scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 11:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,201 Commits 2,630 Branches 341 Tags
ldap-testing
Commit Graph

98 Commits

Author SHA1 Message Date
Jeff Mitchell
c38241446c Fix using wrong var 2016-03-24 10:23:09 -04:00
Jeff Mitchell
7ce9701800 Properly check for policy equivalency during renewal. 
This introduces a function that compares two string policy sets while
ignoring the presence of "default" (since it's added by core, not the
backend), and ensuring that ordering and/or duplication are not failure
conditions.

Fixes #1256
 2016-03-24 09:41:51 -04:00
Jeff Mitchell
1a28dc823f Remove us building Solaris binaries for the moment, as they don't build successfully 2016-03-16 15:47:55 -04:00
Tom Ritter
d8067ade5a Type in kdf.go 2016-02-08 14:39:46 -06:00
Jeff Mitchell
152f4a9391 Fix lost code after rebase 2016-01-19 19:19:07 -05:00
Jeff Mitchell
e9538f1441 RootGeneration->GenerateRoot 2016-01-19 18:28:10 -05:00
Jeff Mitchell
a25514d4f7 Address most of the review feedback 2016-01-19 18:28:10 -05:00
Jeff Mitchell
4cc7694a3a Add the ability to generate root tokens via unseal keys. 2016-01-19 18:28:10 -05:00
Jeff Mitchell
3ecd88bd5c Allow ASCII-armored PGP pub keys to be passed into -pgp-keys. 
Fixes #940
 2016-01-18 17:01:52 -05:00
Jeff Mitchell
21f91f73bb Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell
027c84c62a Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Jeff Mitchell
0c98dfc922 Add returning which user names could not be looked up 2016-01-04 13:56:45 -05:00
Jeff Mitchell
4ac937a440 Address review feedback. 2016-01-04 11:18:04 -05:00
Jeff Mitchell
43b1105ff2 Happy New Year everyone! (Add keybase support for PGP keys.) 
Keys specified in rekey and init operations can now be sourced from
keybase.io by using "keybase:[username]" as the key.
 2015-12-31 20:47:41 -05:00
Jeff Mitchell
69a2d7b8cc Merge pull request #829 from andrewstuart/master 
Add parsing of pkcs#8-encoded bundles for pki/config/ca
 2015-12-22 10:06:59 -05:00
Jeff Mitchell
a0308e6858 Migrate 'uuid' to 'go-uuid' to better fit HC naming convention 2015-12-16 12:56:20 -05:00
Charles Phillips
2d7023731f [helper] support mlock on Solaris/SmartOS 2015-12-15 11:28:16 -08:00
Andrew Stuart
fea21d9c08 Update PrivateKeyType to string, update switch statement. 2015-12-14 11:16:47 -07:00
Andrew Stuart
a73be107e1 Remove unnecessary cast 2015-12-14 06:17:20 -07:00
Andrew Stuart
44413fdb2f Remove printf call from test 2015-12-11 15:47:00 -07:00
Andrew Stuart
7b9a0e81e1 Merge branch 'pkcs8' 2015-12-11 15:22:43 -07:00
Andrew Stuart
1c41726766 Add benchmark for certutil bundle parsing 2015-12-11 15:17:49 -07:00
Andrew Stuart
166c7ac0f9 Remove debugging print statement in compareCertBundleToParsedCertBundle 2015-12-11 15:17:49 -07:00
Andrew Stuart
7065500d16 Remove flag check before trying pkcs8 parsing. 2015-12-11 15:17:49 -07:00
Andrew Stuart
c481955401 Add pkcs8 flag setting in ParsePEMBundle 2015-12-11 15:17:49 -07:00
Andrew Stuart
e38596fc1c Update tests and finish implementation of PKCS8 handling 2015-12-11 15:17:49 -07:00
Andrew Stuart
39a3a92e79 Update ParsePEMBundle to properly handle pkcs#8 
Implementation based on be16001187/src/crypto/tls/tls.go (L273-L290)
 2015-12-11 15:17:49 -07:00
Andrew Stuart
dfc052a755 Move to pem.Block.Type-based decoding 2015-12-11 14:57:33 -07:00
Andrew Stuart
ee563cdc32 Add benchmark for certutil bundle parsing 2015-12-11 09:58:49 -07:00
Andrew Stuart
1083c3b357 Merge branch 'master' into pkcs8 2015-12-10 21:02:59 -07:00
Andrew Stuart
ceb74f956c Update flag to field with format info 2015-12-10 21:02:31 -07:00
Andrew Stuart
a9723189a1 Remove debugging print statement in compareCertBundleToParsedCertBundle 2015-12-10 16:33:42 -07:00
Andrew Stuart
7bba342ee3 Remove flag check before trying pkcs8 parsing. 2015-12-09 19:41:32 -07:00
Andrew Stuart
50b7be1c9a Remove flag check before trying pkcs8 parsing. 2015-12-09 15:33:25 -07:00
Andrew Stuart
c8d49c2d66 Add pkcs8 flag setting in ParsePEMBundle 2015-12-09 15:33:25 -07:00
Andrew Stuart
5af21130d7 Update tests and finish implementation of PKCS8 handling 2015-12-09 15:33:25 -07:00
Andrew Stuart
b59e15c33d Update ParsePEMBundle to properly handle pkcs#8 
Implementation based on be16001187/src/crypto/tls/tls.go (L273-L290)
 2015-12-09 15:29:13 -07:00
Jeff Mitchell
76e5760696 Merge branch 'master' into pki-csrs 2015-11-20 12:48:38 -05:00
Jeff Mitchell
4f2f7a0e3b Mostly revert changes to certutil as the embedded struct stuff was being 
problematic.
 2015-11-19 14:18:39 -05:00
Jeff Mitchell
fcbdb5f30a fix tests 2015-11-19 10:13:28 -05:00
Jeff Mitchell
cb5514f3f3 Move public key comparison logic to its own function 2015-11-19 09:51:18 -05:00
Jeff Mitchell
b5423493ca Move serial number generation and key validation into certutil; centralize format and key verification 2015-11-19 09:51:18 -05:00
Jeff Mitchell
ba37e4bcb5 Add unit tests for CSR bundle conversion 2015-11-19 09:51:18 -05:00
Jeff Mitchell
4e73187837 Add support for EC CA keys, output to base64-encoded DER instead of PEM, and tests for all of those. Also note that Go 1.5 is now required. 2015-11-19 09:51:17 -05:00
Jeff Mitchell
e45af0a17b Add unit tests to test signing logic, fix up test logic for names 2015-11-19 09:51:17 -05:00
Jeff Mitchell
55fc4ba898 Implement CA cert/CSR generation. CA certs can be self-signed or 
generate an intermediate CSR, which can be signed.
 2015-11-19 09:51:17 -05:00
Jeff Mitchell
49d525ebf3 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell
2737066e09 Add delete method, and ability to delete only one serial as well as an entire set. 2015-11-03 10:52:20 -05:00
Mitchell Hashimoto
2768509c27 helper/password: interrupt should exit readline 2015-10-16 16:01:19 -07:00