scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 09:42:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
91d88c3de1ec55c0e3d250686f96c5af177f1c29
vault/ui/app/models/pki/sign-intermediate.js
claire bontempo 91d88c3de1 Add UI support name constraints (#29263) 
* add open api params

* support pki name constraints

* fix conditional

* revert helptextwsubtext

* fix typo

* add name constraints to sign intermediate form

* add changelog

* update test
2025-01-02 11:50:49 -06:00

136 lines
4.2 KiB
JavaScript
Raw Blame History

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: BUSL-1.1
*/
import { attr } from '@ember-data/model';
import { withFormFields } from 'vault/decorators/model-form-fields';
import { withModelValidations } from 'vault/decorators/model-validations';
import PkiCertificateBaseModel from './certificate/base';
const validations = {
csr: [{ type: 'presence', message: 'CSR is required.' }],
};
@withModelValidations(validations)
@withFormFields([
'csr',
'useCsrValues',
'commonName',
'excludeCnFromSans',
'customTtl',
'notBeforeDuration',
'enforceLeafNotAfterBehavior',
'format',
'maxPathLength',
])
export default class PkiSignIntermediateModel extends PkiCertificateBaseModel {
@attr issuerRef;
@attr('string', {
label: 'CSR',
editType: 'textarea',
subText: 'The PEM-encoded CSR to be signed.',
})
csr;
@attr('boolean', {
label: 'Use CSR values',
subText:
'Subject information and key usages specified in the CSR will be used over parameters provided here, and extensions in the CSR will be copied into the issued certificate.',
docLink: '/vault/api-docs/secret/pki#use_csr_values',
})
useCsrValues;
@attr({
label: 'Backdate validity',
detailsLabel: 'Issued certificate backdating',
helperTextDisabled: 'Vault will use the default value, 30s',
helperTextEnabled:
'Also called the not_before_duration property. Allows certificates to be valid for a certain time period before now. This is useful to correct clock misalignment on various systems when setting up your CA.',
editType: 'ttl',
defaultValue: '30s',
})
notBeforeDuration;
@attr('boolean', {
subText: "Do not truncate the NotAfter field, use the issuer's configured leaf_not_after_behavior",
})
enforceLeafNotAfterBehavior;
@attr({
subText: 'Specifies the maximum path length to encode in the generated certificate. -1 means no limit',
defaultValue: '-1',
})
maxPathLength;
/* Name constraint overrides */
@attr({
subText: 'DNS domains for which certificates are allowed to be issued or signed by this CA certificate.',
})
permittedDnsDomains;
@attr({
subText: 'Domains for which this certificate is not allowed to sign or issue child certificates.',
})
excludedDnsDomains;
@attr({
subText: 'Email addresses for which this certificate is not allowed to sign or issue child certificates.',
})
excludedEmailAddresses;
@attr({
subText:
'IP ranges for which this certificate is not allowed to sign or issue child certificates. Ranges must be specified in the notation of IP address and prefix length, such as "192.0.2.0/24" or "2001:db8::/32", as defined in RFC 4632 and RFC 4291.',
})
excludedIpRanges;
@attr({
subText: 'URI domains for which this certificate is not allowed to sign or issue child certificates.',
})
excludedUriDomains;
@attr({
subText: 'Email addresses for which this certificate is allowed to sign or issue child certificates.',
})
permittedEmailAddresses;
@attr({
subText:
'IP ranges for which this certificate is allowed to sign or issue child certificates. Ranges must be specified in the notation of IP address and prefix length, such as "192.0.2.0/24" or "2001:db8::/32", as defined in RFC 4632 and RFC 4291.',
})
permittedIpRanges;
@attr({
subText: 'URI domains for which this certificate is allowed to sign or issue child certificates.',
})
permittedUriDomains;
/* Signing Options overrides */
@attr({
label: 'Use PSS',
subText:
'If checked, PSS signatures will be used over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.',
})
usePss;
@attr({
label: 'Subject Key Identifier (SKID)',
subText:
'Value for the subject key identifier, specified as a string in hex format. If this is empty, Vault will automatically calculate the SKID. ',
})
skid;
@attr({
possibleValues: ['0', '256', '384', '512'],
})
signatureBits;
/* Additional subject overrides */
@attr('string', {
subText:
"Specifies the requested Subject's named Serial Number value. This has no impact on the Certificate's serial number randomly generated by Vault.",
})
subjectSerialNumber;
}
Reference in New Issue View Git Blame Copy Permalink