Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ACME new account creation handlers #19820

Merged
merged 5 commits into from
Mar 29, 2023
Merged

Add ACME new account creation handlers #19820

merged 5 commits into from
Mar 29, 2023

Conversation

cipherboy
Copy link
Contributor

@cipherboy cipherboy commented Mar 29, 2023
edited
Loading

This builds on top of #19803; will be rebased once that is complete.

We start adding handlers for ACME accounts, and in particular, the New Account mechanism.

One thing that isn't clear is whether the account path (from the KID) is meant to be fetched directly or not. We'll also need to handle converting the kid into a sanitized/kid-only version (without the URL) to fetch from disk.

This does make it clear though that, barring a single static RR URL for all nodes in a cluster, ACME would require the account KID to point to a specific PR cluster.

@cipherboy cipherboy added this to the 1.14 milestone Mar 29, 2023
@cipherboy cipherboy requested review from stevendpclark and a team March 29, 2023 16:29
@cipherboy cipherboy marked this pull request as draft March 29, 2023 16:29
@cipherboy cipherboy force-pushed the cipherboy-add-new-account-creation branch from a50e9eb to 374b00f Compare March 29, 2023 16:30
@cipherboy cipherboy marked this pull request as ready for review March 29, 2023 16:30
stevendpclark
stevendpclark approved these changes Mar 29, 2023
View reviewed changes
Copy link
Contributor

@stevendpclark stevendpclark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One small nit, but looks good to me.

builtin/logical/pki/path_acme_new_account.go Outdated Show resolved Hide resolved
@cipherboy cipherboy force-pushed the cipherboy-add-new-account-creation branch from 374b00f to 7d84d55 Compare March 29, 2023 18:29
@cipherboy
Identify whether JWKs existed or were created, set KIDs
5893adc 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy
Reclassify ErrAccountDoesNotExist as 400 per spec
9d7bd25 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy
Add additional stub methods for ACME accounts
f7beead 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy
Start adding ACME newAccount handlers
5cd4025 
This handler supports two pieces of functionality:

 1. Searching for whether an existing account already exists.
 2. Creating a new account.

One side effect of our JWS parsing logic is that we needed a way to
differentiate between whether a JWK existed on disk from an account or
if it was specified in the request. This technically means we're
potentially responding to certain requests with positive results (e.g.,
key search based on kid) versus erring earlier like other
implementations do.

No account storage has been done as part of this commit.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy
Unify path fields handling, fix newAccount method
49a7cb3 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy cipherboy force-pushed the cipherboy-add-new-account-creation branch from 7d84d55 to 49a7cb3 Compare March 29, 2023 18:33
@cipherboy cipherboy enabled auto-merge (squash) March 29, 2023 18:41
@cipherboy cipherboy mentioned this pull request Mar 29, 2023
Merged
@cipherboy cipherboy merged commit 7144174 into main Mar 29, 2023
@cipherboy cipherboy deleted the cipherboy-add-new-account-creation branch April 21, 2023 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevendpclark stevendpclark stevendpclark approved these changes

Assignees
No one assigned
Labels
enhancement pr/no-changelog secret/pki
Projects
None yet
Milestone
1.14
Development

Successfully merging this pull request may close these issues.
2 participants
@cipherboy @stevendpclark