upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-02-03 20:40:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

VAULT-40781 further improvements to PKI observations (#10760) (#10769)

Browse source 
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
This commit is contained in:
Vault Automation 2025-11-13 10:28:28 -05:00 committed by GitHub
parent 621e3686f0
commit d29c1d2bb1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
builtin/logical/pki/path_acme_order.go
View file

@ -338,6 +338,8 @@ func (b *backend) acmeFinalizeOrderHandler(ac *acmeContext, r *logical.Request,
observe.NewAdditionalPKIMetadata("issuer_id", issuerId.String()),
observe.NewAdditionalPKIMetadata("order_id", order.OrderId),
observe.NewAdditionalPKIMetadata("stored", stored),
observe.NewAdditionalPKIMetadata("subject_key_id", signedCertBundle.Certificate.SubjectKeyId),
observe.NewAdditionalPKIMetadata("authority_key_id", signedCertBundle.Certificate.AuthorityKeyId),
observe.NewAdditionalPKIMetadata("public_key_algorithm", signedCertBundle.Certificate.PublicKeyAlgorithm.String()),
observe.NewAdditionalPKIMetadata("public_key_size", certutil.GetPublicKeySize(signedCertBundle.Certificate.PublicKey)),
observe.NewAdditionalPKIMetadata("common_name", csr.Subject.CommonName),

1
builtin/logical/pki/path_root.go
View file

@ -479,6 +479,7 @@ func (b *backend) pathIssuerSignIntermediate(ctx context.Context, req *logical.R
observe.NewAdditionalPKIMetadata("not_after", parsedBundle.Certificate.NotAfter.Format(time.RFC3339)),
observe.NewAdditionalPKIMetadata("not_before", parsedBundle.Certificate.NotBefore.Format(time.RFC3339)),
observe.NewAdditionalPKIMetadata("common_name", parsedBundle.Certificate.Subject.CommonName),
observe.NewAdditionalPKIMetadata("serial_number", parsedBundle.Certificate.SerialNumber),
observe.NewAdditionalPKIMetadata("public_key_algorithm", parsedBundle.Certificate.PublicKeyAlgorithm.String()),
observe.NewAdditionalPKIMetadata("public_key_size", certutil.GetPublicKeySize(parsedBundle.Certificate.PublicKey)),
observe.NewAdditionalPKIMetadata("subject_key_id", parsedBundle.Certificate.SubjectKeyId),

2
builtin/logical/pki/storage.go
View file

@ -334,6 +334,7 @@ type ImportedIssuerInfo struct {
NotBefore string `json:"not_before"`
NotAfter string `json:"not_after"`
PublicKeyAlgorithm string `json:"public_key_algorithm"`
PublicKeySize int `json:"public_key_size"`
}
func (sc *storageContext) importIssuer(certValue string, issuerName string) (*issuing.IssuerEntry, *ImportedIssuerInfo, bool, error) {
@ -393,6 +394,7 @@ func (sc *storageContext) importIssuer(certValue string, issuerName string) (*is
NotBefore: issuerCert.NotBefore.Format(time.RFC3339),
NotAfter: issuerCert.NotAfter.Format(time.RFC3339),
PublicKeyAlgorithm: issuerCert.PublicKeyAlgorithm.String(),
PublicKeySize: certutil.GetPublicKeySize(issuerCert.PublicKey),
}
foundExistingIssuerWithName := false