Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-10-31 03:20:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,878 Commits 37 Branches 223 Tags 44 MiB
01423e36c9
Commit Graph

215 Commits

Author SHA1 Message Date
Herman Slatman
2c05f488f6
Remove support for Go 1.15 2021-11-13 01:43:03 +01:00
Mariano Cano
62a20c7db5 Upgrade cli-utils with latest version of promptui 2021-11-01 10:08:48 -07:00
Mariano Cano
9958e0645f Replace promptui with apache-compatible fork. 
Promptui depends on github.com/juju/ansiterm that is licensed under
LGPL. The fork replaces ansiterm.TabWriter with the one in the
standard library.
 2021-10-27 12:38:16 -07:00
Mariano Cano
0927e0d22a Upgrade go.step.sm/crypto dependency 
The new version removes "env" and "expandenv" sprig functions.
 2021-10-27 11:48:29 -07:00
Mariano Cano
edd475b81b Allow to configure azurekms using the URI 
With an URI, azurekms can be configured with client credentials,
and it can define a default vault and protection level.
 2021-10-12 18:24:58 -07:00
Mariano Cano
e15b5faf7d Merge branch 'master' into keyvault 2021-10-12 15:15:35 -07:00
Mariano Cano
d8720c3723 Update linkedca package. 2021-10-07 17:21:40 -07:00
Mariano Cano
48549bf317 Initialize windows terminal on all binaries. 2021-10-07 11:09:32 -07:00
Mariano Cano
6389100325 Add unit tests for azurekms. 2021-10-05 20:35:52 -07:00
Mariano Cano
392a18465f Add initial implementation of Azure Key Vault KMS. 
Fixes #462
 2021-10-05 17:06:17 -07:00
Mariano Cano
ad82d8a250 Upgrade go.step.sm/crypto as long with go-jose.v2 
There was a typo in the OKP template causing bad fingerprints for
Ed25519 keys.

