smallstep-certificates

mirror of https://github.com/smallstep/certificates.git synced 2024-10-31 03:20:16 +00:00

Author	SHA1	Message	Date
Mariano Cano	ad70982cda	Use testify packages in x5c_test.go	2024-07-24 12:13:57 -07:00
Mariano Cano	656a03e5d1	Use x5rt#S256 claim instead of kid	2024-07-23 12:51:11 -07:00
Mariano Cano	6c6ed46fef	Remove sshFingerprintValidator and rename fingerprintValidator	2024-07-23 11:48:46 -07:00
Mariano Cano	508b6e8668	Check cnf claim with CSR or SSH public key fingerprint This commit allows tying tokens with the provided CSR or SSH public key. Tokens with a confirmation claim kid (cnf.kid) will validate that the provided fingerprint (kid) matches the CSR or SSH public key. This check will only be present in JWK and X5C provisioners. Fixes #1637	2024-01-05 15:46:16 -08:00
Max	9f84f7ce35	Allow for identity certificate signing (in sshSign) by skipping validators (#1572 ) - skip urisValidator for identity certificate signing. Implemented by building the validator with the context in a hacky way.	2023-10-06 14:02:19 -07:00
Josh Drake	ff424fa944	Fix tests.	2023-07-24 15:27:49 -05:00
Mariano Cano	5bfe96d8c7	Send X5C leaf certificate to webhooks This commit adds a new property that will be sent to authorizing and enriching webhooks when signing certificates using the X5C provisioner.	2023-07-20 13:03:45 -07:00
Mariano Cano	ac35f3489c	Remove unused certificate validators and modifiers With the introduction of certificate templates some certificate validators and modifiers are not used anymore. This commit deletes the ones that are not used.	2023-03-31 14:54:49 -07:00
max furman	7203739369	Fix err assert linter warnings - upgrade outdated package	2022-10-12 16:32:26 -07:00
Andrew Reed	7101fbb0ee	Provisioner webhooks (#1001 )	2022-09-29 19:16:26 -05:00
max furman	7c5e5b2b87	Even more linter fixes	2022-09-20 21:48:04 -07:00
max furman	ab0d2503ae	Standardize linting file and fix or ignore lots of linting errors	2022-09-20 16:35:41 -07:00
Mariano Cano	a627f21440	Fix AuthorizeSSHSign tests with extra SignOption	2022-05-18 18:51:36 -07:00
Herman Slatman	9797b3350e	Merge branch 'master' into herman/allow-deny	2022-04-08 16:01:56 +02:00
Mariano Cano	b7e11da480	Merge branch 'master' into feat/linkedra	2022-04-07 18:19:04 -07:00
Herman Slatman	2fbdf7d5b0	Merge branch 'master' into herman/allow-deny	2022-03-30 14:50:14 +02:00
Panagiotis Siatras	00634fb648	api/render, api/log: initial implementation of the packages (#860 ) * api/render: initial implementation of the package * acme/api: refactored to support api/render * authority/admin: refactored to support api/render * ca: refactored to support api/render * api: refactored to support api/render * api/render: implemented Error * api: refactored to support api/render.Error * acme/api: refactored to support api/render.Error * authority/admin: refactored to support api/render.Error * ca: refactored to support api/render.Error * ca: fixed broken tests * api/render, api/log: moved error logging to this package * acme: refactored Error so that it implements render.RenderableError * authority/admin: refactored Error so that it implements render.RenderableError * api/render: implemented RenderableError * api/render: added test coverage for Error * api/render: implemented statusCodeFromError * api: refactored RootsPEM to work with render.Error * acme, authority/admin: fixed pointer receiver name for consistency * api/render, errs: moved StatusCoder & StackTracer to the render package	2022-03-30 11:22:22 +03:00
Mariano Cano	6851842841	Fix unit tests.	2022-03-28 15:06:56 -07:00
Mariano Cano	5ab79f53be	Fix linter errors	2022-03-28 14:55:39 -07:00
Herman Slatman	dc23fd23bf	Merge branch 'master' into herman/allow-deny-next	2022-03-24 12:36:12 +01:00
Mariano Cano	ad8a813abe	Fix linter errors	2022-03-21 16:53:57 -07:00
Mariano Cano	4690fa64ed	Add public methods to retrieve the provisioner extensions.	2022-03-11 14:59:42 -08:00
Mariano Cano	389815642d	Fix tests: certs are truncated to seconds.	2022-03-10 10:46:28 -08:00
Mariano Cano	259e95947c	Add support for the provisioner controller The claimer, audiences and custom callback methods are now managed by the provisioner controller in an uniform way.	2022-03-09 18:43:45 -08:00
Herman Slatman	88c7b63c9d	Split SSH user and cert policy configuration and execution	2022-02-01 15:18:39 +01:00
Herman Slatman	9539729bd9	Add initial implementation of x509 and SSH allow/deny policy engine	2022-01-03 12:25:24 +01:00
max furman	9fdef64709	Admin level API for provisioner mgmt v1	2021-07-02 19:05:17 -07:00
Mariano Cano	ba918100d0	Use go.step.sm/crypto/jose Replace use of github.com/smallstep/cli/crypto with the new package go.step.sm/crypto/jose.	2020-08-24 14:44:11 -07:00
Mariano Cano	d30a95236d	Use always go.step.sm/crypto	2020-08-14 15:33:50 -07:00
Mariano Cano	e83e47a91e	Use sshutil and randutil from go.step.sm/crypto.	2020-08-10 11:26:51 -07:00
Mariano Cano	413af88aad	Fix provisioning tests.	2020-08-03 18:10:29 -07:00
Mariano Cano	6c64fb3ed2	Rename provisioner options structs: * provisioner.ProvisionerOptions => provisioner.Options * provisioner.Options => provisioner.SignOptions * provisioner.SSHOptions => provisioner.SingSSHOptions	2020-07-22 18:24:45 -07:00
Mariano Cano	0c8376a7f6	Fix existing unit tests.	2020-07-21 14:21:54 -07:00
max furman	71d87b4e61	wip	2020-06-24 23:25:15 -07:00
max furman	1cb8bb3ae1	Simplify statuscoder error generators.	2020-01-28 13:29:40 -08:00
max furman	dccbdf3a90	Introduce generalized statusCoder errors and loads of ssh unit tests. * StatusCoder api errors that have friendly user messages. * Unit tests for SSH sign/renew/rekey/revoke across all provisioners.	2020-01-28 13:29:40 -08:00
Mariano Cano	84ff172093	Add support for backdate to SSH certificates.	2020-01-28 13:29:39 -08:00
max furman	414a94b210	Instrument getIdentity func for OIDC ssh provisioner	2020-01-28 13:28:16 -08:00
Mariano Cano	d4627d1282	Make provisioner tests compile, they are still failing.	2020-01-28 13:28:16 -08:00
max furman	d368791606	Add x5c provisioner capabilities	2019-10-14 14:51:37 -07:00

40 Commits