smallstep-certificates

mirror of https://github.com/smallstep/certificates.git synced 2024-10-31 03:20:16 +00:00

Author	SHA1	Message	Date
Mariano Cano	c066694c0c	Allow renew token issuer to be the provisioner name. For consistency with AuthorizeAdminToken, AuthorizeRenewToken will allow the issuer to be either the fixed string 'step-ca-client/1.0' or the provisioner name.	2022-04-18 12:38:09 -07:00
Mariano Cano	5f714f2485	Fix tests for AuthorizeRenewToken	2022-04-13 15:59:37 -07:00
Mariano Cano	af8fcf5b01	Use always LoadProvisionerByCertificate on authority package	2022-04-08 14:18:24 -07:00
Mariano Cano	b7e11da480	Merge branch 'master' into feat/linkedra	2022-04-07 18:19:04 -07:00
Panagiotis Siatras	00634fb648	api/render, api/log: initial implementation of the packages (#860 ) * api/render: initial implementation of the package * acme/api: refactored to support api/render * authority/admin: refactored to support api/render * ca: refactored to support api/render * api: refactored to support api/render * api/render: implemented Error * api: refactored to support api/render.Error * acme/api: refactored to support api/render.Error * authority/admin: refactored to support api/render.Error * ca: refactored to support api/render.Error * ca: fixed broken tests * api/render, api/log: moved error logging to this package * acme: refactored Error so that it implements render.RenderableError * authority/admin: refactored Error so that it implements render.RenderableError * api/render: implemented RenderableError * api/render: added test coverage for Error * api/render: implemented statusCodeFromError * api: refactored RootsPEM to work with render.Error * acme, authority/admin: fixed pointer receiver name for consistency * api/render, errs: moved StatusCoder & StackTracer to the render package	2022-03-30 11:22:22 +03:00
Mariano Cano	6851842841	Fix unit tests.	2022-03-28 15:06:56 -07:00
Mariano Cano	616490a9c6	Refactor renew after expiry token authorization This changes adds a new authority method that authorizes the renew after expiry tokens.	2022-03-10 20:21:01 -08:00
Mariano Cano	79349b4d7c	Add options to use custom renewal methods.	2022-03-10 13:01:08 -08:00
Mariano Cano	259e95947c	Add support for the provisioner controller The claimer, audiences and custom callback methods are now managed by the provisioner controller in an uniform way.	2022-03-09 18:43:45 -08:00
max furman	933b40a02a	Introduce gocritic linter and address warnings	2021-10-08 14:59:57 -04:00
max furman	9fdef64709	Admin level API for provisioner mgmt v1	2021-07-02 19:05:17 -07:00
Mariano Cano	d79b4e709e	Create a hash of a token if a token id is empty.	2020-09-18 16:25:08 -07:00
Mariano Cano	ba918100d0	Use go.step.sm/crypto/jose Replace use of github.com/smallstep/cli/crypto with the new package go.step.sm/crypto/jose.	2020-08-24 14:44:11 -07:00
Mariano Cano	d30a95236d	Use always go.step.sm/crypto	2020-08-14 15:33:50 -07:00
Mariano Cano	e83e47a91e	Use sshutil and randutil from go.step.sm/crypto.	2020-08-10 11:26:51 -07:00
Mariano Cano	c4bbc81d9f	Fix authority tests.	2020-08-03 18:36:05 -07:00
Mariano Cano	6c64fb3ed2	Rename provisioner options structs: * provisioner.ProvisionerOptions => provisioner.Options * provisioner.Options => provisioner.SignOptions * provisioner.SSHOptions => provisioner.SingSSHOptions	2020-07-22 18:24:45 -07:00
Mariano Cano	d64cb99a22	Fix authority package tests.	2020-07-21 14:21:48 -07:00
max furman	71d87b4e61	wip	2020-06-24 23:25:15 -07:00
max furman	1cb8bb3ae1	Simplify statuscoder error generators.	2020-01-28 13:29:40 -08:00
max furman	dccbdf3a90	Introduce generalized statusCoder errors and loads of ssh unit tests. * StatusCoder api errors that have friendly user messages. * Unit tests for SSH sign/renew/rekey/revoke across all provisioners.	2020-01-28 13:29:40 -08:00
Mariano Cano	f26103d150	Make test compilable.	2020-01-28 13:29:39 -08:00
Mariano Cano	a6edcd0a3d	Make test to compile, they still fail.	2020-01-28 13:28:16 -08:00
Mariano Cano	10e7b81b9f	Merge branch 'master' into ssh-ca	2019-09-05 23:06:01 +02:00
max furman	2b41faa9cf	Enforce >= 2048 bit rsa keys at the provisioner layer * Fixes #94 * In the future this should be configurable by provisioner	2019-08-27 14:44:59 -07:00
max furman	635c59ed24	Accept emails SANs	2019-08-23 15:59:30 -07:00
Mariano Cano	e1cd5ee8c3	Add context to the Authorize method. Fix tests.	2019-07-29 12:34:27 -07:00
max furman	81db527f12	NoopDB -> SimpleDB	2019-05-07 12:26:30 -07:00
max furman	b73fe8c157	Add used OTT to DB during authToken step	2019-05-06 15:52:02 -07:00
max furman	ab4d569f36	Add /revoke API with interface db backend	2019-04-10 13:50:35 -07:00
Mariano Cano	1f5ff5c899	Fix sign and renew tests.	2019-03-11 18:15:24 -07:00
Mariano Cano	b77621675c	Fix and simplify authorize tests.	2019-03-11 16:38:48 -07:00
Mariano Cano	ef4d809ee6	Move matchesAudience and stripPort tests to provisioner package.	2019-03-11 15:47:57 -07:00
Mariano Cano	af9688c419	Fix some testing errors.	2019-03-08 18:05:11 -08:00
Mariano Cano	54d86ca1c1	testing work in progress.	2019-03-07 19:30:17 -08:00
Mariano Cano	7e95fc0e45	Strip ports on audience check. Services might have proxies behind them so we cannot rely on them. Fixes #17	2018-12-21 15:27:22 -08:00
max furman	0d9dd2d14b	provisioner issuer -> name	2018-10-29 18:00:30 -07:00
Mariano Cano	d574545d94	Format code with `gofmt -s`	2018-10-26 15:01:02 -07:00
max furman	ca6087145f	fix unit test	2018-10-25 23:55:31 -07:00
max furman	283dc42904	add unit tests for MatchOne (token audience) and Authority.New	2018-10-25 15:17:22 -07:00
max furman	ee7db4006a	change sign + authorize authority api \| add provisioners * authorize returns []interface{} - operators in this list can conform to any interface the user decides - our implementation has a combination of certificate claim validators and certificate template modifiers. * provisioners can set and enforce tls cert options	2018-10-18 22:26:39 -07:00
max furman	c284a2c0ab	first commit	2018-10-05 21:48:36 +00:00

42 Commits