mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-02 03:27:54 +00:00
1996377b4f
* setup initial boilerplate code for sign csr endpoint * add function to sign csr * working version of sign csr endpoint * improving errors for csr create and sign endpoint * initial implementation for import leaf certificate endpoint * check if more than one certificate was provided in the ceritificate chain * improve validate cert public key matches transit key * convert provided cert chain from PEM to DER so it can be parsed by x509.ParseCertificates and fixing other bugs * fix creation of csr from csrTemplate * add missing persist of certificate chain after validations in set-certificate endpoint * allow exporting a certificate-chain * move function declaration to end of page * improving variable and function names, removing comments * fix certificate chain parsing - work in progress * test for signCsr endpoint * use Operations instead of Callbacks in framework.Path * setup test for set-certificate endpoint fix problems with sign-csr endpoint returning base64 * finish set-certificate endpoint test * use public key KeyEntry fields instead of retrieving public key from private * improve error message and make better distinction between client and server error also moved check of key types before checking if key match to endpoint handler * check if private key has been imported for key version selected when signing a csr * improve errors * add endpoint description and synopsis * fix functions calls in backend as function names changed * improve import cert chain test * trim whitespaces on export certificate chain * changelog * pass context from handler function to policy Persist * make fmt run * fix: assign returned error from PersistCertificateChain to err so it can be evaluated * additional validations and improvements to parseCertificateChain function * add validation to check if there is only one certificate in the certificate chain and it is in the first position * import cert chain test: move creation of cluster to exported test function * move check of end-cert pub key algorithm and key transit algorithm match into a separate function * test export certificate chain * Update sdk/helper/keysutil/policy.go Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com> * fix validateLeafCertPosition * reject certificate actions on policies that allow key derivation and remove derived checks * return UserError from CreateCSR SDK function as 400 in transit API handler * add derived check for ED5519 keys on CreateCSR SDK func * remove unecessary calls of x509.CreateCertificateRequest * move validate key type match back into SDK ValidateLeafCertMatch function * add additional validations (ValidateLeafCertKeyMatch, etc) in SDK PersistCertificateChain function * remove uncessary call of ValidateLeafCertKeyMatch in parseImportCertChainWrite * store certificate chain as a [][]byte instead of []*x509.Certificate * include persisted ca chain in import cert-chain response * remove NOTE comment * allow exporting cert-chain even if exportable is set as false * remove NOTE comment * add certifcate chain to formatKeyPublic if present also added an additional check to validate if field is added when certchain is present --------- Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Vault SDK libs
This package provides the sdk package which contains code useful for
developing Vault plugins.
Although we try not to break functionality, we reserve the right to reorganize
the code at will and may occasionally cause breaks if they are warranted. As
such we expect the tag of this module will stay less than v1.0.0.
For any major changes we will try to give advance notice in the CHANGES section of Vault's CHANGELOG.md.