Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support providing explicit options to VaultTransitSecretEngine sign & verifySignature #17032

Merged

Conversation

kdubb
Copy link
Contributor

@kdubb kdubb commented May 6, 2021

Fixes #17033

The VaultTransitSecretEngine.sign and VaultTransitSecretEngine.verifySignature now have variants that take a SignVerifyOptions value.

SignVerifyOptions allows specifying the following options from the Vault API:

  • hashAlgorithm (aka hash_algorithm)
  • signatureAlgorithm - (aka signature_algorithm)
  • prehashed
  • marshalingAlgorithm - (aka marshaling_algorithm)

Some of these options (e.g. hashAlgorithm, signatureAlgorithm and prehashed) can be configured for specific transit keys via Quarkus config. The explicit options provided via SignVerifyOptions take precedence over any conifgured values.

@sberyozkin
Copy link
Member

LGTM, waiting for Vincent's review

@kdubb
Copy link
Contributor Author

kdubb commented May 6, 2021

@vsevel Should be good to go!

@sberyozkin
Copy link
Member

@kdubb Can you squash please

… verifySignature

The `VaultTransitSecretEngine.sign` and `VaultTransitSecretEngine.verifySignature` now have variants that take a `SignVerifyOptions` value.

`SignVerifyOptions` allows specifying the following options from the Vault API:
* `hashAlgorithm` (aka `hash_algorithm`)
* `signatureAlgorithm` - (aka `signature_algorithm`)
* `prehashed`
* `marshalingAlgorithm` - (aka `marshaling_algorithm`)

Some of these options (e.g. `hashAlgorithm`, `signatureAlgorithm` and `prehashed`) can be configured for specific transit keys via Quarkus config. The explicit options provided via `SignVerifyOptions` take precedence over any conifgured values.
@kdubb kdubb force-pushed the fix/vault_explicit_sign_verify_options branch from 2f3498a to 5b92f0b Compare May 7, 2021 14:44
@kdubb
Copy link
Contributor Author

kdubb commented May 7, 2021

@sberyozkin squashed & updated

@kdubb kdubb requested a review from vsevel May 7, 2021 15:20
@vsevel
Copy link
Contributor

vsevel commented May 7, 2021

@kdubb did you rebase on master?
@sberyozkin I think we can merge. ok for you?

@kdubb
Copy link
Contributor Author

kdubb commented May 7, 2021

@vsevel Yes, rebased on master and squashed

@sberyozkin
Copy link
Member

@vsevel Hi Vincent - thanks, let me merge, your approval is sufficient :-)
@kdubb thanks for this PR

@sberyozkin sberyozkin merged commit f2d4ff8 into quarkusio:main May 10, 2021
@quarkus-bot quarkus-bot bot added this to the 2.0 - main milestone May 10, 2021
@vsevel
Copy link
Contributor

vsevel commented May 11, 2021

@kdubb thanks for this improvement

@kdubb kdubb deleted the fix/vault_explicit_sign_verify_options branch May 11, 2021 04:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allow explicitly specifying options sign/verify to Vault transit methods
3 participants