Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add unauthed JSON fetching of CRLs, Issuers #15253

Closed
wants to merge 4 commits into from
Closed

Add unauthed JSON fetching of CRLs, Issuers #15253

wants to merge 4 commits into from

Commits on May 2, 2022

  1. Default to fetching JSON CRL for consistency 

    This makes the bare issuer-specific CRL fetching endpoint return the
JSON-wrapped CRL by default, moving the DER CRL to a specific endpoint.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed May 2, 2022
    Configuration menu
    Copy the full SHA
    0d596de View commit details
    Browse the repository at this point in the history

  2. Add JSON-specific endpoint for fetching issuers 

    Unlike the unqualified /issuer/:ref endpoint (which also returns JSON),
we have a separate /issuer/:ref/json endpoint to return _only_ the
PEM-encoded certificate and the chain, mirroring the existing /cert/ca
endpoint but for a specific issuer. This allows us to make the endpoint
unauthenticated, whereas the bare endpoint would remain authenticated
and usually privileged.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed May 2, 2022
    Configuration menu
    Copy the full SHA
    b6f8b0b View commit details
    Browse the repository at this point in the history

  3. Add unauthenticated issuers endpoints to PKI table 

    This adds the unauthenticated issuers endpoints?

 - LIST /issuers,
 - Fetching _just_ the issuer certificates (in JSON/DER/PEM form), and
 - Fetching the CRL of this issuer (in JSON/DER/PEM form).

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed May 2, 2022
    Configuration menu
    Copy the full SHA
    bf1e048 View commit details
    Browse the repository at this point in the history

  4. Add tests for raw JSON endpoints 

    Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed May 2, 2022
    Configuration menu
    Copy the full SHA
    bb6624e View commit details
    Browse the repository at this point in the history