See a10ff54e00

Fixes #705
 2021-09-22 15:15:19 -07:00
Herman Slatman
73d0a11a20
Update github.com/micromdm/scep/v2 2021-09-16 08:29:25 +02:00
Herman Slatman
611859eec4
Update go.mozilla.org/pkcs7 
This includes the fix as described in https://github.com/mozilla-services/pkcs7/pull/59,
which was the reason a fork of the library was used.
 2021-09-16 08:24:28 +02:00
Mariano Cano
9e7a3cd897 Update go.step.sm/crypto 2021-08-26 18:12:37 -07:00
Mariano Cano
352acf8faa Upgrade golang.org/x/crypto 2021-08-26 11:29:13 -07:00
Mariano Cano
42fde8ba28
Merge branch 'master' into linkedca 2021-08-25 15:56:50 -07:00
max furman
2317bf183b Nosql and badger bump 2021-08-25 10:32:12 -07:00
max furman
cc9bc9c84b Bump Badger 2021-08-25 10:24:18 -07:00
max furman
f53f78974e Badger bump to fix issue with caddy build 2021-08-18 11:38:31 -07:00
Mariano Cano
456ffd8806 Use linkedca v0.5.0 2021-08-11 15:33:34 -07:00
Mariano Cano
28e882c9b3 Add deployment type to export. 2021-08-10 17:14:17 -07:00
Mariano Cano
798b90c359 Move linkedca configuration to the main package. 2021-08-04 20:15:04 -07:00
Mariano Cano
de292fbed6 Use branch version of linkedca. 2021-08-02 16:08:54 -07:00
Mariano Cano
dc1ec18b52 Create a way to export ca configurations. 2021-07-26 19:01:56 -07:00
Mariano Cano
d0c1530f89 Remove replace of linkedca package. 2021-07-26 14:48:01 -07:00
Mariano Cano
4ad82a2f76 Check linkedca for revocation. 2021-07-23 16:10:13 -07:00
Mariano Cano
71f8019243 Store x509 and ssh certificates on linkedca if enabled. 2021-07-20 18:16:24 -07:00
Mariano Cano
17eef81c91 Remove linkerd replace. 2021-07-20 14:55:07 -07:00
Mariano Cano
a72eab915b Use linkedca v0.1.0 2021-07-20 12:59:59 -07:00
Mariano Cano
8fb5340dc9 Use a token at start time to configure linkedca. 
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
 2021-07-19 19:28:06 -07:00
Mariano Cano
f7e09af9df Implement the login command. 
The login commands creates a new certificate for the linked ca.
This certificate will be used to sync data with the linkedca
endpoint.
 2021-07-12 15:28:13 +02:00
max furman
77fdfc9fa3 Merge branch 'master' into max/cert-mgr-crud 2021-07-02 20:26:46 -07:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
Mariano Cano
65dacc2795 Replace golint with revive 2021-06-23 09:53:26 +02:00
Mariano Cano
2a97389f1b Upgrade dependencies. 2021-06-08 17:47:26 -07:00
Mariano Cano
072bd0dcf4 Add support for Google CAS v1 2021-06-03 19:31:19 -07:00
Herman Slatman
66a67ed691 Update to v2.0.0 of github.com/micromdm/scep 2021-05-26 16:15:24 -07:00
Herman Slatman
75cd3ab0ac Change to a fixed fork of go.mozilla.org/pkcs7 
Hopefully this will be a temporary change until
the fix is merged in the upstream module.
 2021-05-26 16:07:37 -07:00
Herman Slatman
2a249d20de Refactor initialization of SCEP authority 2021-05-26 16:04:19 -07:00
Herman Slatman
48c86716a0 Add rudimentary (and incomplete) support for SCEP 2021-05-26 15:58:04 -07:00
Herman Slatman
bc2bb53009
Merge branch 'master' into hs/scep 2021-05-20 21:35:44 +02:00
Mariano Cano
f84c8f846a Upgrade x/crypto 
Although this does not affects us the old version had the vulnerability
CVE-2020-29652
 2021-05-18 19:16:13 -07:00
max furman
b205f50412 bump crypto to 0.8.3 and go mod tidy 2021-05-13 12:14:11 -07:00
Herman Slatman
c3d9cef497
Update to v2.0.0 of github.com/micromdm/scep 2021-03-26 22:04:18 +01:00
Herman Slatman
c5e4ea08b3
Merge branch 'master' into hs/scep 2021-03-26 15:22:41 +01:00
Mariano Cano
561341a6f2 Update go.step.sm/crypto. 2021-03-18 18:04:38 -07:00
Herman Slatman
efd5501aca
Merge branch 'master' into hs/scep 2021-03-12 12:16:10 +01:00
Mariano Cano
d74f1fa55e Use cli-utils v0.2.0 2021-03-10 12:53:25 -08:00
Mariano Cano
a1a7e38a49 Add support for cli-utils with powershell support. 2021-03-10 12:34:47 -08:00
Herman Slatman
9df5f513e7
Change to a fixed fork of go.mozilla.org/pkcs7 
Hopefully this will be a temporary change until
the fix is merged in the upstream module.
 2021-03-06 22:35:41 +01:00
Herman Slatman
7ad90d10b3
Refactor initialization of SCEP authority 2021-02-26 00:32:21 +01:00
Herman Slatman
9e43dc85d8
Merge branch 'master' into hs/scep-master 2021-02-19 10:16:39 +01:00
Mariano Cano
3eb24d7d01 Remove duplicated replace. 2021-02-16 17:14:15 -08:00
Herman Slatman
ffdd58ea3c
Add rudimentary (and incomplete) support for SCEP 2021-02-12 12:03:08 +01:00
Mariano Cano
f289d1ee1f Update to crypto11 v1.2.4 
This version now includes my changes to delete a certificate.
 2021-02-08 12:01:21 -08:00
Mariano Cano
4fbf7569fa Merge branch 'master' into pkcs11 2021-02-01 18:13:16 -08:00
Mariano Cano
1d47a7284d Upgrade nosql with a version of badger compatible with 32bits 2021-02-01 18:09:28 -08:00
Mariano Cano
6c0cf99b24 Upgrade nosql with a 32-bit version of badger. 2021-01-27 11:02:56 -08:00
Mariano Cano
8dca652bc7 Add support for PKCS #11 KMS. 
The implementation works with YubiHSM2. Unit tests are still pending.

