smallstep-certificates

Commit Graph

Author	SHA1	Message	Date
max furman	66858a3870	No longer need to ignore context warnings when context in request - after upgrade to golangci-lint 1.50.0	2 years ago
Raal Goff	d0e81af524	Merge branch 'master' into crl-support	2 years ago
max furman	4c7a2ce3eb	Fix errors.As linter warnings	2 years ago
max furman	7c5e5b2b87	Even more linter fixes	2 years ago
max furman	1e0ea6f958	more linting fixes	2 years ago
max furman	ab0d2503ae	Standardize linting file and fix or ignore lots of linting errors	2 years ago
Mariano Cano	221e756f40	Use render.Error on crl endpoint	2 years ago
Raal Goff	d2483f3a70	Merge branch 'master' into crl-support # Conflicts: # authority/config/config.go	2 years ago
Mariano Cano	23b8f45b37	Address gosec warnings Most if not all false positives	2 years ago
Mariano Cano	2db15e4eb5	Remove unnecessary log entries These log entries add CodeQL warnings and are not necessary because our default http.ResponseWriter allows adding log entries.	2 years ago
max furman	1dd0d7d0ee	Update bad serial error to be more specific	2 years ago
max furman	7052a32c2c	Validate revocation serial number	2 years ago
Raal Goff	9fa5f46213	add minor doco, Test_CRLGeneration(), fix some issues from merge	2 years ago
Raal Goff	60671b07d7	Merge branch 'master' into crl-support # Conflicts: # api/api.go # authority/config/config.go # cas/softcas/softcas.go # db/db.go	2 years ago
Mariano Cano	1be74eca62	Merge branch 'master' into ssh-renew-provisioner	2 years ago
Mariano Cano	6b3a8f22f3	Add provisioner to SSH renewals This commit allows to report the provisioner to the linkedca when a SSH certificate is renewed.	2 years ago
Mariano Cano	d461918eb0	Merge branch 'master' into context-authority	2 years ago
Mariano Cano	43ddcf2efe	Do not use deprecated AuthorizeSign	2 years ago
Herman Slatman	2b7f6931f3	Change Subject Common Name verification Subject Common Names can now also be configured to be allowed or denied, similar to SANs. When a Subject Common Name is not explicitly allowed or denied, its type will be determined and its value will be validated according to the constraints for that type of name (i.e. URI).	2 years ago
Mariano Cano	48e2fabeb8	Add authority.MustFromContext	2 years ago
Mariano Cano	817af3d696	Fix unit tests on the api package	2 years ago
Mariano Cano	a93653ea8e	Use api.Route instead of the caHandler.	2 years ago
Mariano Cano	a6b8e65d69	Retrieve the authority from the context in api methods.	2 years ago
Herman Slatman	74a6e59b1f	Add tests for ProtoJSON and bad proto messages	2 years ago
Herman Slatman	bddd08d4b0	Remove "proto:" prefix from bad proto JSON messages	2 years ago
Herman Slatman	a2cfbe3d54	Fix (part of) PR comments	2 years ago
Herman Slatman	6532c93303	Improve read.ProtoJSON bad protobuf body error handling	2 years ago
Herman Slatman	def9438ad6	Improve handling of bad JSON protobuf bodies	2 years ago
Herman Slatman	30d5d89a13	Improve test coverage for Policy Admin API	2 years ago
Raal Goff	49c41636cc	implemented some requested changes	2 years ago
Raal Goff	53dbe2309b	implemented some requested changes	2 years ago
Raal Goff	a607ab189a	requested changes	2 years ago
Raal Goff	d417ce3232	implement changes from review	2 years ago
Raal Goff	7d024cc4cb	change GenerateCertificateRevocationList to return DER, store DER in db instead of PEM, nicer PEM encoding of CRL, add Mock stubs	2 years ago
Raal Goff	e8fdb703c9	initial support for CRL	2 years ago
Herman Slatman	571b21abbc	Fix (most) PR comments	2 years ago
Herman Slatman	628d7448de	Don't return policy in provisioner JSON	2 years ago
Herman Slatman	2fbdf7d5b0	Merge branch 'master' into herman/allow-deny	2 years ago
Panagiotis Siatras	00634fb648	api/render, api/log: initial implementation of the packages (#860 ) * api/render: initial implementation of the package * acme/api: refactored to support api/render * authority/admin: refactored to support api/render * ca: refactored to support api/render * api: refactored to support api/render * api/render: implemented Error * api: refactored to support api/render.Error * acme/api: refactored to support api/render.Error * authority/admin: refactored to support api/render.Error * ca: refactored to support api/render.Error * ca: fixed broken tests * api/render, api/log: moved error logging to this package * acme: refactored Error so that it implements render.RenderableError * authority/admin: refactored Error so that it implements render.RenderableError * api/render: implemented RenderableError * api/render: added test coverage for Error * api/render: implemented statusCodeFromError * api: refactored RootsPEM to work with render.Error * acme, authority/admin: fixed pointer receiver name for consistency * api/render, errs: moved StatusCoder & StackTracer to the render package	2 years ago
Andrew Reed	d5d70baba7	Add /roots.pem handler (#866 ) * Add /roots.pem handler * Review changes * Remove no peer cert test case	2 years ago
Herman Slatman	23676d3bcc	Merge branch 'master' into herman/allow-deny	2 years ago
Panagiotis Siatras	b98f86a515	scep: minor cleanup (#867 ) * api, scep: removed scep.Error * scep/api: replaced nextHTTP with http.HandlerFunc * scep/api: renamed writeSCEPResponse to writeResponse * scep/api: renamed decodeSCEPRequest to decodeRequest * scep/api: renamed writeError to fail * scep/api: replaced pkg/errors with errors * scep/api: formatted imports * scep/api: do not export SCEPRequest & SCEPResponse * scep/api: do not export Handler * api: flush errors better	2 years ago
Herman Slatman	613c99f00f	Fix linting issues	2 years ago
Herman Slatman	dc23fd23bf	Merge branch 'master' into herman/allow-deny-next	2 years ago
Herman Slatman	6b620c8e9c	Improve protobuf unmarshaling error handling	2 years ago
Panagiotis Siatras	80abda22ee	api/log: initial implementation of the package (#859 ) * api/log: initial implementation of the package * api: refactored to support api/log * scep/api: refactored to support api/log * api/log: documented the package * api: moved log-related tests to api/log	2 years ago
Panagiotis Siatras	df89ed5acb	api: moved read-related tests to api/read	2 years ago
Panagiotis Siatras	29092b9d8a	api: refactored to use the read package	2 years ago
Panagiotis Siatras	7fb8acda27	api/read: initial implementation of the package	2 years ago
Herman Slatman	81b0c6c37c	Add API implementation for authority and provisioner policy	2 years ago
Mariano Cano	f8df6a1acc	Change variable name for consistency	2 years ago
Mariano Cano	616490a9c6	Refactor renew after expiry token authorization This changes adds a new authority method that authorizes the renew after expiry tokens.	2 years ago
Mariano Cano	afb5d36206	Allow to renew certificates using an x5c-like token.	2 years ago
Herman Slatman	5fe9909174	Refactor AdminAuthority interface	2 years ago
Herman Slatman	5f224b729e	Add tests for Provisioner Admin API	2 years ago
Herman Slatman	d799359917	Merge branch 'master' into hs/acme-eab	2 years ago
Herman Slatman	2215a05c28	Add tests for ACME EAB Admin Refactored some of the existing bits for testing the Authority API by creation of a new LinkedAuthority interface and changing visibility of the MockAuthority to be usable by other packages. At this time, not all of the functions of MockAuthority it usable yet. Will refactor when needed or requested.	2 years ago
Mariano Cano	0cebde3db5	Change fallback message on RekeySSH.	2 years ago
Mariano Cano	9fd147f3da	Change error message.	3 years ago
Mariano Cano	b5db3f5706	Modify errs.ForbiddenErr to always return an error to the cli.	3 years ago
Mariano Cano	668d3ea6c7	Modify errs.Wrap() with bad request to send messages to users.	3 years ago
Mariano Cano	8c8db0d4b7	Modify errs.BadRequestErr() to always return an error to the client.	3 years ago
Mariano Cano	8ce807a6cb	Modify errs.BadRequest() calls to always send an error to the client.	3 years ago
Herman Slatman	e7a988b2cd	Pin golangci-lint to v1.43.0 and fix issues	3 years ago
max furman	933b40a02a	Introduce gocritic linter and address warnings	3 years ago
Mariano Cano	833d28cb6a	Clone the certificate in case we need to look at it later.	3 years ago
Mariano Cano	568fce201a	Enforce identity cert to match ssh cert on renewals.	3 years ago
Mariano Cano	4aa529605d	Merge pull request #641 from hillu/quote-serial Log certificate's serial number as stringified decimal number	3 years ago
Herman Slatman	9210a6740b	Fix logging provisioner name as string	3 years ago
Hilko Bengen	edb01bc9f2	Log certificate's serial number as stringified decimal number Using a JSON string fixes a common issue with JSON parsers that deserialize all numbers to a 64-bit IEEE-754 floats. (Certificate serial numbers are usually 128 bit values.) This change is consistent with existing log entries for revocation requests. See also: #630, #631	3 years ago
max furman	77fdfc9fa3	Merge branch 'master' into max/cert-mgr-crud	3 years ago
max furman	9fdef64709	Admin level API for provisioner mgmt v1	3 years ago
Mariano Cano	65dacc2795	Replace golint with revive	3 years ago
Herman Slatman	a191319da9	Improve SCEP API logic and error handling	3 years ago
Herman Slatman	bc2bb53009	Merge branch 'master' into hs/scep	3 years ago
max furman	4f3e5ef64d	wip	3 years ago
max furman	5d09d04d14	wip	3 years ago
max furman	7b5d6968a5	first commit	3 years ago
Mariano Cano	c1c986922b	Show Ed25519 in the public-key log field.	3 years ago
Herman Slatman	0487686f69	Merge branch 'master' into hs/scep	3 years ago
max furman	2e0e62bc4c	add WriteError method for acme api	3 years ago
max furman	fd447c5b54	Fix small nbf->naf bug in db.CreateOrder - still needs unit test	3 years ago
max furman	1135ae04fc	[acme db interface] wip	3 years ago
Herman Slatman	2fc5a7f22e	Improve SCEP API logic and error handling	3 years ago
max furman	f88f58440f	add //nolint for new 1.16 deprecation warnings - dsa - pem.DecryptPEMBlock	3 years ago
Mariano Cano	c94a1c51be	Merge branch 'master' into ssh-cert-templates	4 years ago
Mariano Cano	ba918100d0	Use go.step.sm/crypto/jose Replace use of github.com/smallstep/cli/crypto with the new package go.step.sm/crypto/jose.	4 years ago
Mariano Cano	aaaa7e9b4e	Merge branch 'master' into cert-templates	4 years ago
max furman	8e3481a8ef	[logger map] small optimization Rather than doing two key writes and one lookup, just write once.	4 years ago
max furman	55bf5a4526	Add cert logging for acme/certificate api	4 years ago
Mariano Cano	4943ae58d8	Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates.	4 years ago
Mariano Cano	e83e47a91e	Use sshutil and randutil from go.step.sm/crypto.	4 years ago
Mariano Cano	3b19bb9796	Add TemplateData to SSHSignRequest. Add some omitempty tags.	4 years ago
Mariano Cano	6c64fb3ed2	Rename provisioner options structs: * provisioner.ProvisionerOptions => provisioner.Options * provisioner.Options => provisioner.SignOptions * provisioner.SSHOptions => provisioner.SingSSHOptions	4 years ago
Mariano Cano	068bafe5a3	Add templateData to api sign request.	4 years ago
max furman	fd05f3249b	A few last fixes and tests added for rekey/renew ... - remove all `renewOrRekey` - explicitly test difference between renew and rekey (diff pub keys) - add back tests for renew	4 years ago
dharanikumar-s	dfda497929	Renamed RenewOrRekey to Rekey	4 years ago
dharanikumar-s	a3b5211e0f	gofmted the code	4 years ago
dharanikumar-s	954fda657b	Added renewOrRekey to mockAuthority. Added Test_caHandler_Rekey	4 years ago
dharanikumar-s	01a6469d25	Moved peer certificate check to the first line	4 years ago

1 2 3 4 5

234 Commits (master)