mirror of
https://github.com/versity/versitygw.git
synced 2026-05-13 07:21:28 +00:00
b091152a9c
Implement the previously stubbed IPA IAM methods: - CreateAccount: creates a user vault via vault_add and archives the secret+role using vault_archive_internal. - UpdateUserAccount: retrieves the existing account, applies the requested property changes, and re-archives the updated secret+role. - archiveSecret: encrypts the secret and role as JSON, pads with PKCS#7, wraps with AES-128-CBC using a random session key, and sends to the KRA via vault_archive_internal. Stores the user role alongside the secret so it is preserved across updates. - pkcs7Pad: PKCS#7 padding helper (counterpart to the existing pkcs7Unpad). GetUserAccount is updated to read the Role field back out of the vault data and restore it on the returned account. For RSA session key wrapping, use PKCS#1 v1.5 (required by the Dogtag KRA default configuration) with an RSA-OAEP/SHA-256 fallback for FIPS-enabled KRA installations. There is no protocol mechanism to query which padding the server requires, so the fallback mirrors the behaviour of the FreeIPA Python client.