Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom extended key usage for PKI #4667

Merged

Conversation

alexionescu
Copy link
Contributor

  • Adds ability to have roles that sign certificates with custom EKU OIDs.

- Adds ability to have roles that sign certificates with custom EKU OIDs.
@@ -55,6 +55,10 @@ export default DS.Model.extend({
defaultValue: 'DigitalSignature,KeyAgreement,KeyEncipherment',
editType: 'stringArray',
}),
extKeyUsageOIDs: attr({
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ext_key_usage_oids will get "camelized" to extKeyUsageOids - so will need to change that here and below.

@@ -451,6 +457,7 @@ func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data
UseCSRCommonName: data.Get("use_csr_common_name").(bool),
UseCSRSANs: data.Get("use_csr_sans").(bool),
KeyUsage: data.Get("key_usage").([]string),
ExtKeyUsageOIDs: data.Get("ext_key_usage_oids").([]string),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a check on the values similar to the PolicyIdentifiers check below? That way we'll know there won't be an error when generating a cert, instead of silently ignoring it.

@jefferai jefferai added this to the 0.10.2 milestone May 31, 2018
@@ -1045,6 +1057,8 @@ func createCertificate(data *dataBundle) (*certutil.ParsedCertBundle, error) {

addKeyUsages(data, certTemplate)

addExtKeyUsageOids(data, certTemplate)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs to be in signCertificate too

@@ -166,6 +166,12 @@ To remove all key usages from being set, set
this value to an empty list.`,
},

"ext_key_usage_oids": &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Default: []string{},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't set an empty default here -- it's done automatically!

jefferai
jefferai previously approved these changes May 31, 2018
Copy link
Member

@jefferai jefferai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Just that one final comment.

@jefferai
Copy link
Member

jefferai commented Jun 1, 2018

Also please make fmt so Travis can run!

Copy link
Member

@jefferai jefferai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much!

@jefferai jefferai changed the title Fixes #4500. Custom exteded key usage for PKI. Custom extended key usage for PKI Jun 1, 2018
@jefferai jefferai merged commit 33ec066 into hashicorp:master Jun 1, 2018
@alexionescu
Copy link
Contributor Author

Thank you for reviewing it so quickly!

@alexionescu alexionescu deleted the add/custom-extended-key-usage-oid branch June 1, 2018 14:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants