968 Commits

Author	SHA1	Message	Date
Shulhan	fe04f93d7f	all: reformat all go files with the next gofmt (Go 1.19) ... There are some changes that manually edited, for example using '-' as default list and grouping imports.	2022-06-16 01:28:59 +07:00
Mariano Cano	9c049eec5a	Add revoke ssh unit test	2022-05-25 17:10:07 -07:00
Mariano Cano	ce9a23a0f7	Fix SSH certificate revocation	2022-05-25 16:55:22 -07:00
Mariano Cano	911cec21da	Merge pull request #943 from smallstep/ssh-renew-provisioner ... Add provisioner to SSH renewals	2022-05-23 17:21:55 -07:00
Mariano Cano	94f5b92513	Use proper context in authority package	2022-05-23 15:31:43 -07:00
Mariano Cano	1be74eca62	Merge branch 'master' into ssh-renew-provisioner	2022-05-23 14:31:15 -07:00
Mariano Cano	26dd97e718	Merge branch 'master' into context-authority	2022-05-23 12:36:16 -07:00
Mariano Cano	6b3a8f22f3	Add provisioner to SSH renewals ... This commit allows to report the provisioner to the linkedca when a SSH certificate is renewed.	2022-05-20 14:41:44 -07:00
Mariano Cano	3c4d0412ef	Merge pull request #941 from smallstep/ssh-provisioner ... Report SSH provisioner	2022-05-20 12:24:30 -07:00
Max	f8148071fb	Merge pull request #915 from smallstep/max/removing-beta ... exposing authority configuration for provisioner cli commands	2022-05-19 22:53:59 -07:00
max furman	5443aa073a	gofmt -s	2022-05-19 22:46:25 -07:00
Max	586e4fd3b5	Update authority/options.go ... Co-authored-by: Mariano Cano <mariano@smallstep.com>	2022-05-19 22:26:20 -07:00
Mariano Cano	dd985ce154	Clarify errors when sending renewed certificates	2022-05-19 18:41:13 -07:00
Mariano Cano	a627f21440	Fix AuthorizeSSHSign tests with extra SignOption	2022-05-18 18:51:36 -07:00
Mariano Cano	e7d7eb1a94	Add provisioner as a signOption for SSH	2022-05-18 18:42:42 -07:00
Mariano Cano	293586079a	Store provisioner with SignSSH ... This change also allows to store the old certificate on renewal on linkedca or if the db interface supports it.	2022-05-18 18:33:53 -07:00
Mariano Cano	c8d7ad7ab9	Fix store certificates methods with new interface	2022-05-18 18:33:22 -07:00
Mariano Cano	de99c3cac0	Report provisioner and parent on linkedca	2022-05-18 18:30:53 -07:00
Herman Slatman	479eda7339	Improve error message when client renews with expired certificate ... When a client provides an expired certificate and `AllowAfterExpiry` is not enabled, the client would get a rather generic error with instructions to view the CA logs. Viewing the CA logs can be done when running `step-ca`, but they can't be accessed easily in the hosted solution. This commit returns a slightly more informational message to the client in this specific situation.	2022-05-19 01:25:30 +02:00
max furman	bfb406bf70	Fixes for PR review	2022-05-18 09:43:32 -07:00
Mariano Cano	898ca41268	Merge branch 'master' into context-authority	2022-05-12 17:14:46 -07:00
Herman Slatman	c695b23e24	Fix check for admin not belonging to policy	2022-05-12 16:33:32 +02:00
max furman	25b8d196d8	Couple changes in response to PR ... - add skipInit option to skip authority initialization - check admin API status when removing provisioners - no need to check admins when not using Admin API	2022-05-11 17:04:43 -07:00
Mariano Cano	8942422973	Add GetID() and add authority to initial context	2022-05-10 16:51:09 -07:00
Mariano Cano	1e03bbb1af	Change types in the ACMEAdminResponder	2022-05-06 14:11:10 -07:00
Mariano Cano	f639bfc53b	Use contexts on the new PolicyAdminResponder	2022-05-06 14:05:08 -07:00
Mariano Cano	d461918eb0	Merge branch 'master' into context-authority	2022-05-06 13:21:41 -07:00
Herman Slatman	0f4ffa504a	Fix linting issues	2022-05-06 13:23:09 +02:00
Herman Slatman	7104299119	Add full policy validation in API	2022-05-06 13:12:13 +02:00
Herman Slatman	105211392c	Don't rely on linkedca model stability in API response bodies	2022-05-05 14:10:52 +02:00
Herman Slatman	5e9bce508d	Unexport GetPolicy()	2022-05-05 12:32:53 +02:00
Herman Slatman	60d8b22d89	Change context retrievers to MustTFromContext	2022-05-05 11:05:57 +02:00
Mariano Cano	43ddcf2efe	Do not use deprecated AuthorizeSign	2022-05-04 17:35:34 -07:00
Mariano Cano	9147356d8a	Fix linter errors	2022-05-02 18:47:47 -07:00
Mariano Cano	a8a4261980	Fix authority/admin/api tests	2022-05-02 18:39:03 -07:00
Herman Slatman	77893ea55c	Change authority policy to use dbPolicy model	2022-05-02 15:55:26 +02:00
max furman	4cb74e7d8b	fix linter warnings	2022-04-30 13:08:28 -07:00
Herman Slatman	d82e51b748	Update AllowWildcardNames configuration name	2022-04-29 15:08:19 +02:00
Herman Slatman	2b7f6931f3	Change Subject Common Name verification ... Subject Common Names can now also be configured to be allowed or denied, similar to SANs. When a Subject Common Name is not explicitly allowed or denied, its type will be determined and its value will be validated according to the constraints for that type of name (i.e. URI).	2022-04-28 14:49:23 +02:00
Mariano Cano	00f181dec3	Use contexts in admin api handlers	2022-04-27 11:59:32 -07:00
Mariano Cano	623c296555	Create context methods from admin database	2022-04-27 11:58:52 -07:00
Mariano Cano	48e2fabeb8	Add authority.MustFromContext	2022-04-27 11:38:06 -07:00
Mariano Cano	9628fa3562	Add methods to store and retrieve an authority from the context.	2022-04-26 12:54:54 -07:00
Herman Slatman	bddd08d4b0	Remove "proto:" prefix from bad proto JSON messages	2022-04-26 14:01:16 +02:00
Herman Slatman	6e1f8dd7ab	Refactor policy engines into container	2022-04-26 13:12:16 +02:00
Herman Slatman	2a7620641f	Fix more PR comments	2022-04-26 10:15:17 +02:00
Herman Slatman	76112c2da1	Improve error creation and testing for core policy engine	2022-04-26 01:47:07 +02:00
max furman	b91affdd34	exposing authority configuration for provisioner cli commands	2022-04-25 10:23:07 -07:00
Herman Slatman	20f5d12b99	Improve test rigour for reloadPolicyEngines	2022-04-25 11:02:03 +02:00
Herman Slatman	6264e8495c	Improve policy error handling code coverage	2022-04-24 16:29:31 +02:00