Fixes #301
 2021-01-26 20:03:53 -08:00
Mariano Cano
c61222de1d Upgrade nosql version. 
nosql has newer version of badgers v1 and v2.
 2021-01-21 18:03:55 -08:00
Derek Gaffney
8416bd633d Bump go-piv to v1.7.0 for x32 overflow fix 2020-12-27 20:27:39 -05:00
Mariano Cano
86c947babc Upgrade crypto and fix test. 2020-12-17 14:17:08 -08:00
Mariano Cano
d6ea8b13ab Upgrade crypto. 
Related to #435
 2020-12-17 13:34:50 -08:00
Mariano Cano
921de7e07f Upgrade crypto to v0.7.1 
Add basic constraints extensions if defined.
 2020-11-17 11:43:12 -08:00
Mariano Cano
736a6fb64e Fix rebase. 2020-11-03 12:49:04 -08:00
Mariano Cano
b275758018 Complete CloudCAS tests. 
Upgrade cloud.google.com/go
 2020-11-03 12:45:31 -08:00
Mariano Cano
b2ae112dd2 Add initial tests for CreateCertificateAuthority. 2020-11-03 12:44:54 -08:00
Mariano Cano
461735718d Update go.step.sm/crypto dependency. 2020-11-03 12:44:54 -08:00
Mariano Cano
2b4b902975 Add initial support for step ca init with cloud cas. 
Fixes smallstep/cli#363
 2020-11-03 12:44:28 -08:00
Mariano Cano
b79701202b Use cli-utils@v0.1.0 2020-10-29 15:07:14 -07:00
Mariano Cano
40d0596b71 Use smallstep/cli-utils instead of smallstep/cli 2020-10-29 13:10:03 -07:00
max furman
81a0df9e45 go mod tidy 2020-10-21 20:42:23 -07:00
max furman
bf45e6ff16 Bump cli to v0.15.3 2020-10-21 16:40:06 -07:00
max furman
3f4d041082 bump cli to master 2020-10-20 22:38:59 -07:00
Mariano Cano
647b9b4541
Merge pull request #367 from smallstep/cas 
Support for CAS Interface and CloudCAS
 2020-10-05 18:09:01 -07:00
Mariano Cano
4c8bf87dc1 Use new admin template for K8ssa and admin-OIDC provisioners. 
This change replaces the .Insecure.CR template to one that sets
all the SANs, but uses key usages and extended key usages for
regular TLS certificates.
 2020-09-21 12:49:16 -07:00
Mariano Cano
a332c40530 Merge branch 'master' into cas 2020-09-17 14:46:52 -07:00
Pierre Laden
179e793f1a - provide PINpolicy always to piv-go to avoid trying to use attestation cert, which we might not have 
- bump piv-go version to 1.6.0
 2020-09-16 21:59:48 +02:00
Mariano Cano
c8d9cb0a1d Complete cloudcas using CAS v1beta1. 2020-09-10 16:19:18 -07:00
Mariano Cano
1b1f73dec6 Early attempt to develop a CAS interface. 2020-09-08 19:26:32 -07:00
Mariano Cano
3ac0ef2eaa Update crypto to v0.6.0 2020-09-02 18:08:24 -07:00
Mariano Cano
f3b65e54ac Update go.step.sm to v0.5.0 
Solves the problem of enforcing the signature algorithm. This
causes issues if the intermediate key is not an ECDSA key.
 2020-09-01 12:44:46 -07:00
Mariano Cano
8ee246edda Upgrade go.step.sm to v0.4.0 2020-08-31 12:30:54 -07:00
Mariano Cano
ef86bedb2c Upgrade go.step.sm dependency to v0.3.0 2020-08-25 11:46:04 -07:00
Mariano Cano
c94a1c51be Merge branch 'master' into ssh-cert-templates 2020-08-24 15:08:28 -07:00
Mariano Cano
ba918100d0 Use go.step.sm/crypto/jose 
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
 2020-08-24 14:44:11 -07:00
Mariano Cano
03d642e59c Update go.step.sm/crypto to v0.2.0 
Fixes #302
 2020-08-20 16:02:45 -07:00
max furman
cb594ed2e0 go mod tidy and golang 1.15.0 cleanup ... 
- cs.NegotiatedProtocolIsMutual has been deprecated but we still build
in travis with 1.14 so for now we'll ignore this linting error
- string(int) was resolving to string of a single rune rather than
string of digits -> use fmt.Sprint
 2020-08-17 13:48:37 -07:00
max furman
795648e5d5 bump cli to v0.15.0 2020-08-16 21:04:12 -07:00
Mariano Cano
32ba80f446 Use pemutil branch. 2020-08-14 15:44:18 -07:00
Mariano Cano
d30a95236d Use always go.step.sm/crypto 2020-08-14 15:33:50 -07:00
Mariano Cano
aaaa7e9b4e Merge branch 'master' into cert-templates 2020-08-14 10:45:41 -07:00
Mariano Cano
533ad0ca20 Use always go.step.sm/crypto/x509util 2020-08-11 17:59:33 -07:00
Mariano Cano
4943ae58d8 Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates. 2020-08-10 15:29:18 -07:00
Mariano Cano
e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 2020-08-10 11:26:51 -07:00
Mariano Cano
c8d225a763 Use x509util from go.step.sm/crypto/x509util 2020-08-05 16:02:46 -07:00
max furman
3f844c5e23 Update the way SubjectKeyId is calculated, and more ... 
- swith lint to first in line for `make all`
- update tests to conform with new subjectkeyid
 2020-07-28 12:00:07 -07:00
David Cowden
dc39eef721 aws: test badIDMS functional path 
The existing test only covers the constructor logic. Also test the live
code path that is executed when a bad IDMS version is supplied.
 2020-07-22 17:40:26 -07:00
Mariano Cano
978ad7e2b6 Fix merged tests. 2020-07-21 14:34:55 -07:00
Mariano Cano
0de15b0a42 Update cli dependency to master. 2020-07-21 14:20:27 -07:00