scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-10 08:46:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,722 Commits 2,630 Branches 341 Tags
auto-plugin-update/hashicorp/vault-plugin-database-redis-elasticache/auto-dependency-upgrades
Commit Graph

815 Commits

Author SHA1 Message Date
Andrew Stuart
7bba342ee3 Remove flag check before trying pkcs8 parsing. 2015-12-09 19:41:32 -07:00
Andrew Stuart
50b7be1c9a Remove flag check before trying pkcs8 parsing. 2015-12-09 15:33:25 -07:00
Andrew Stuart
c8d49c2d66 Add pkcs8 flag setting in ParsePEMBundle 2015-12-09 15:33:25 -07:00
Andrew Stuart
5af21130d7 Update tests and finish implementation of PKCS8 handling 2015-12-09 15:33:25 -07:00
Andrew Stuart
b59e15c33d Update ParsePEMBundle to properly handle pkcs#8 
Implementation based on be16001187/src/crypto/tls/tls.go (L273-L290)
 2015-12-09 15:29:13 -07:00
Jeff Mitchell
76e5760696 Merge branch 'master' into pki-csrs 2015-11-20 12:48:38 -05:00
Jeff Mitchell
4f2f7a0e3b Mostly revert changes to certutil as the embedded struct stuff was being 
problematic.
 2015-11-19 14:18:39 -05:00
Jeff Mitchell
fcbdb5f30a fix tests 2015-11-19 10:13:28 -05:00
Jeff Mitchell
cb5514f3f3 Move public key comparison logic to its own function 2015-11-19 09:51:18 -05:00
Jeff Mitchell
b5423493ca Move serial number generation and key validation into certutil; centralize format and key verification 2015-11-19 09:51:18 -05:00
Jeff Mitchell
ba37e4bcb5 Add unit tests for CSR bundle conversion 2015-11-19 09:51:18 -05:00
Jeff Mitchell
4e73187837 Add support for EC CA keys, output to base64-encoded DER instead of PEM, and tests for all of those. Also note that Go 1.5 is now required. 2015-11-19 09:51:17 -05:00
Jeff Mitchell
e45af0a17b Add unit tests to test signing logic, fix up test logic for names 2015-11-19 09:51:17 -05:00
Jeff Mitchell
55fc4ba898 Implement CA cert/CSR generation. CA certs can be self-signed or 
generate an intermediate CSR, which can be signed.
 2015-11-19 09:51:17 -05:00
Jeff Mitchell
49d525ebf3 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell
2737066e09 Add delete method, and ability to delete only one serial as well as an entire set. 2015-11-03 10:52:20 -05:00
Mitchell Hashimoto
2768509c27 helper/password: interrupt should exit readline 2015-10-16 16:01:19 -07:00
Jeff Mitchell
0ea4271ddb Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Jeff Mitchell
db4000b74c Allow base64-encoded keys to be used on the CLI for init/rekey. 
Fixes #653.
 2015-10-06 12:47:01 -04:00
Jeff Mitchell
49ec196016 Changes to salt to clean up HMAC stuff. 2015-09-18 18:13:10 -04:00
Jeff Mitchell
1a22cb0b12 Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell
a4ca14cfbc Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell
5584a11997 When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes. 2015-08-26 07:59:50 -07:00
Jeff Mitchell
4d877dc4eb Address comments from review. 2015-08-25 15:33:58 -07:00
Jeff Mitchell
e133536b79 Add support for pgp-keys argument to rekey, as well as tests, plus 
refactor common bits out of init.
 2015-08-25 14:52:13 -07:00
Bradley Girardeau
7b6547abf7 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
Bradley Girardeau
c7b806ebf6 mfa: code cleanup 2015-07-28 11:55:46 -07:00
Bradley Girardeau
083226f317 mfa: improve edge cases and documentation 2015-07-27 21:14:00 -07:00
Bradley Girardeau
0efdcb7ae0 mfa duo: better error messages 2015-07-27 21:14:00 -07:00
Bradley Girardeau
4b87af123d mfa: add test cases for MFA, Duo 2015-07-27 21:14:00 -07:00
Bradley Girardeau
b581bf20e0 mfa: add MFA wrapper with Duo second factor 2015-07-27 21:14:00 -07:00
Armon Dadgar
edb60b5832 helper/kdf: changing argument name for clarity 2015-07-05 14:01:56 -07:00
Armon Dadgar
8d0840fb82 helper/kdf: adding lib for key derivation from NIST800-108 2015-07-05 14:01:21 -07:00
Armon Dadgar
f975cc6e2b helper/salt: track if salt was generated 2015-06-30 16:47:49 -07:00
Armon Dadgar
74714e1122 helper/salt: adding little helper for salting 2015-06-30 14:04:18 -07:00
Armon Dadgar
e9f05fbe4f helper/uuid: single generateUUID definition 2015-06-30 12:38:32 -07:00
Armon Dadgar
01592c0744 Merge pull request #310 from jefferai/f-pki 
Initial PKI backend implementation
 2015-06-21 11:12:22 +01:00
Steve Wills
fce09c2962 allow building on FreeBSD 
Allow this file to build on FreeBSD
 2015-06-19 16:59:24 -04:00
Jeff Mitchell
15594561ab Add unit tests for certutil, and fix a whitespace stripping issue. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-19 16:06:56 -04:00
Jeff Mitchell
435aefc072 A few things: 
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-19 12:48:18 -04:00
Jeff Mitchell
23ba605068 Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-18 15:22:58 -04:00
Jeff Mitchell
c4256601f2 Restructure a little bit to make the helper library fully standalone. This makes it easier to move around later if desired, and for use by external programs. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-18 06:42:57 -04:00
Jeff Mitchell
31e680048e A lot of refactoring: move PEM bundle parsing into helper/certutil, so that it is usable by other backends that want to use it to get the necessary data for TLS auth. 
Also, enhance the raw cert bundle => parsed cert bundle to make it more useful and perform more validation checks.

More refactoring could be done within the PKI backend itself, but that can wait.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-17 16:07:20 -04:00
Mitchell Hashimoto
4502bb71b8 helper/kv-builder: blank values should not panic 2015-06-16 10:00:02 -07:00
Mark Junker
94adbb3d49 Fixes #83 2015-04-29 10:20:09 +02:00
Mitchell Hashimoto
04215756ea vault: add helper/mlock for doing mlock 2015-04-28 14:59:43 -07:00
Mitchell Hashimoto
ae1c71085c helper/passsword: fix windows compilation 2015-04-28 09:23:48 -07:00
Mitchell Hashimoto
574050b53f helper/kv-builder 2015-04-07 22:30:25 -07:00
Mitchell Hashimoto
3e4a8a926e command/auth: framework for supporting more auth methods 2015-04-05 20:50:18 -07:00
Mitchell Hashimoto
a196d194a1 command/server: cleaner output 2015-04-04 12:06:41 -07:00