mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

fix: minus d on Ed

Browse source
This commit is contained in:
Ahmet DEMIR 2022-01-26 11:29:21 +01:00
parent d957a57e24
commit 8ef3abf6d9
No known key found for this signature in database
GPG key ID: 7F0E92AFAC67CDD5
2 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
cas/vaultcas/vaultcas.go
View file

@ -29,7 +29,7 @@ type VaultOptions struct {
PKIRole string `json:"pkiRole,omitempty"` PKIRole string `json:"pkiRole,omitempty"`
PKIRoleRSA string `json:"pkiRoleRSA,omitempty"` PKIRoleRSA string `json:"pkiRoleRSA,omitempty"`
PKIRoleEC string `json:"pkiRoleEC,omitempty"` PKIRoleEC string `json:"pkiRoleEC,omitempty"`
PKIRoleED25519 string `json:"PKIRoleED25519,omitempty"` PKIRoleEd25519 string `json:"PKIRoleEd25519,omitempty"`
RoleID string `json:"roleID,omitempty"` RoleID string `json:"roleID,omitempty"`
SecretID auth.SecretID `json:"secretID,omitempty"` SecretID auth.SecretID `json:"secretID,omitempty"`
AppRole string `json:"appRole,omitempty"` AppRole string `json:"appRole,omitempty"`
@ -54,13 +54,13 @@ func loadOptions(config json.RawMessage) (vc VaultOptions, err error) {
} }
// pkirole or per key type must be defined // pkirole or per key type must be defined
if vc.PKIRole == "" && vc.PKIRoleRSA == "" && vc.PKIRoleEC == "" && vc.PKIRoleED25519 == "" { if vc.PKIRole == "" && vc.PKIRoleRSA == "" && vc.PKIRoleEC == "" && vc.PKIRoleEd25519 == "" {
return vc, errors.New("vaultCAS config options must define `pkiRole`") return vc, errors.New("vaultCAS config options must define `pkiRole`")
} }
// if pkirole is empty all others keys must be set // if pkirole is empty all others keys must be set
if vc.PKIRole == "" && (vc.PKIRoleRSA == "" || vc.PKIRoleEC == "" || vc.PKIRoleED25519 == "") { if vc.PKIRole == "" && (vc.PKIRoleRSA == "" || vc.PKIRoleEC == "" || vc.PKIRoleEd25519 == "") {
return vc, errors.New("vaultCAS config options must include a `pkiRole` or `pkiRoleRSA`, `pkiRoleEC` and `pkiRoleEd25519`") return vc, errors.New("vaultCAS config options must include a `pkiRole` or `pkiRoleRSA`, `pkiRoleEC` and `PKIRoleEd25519`")
} }
// if pkirole is not empty, use it as default for unset keys // if pkirole is not empty, use it as default for unset keys
@ -71,8 +71,8 @@ func loadOptions(config json.RawMessage) (vc VaultOptions, err error) {
if vc.PKIRoleEC == "" { if vc.PKIRoleEC == "" {
vc.PKIRoleEC = vc.PKIRole vc.PKIRoleEC = vc.PKIRole
} }
if vc.PKIRoleED25519 == "" { if vc.PKIRoleEd25519 == "" {
vc.PKIRoleED25519 = vc.PKIRole vc.PKIRoleEd25519 = vc.PKIRole
} }
} }
@ -144,7 +144,7 @@ func (v *VaultCAS) createCertificate(cr *x509.CertificateRequest, lifetime time.
case csr.PublicKeyAlgorithm == x509.ECDSA: case csr.PublicKeyAlgorithm == x509.ECDSA:
vaultPKIRole = v.config.PKIRoleEC vaultPKIRole = v.config.PKIRoleEC
case csr.PublicKeyAlgorithm == x509.Ed25519: case csr.PublicKeyAlgorithm == x509.Ed25519:
vaultPKIRole = v.config.PKIRoleED25519 vaultPKIRole = v.config.PKIRoleEd25519
default: default:
return nil, nil, errors.Errorf("createCertificate: Unsupported public key algorithm '%v'", csr.PublicKeyAlgorithm) return nil, nil, errors.Errorf("createCertificate: Unsupported public key algorithm '%v'", csr.PublicKeyAlgorithm)
} }

2
cas/vaultcas/vaultcas_test.go
View file

@ -172,7 +172,7 @@ func TestVaultCAS_CreateCertificate(t *testing.T) {
PKIRole: "role", PKIRole: "role",
PKIRoleRSA: "rsa", PKIRoleRSA: "rsa",
PKIRoleEC: "ec", PKIRoleEC: "ec",
PKIRoleED25519: "ed25519", PKIRoleEd25519: "ed25519",
RoleID: "roleID", RoleID: "roleID",
SecretID: auth.SecretID{FromString: "secretID"}, SecretID: auth.SecretID{FromString: "secretID"},
AppRole: "approle", AppRole: "approle",