boulder

Commit Graph

Author	SHA1	Message	Date
Aaron Gable	8545ea8364	KeyPolicy: add custom constructor and make all fields private (#7543 ) Change how goodkey.KeyPolicy keeps track of allowed RSA and ECDSA key sizes, to make it slightly more flexible while still retaining the very locked-down allowlist of only 6 acceptable key sizes (RSA 2048, 3076, and 4092, and ECDSA P256, P384, and P521). Add a new constructor which takes in a collection of allowed key sizes, so that users of the goodkey package can customize which keys they accept. Rename the existing constructor to make it clear that it uses hardcoded default values. With these new constructors available, make all of the goodkey.KeyPolicy member fields private, so that a KeyPolicy can only be built via these constructors.	2024-06-18 17:52:50 -04:00
Aaron Gable	6710ebe4cd	admin: use SA to get serials by account and by SPKI hash (#7369 ) Add two new methods to the SA, GetSerialsByKey and GetSerialsByAccount, which use the same query as the admin tool has previously used to get serials matching a given SPKI hash or a given registration ID. These two new gRPC methods read the database row-by-row and produce streams of results to keep SA memory usage low. Use these methods in the admin tool so it no longer needs a direct database connection for these actions. Part of https://github.com/letsencrypt/boulder/issues/7350	2024-03-11 13:25:59 -07:00
Miloslav Trmač	5daf7d933e	Split sagoodkey.NewKeyPolicy from goodkey.NewKeyPolicy (#6651 ) Remove `grpc-go` and `sapb` dependencies from `goodkey`. --------- Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2023-02-13 15:58:42 -05:00

Author

SHA1

Message

Date

Aaron Gable

8545ea8364

KeyPolicy: add custom constructor and make all fields private (#7543 )

Change how goodkey.KeyPolicy keeps track of allowed RSA and ECDSA key
sizes, to make it slightly more flexible while still retaining the very
locked-down allowlist of only 6 acceptable key sizes (RSA 2048, 3076,
and 4092, and ECDSA P256, P384, and P521). Add a new constructor which
takes in a collection of allowed key sizes, so that users of the goodkey
package can customize which keys they accept. Rename the existing
constructor to make it clear that it uses hardcoded default values.

With these new constructors available, make all of the goodkey.KeyPolicy
member fields private, so that a KeyPolicy can only be built via these
constructors.

2024-06-18 17:52:50 -04:00

Aaron Gable

6710ebe4cd

admin: use SA to get serials by account and by SPKI hash (#7369 )

Add two new methods to the SA, GetSerialsByKey and GetSerialsByAccount,
which use the same query as the admin tool has previously used to get
serials matching a given SPKI hash or a given registration ID. These two
new gRPC methods read the database row-by-row and produce streams of
results to keep SA memory usage low.

Use these methods in the admin tool so it no longer needs a direct
database connection for these actions.

Part of https://github.com/letsencrypt/boulder/issues/7350

2024-03-11 13:25:59 -07:00

Miloslav Trmač

5daf7d933e

Split sagoodkey.NewKeyPolicy from goodkey.NewKeyPolicy (#6651 )

Remove `grpc-go` and `sapb` dependencies from `goodkey`.

---------

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

2023-02-13 15:58:42 -05:00

3 Commits