []byte `json:"certificate_bytes"` CertificateBytes []byte `json:"certificate_bytes"`
RevocationTime int64 `json:"revocation_time"` RevocationTime int64 `json:"revocation_time"`

2
builtin/logical/pkiext/nginx_test.go
View File

@@ -39,7 +39,7 @@ const (
func buildNginxContainer(t *testing.T, root string, crl string, chain string, private string) (func(), string, int, string, string, int) { func buildNginxContainer(t *testing.T, root string, crl string, chain string, private string) (func(), string, int, string, string, int) {
containerfile := ` containerfile := `
FROM nginx:latest FROM nginx:1.27.1
RUN mkdir /www /etc/nginx/ssl && rm /etc/nginx/conf.d/*.conf RUN mkdir /www /etc/nginx/ssl && rm /etc/nginx/conf.d/*.conf