smallstep-certificates

mirror of https://github.com/smallstep/certificates.git synced 2024-11-11 07:11:00 +00:00

Author	SHA1	Message	Date
Oleksandr Kovalchuk	503c9f6101	Add config option to force CN Add configuration option `forceCN` to ACME provisioner. When this option is set to `true`, provisioner should generate Subject.CommonName for certificate if it was not present in the request. Default value of `false` should keep the existing behavior (do not modify CSR and certificate). Ref: https://github.com/smallstep/certificates/issues/259	2020-05-14 13:20:55 +03:00
Mariano Cano	4e544344f9	Initialize the required config fields on embedded authorities. This change is to make easier the use of embedded authorities. It can be difficult for third parties to know what fields are required. The new init methods will define the minimum usable configuration.	2020-05-06 13:00:42 -07:00
Mariano Cano	b5eab009b2	Rename method to NewEmbedded	2020-05-05 17:46:22 -07:00
Mariano Cano	824374bde0	Create a method to initialize the authority without a config file. When the CA is embedded in a third party product like Caddy, the config needed to use placeholders to be valid. This change adds a new method `NewEmbeddedAuthority` that allows to create an authority with the given options, the minimum options are a root and intermediate certificate, and the intermediate key. Fixes #218	2020-05-04 18:52:18 -07:00
Mariano Cano	4e9bff0986	Add support for OIDC multitoken tenants for azure.	2020-04-24 14:36:32 -07:00
Mariano Cano	8bc3b05232	Add new extra test case.	2020-04-24 10:27:44 -07:00
Mariano Cano	b0ff731d18	Add support for user provisioner certificates on OIDC provisioners. OIDC provisioners create an SSH certificate with two principals. This was avoiding the creationg of user provisioner certificates for those provisioners. Fixes smallstep/cli#268	2020-04-23 19:42:55 -07:00
Mariano Cano	a2dfa6faa8	Fix unit tests.	2020-04-20 12:29:23 -07:00
Mariano Cano	13507efb35	Remove the requirement for CSR to have a common name. Fixes #226	2020-04-20 10:43:33 -07:00
Mariano Cano	02ed784a9b	Do not enable by default ForwardAgent.	2020-04-15 11:17:24 -07:00
Mariano Cano	bfe1f4952d	Rename interface to CertificateEnforcer and add tests.	2020-03-31 11:41:36 -07:00
Mariano Cano	64f26c0f40	Enforce a duration for identity certificates.	2020-03-30 17:33:04 -07:00
Mariano Cano	fa416336a8	Add context to tests.	2020-03-10 19:17:32 -07:00
Mariano Cano	c49a9d5e33	Add context parameter to all SSH methods.	2020-03-10 19:01:45 -07:00
Mariano Cano	f868e07a76	Allow to use custom principals on cloud provisioners. Fixes #203	2020-03-05 14:33:42 -08:00
Mariano Cano	59fc8cdd2d	Fix typo in comments.	2020-02-27 10:48:16 -08:00
Mariano Cano	5c8c741fab	Fix linting issues.	2020-02-14 11:46:31 -08:00
Mariano Cano	05cc1437b7	Remove unnecessary parse of certificate.	2020-02-13 17:48:43 -08:00
Mariano Cano	2d4f369db2	Add options to set root and federated certificates using x509.Certificate	2020-02-12 15:36:24 -08:00
Mariano Cano	43bd8113aa	Remove unnecessary comments.	2020-02-11 14:46:18 -08:00
Mariano Cano	4eaeede77d	Fix unit tests.	2020-02-11 14:05:37 -08:00
Mariano Cano	21bd339b86	Merge branch 'master' into kms	2020-02-11 13:20:35 -08:00
Mariano Cano	7846696fbb	Fix return sign options on ssh sign.	2020-01-29 11:58:47 -08:00
max furman	d482ae2fb5	Remove test that is no longer implemented by the method.	2020-01-28 13:29:40 -08:00
max furman	397a181d10	Add backdate validation to sshCertValidityValidator.	2020-01-28 13:29:40 -08:00
max furman	df60fe3f0d	Remove all references to old apiError.	2020-01-28 13:29:40 -08:00
max furman	1cb8bb3ae1	Simplify statuscoder error generators.	2020-01-28 13:29:40 -08:00
max furman	dccbdf3a90	Introduce generalized statusCoder errors and loads of ssh unit tests. * StatusCoder api errors that have friendly user messages. * Unit tests for SSH sign/renew/rekey/revoke across all provisioners.	2020-01-28 13:29:40 -08:00
Mariano Cano	895d3054a3	Remove the use of custom x509 package. Upgrade cli dependency.	2020-01-28 13:29:39 -08:00
Mariano Cano	144acb9ee3	Remove debug statement.	2020-01-28 13:29:39 -08:00
Mariano Cano	06411d1715	Add tests of profileLimitDuration with backdate.	2020-01-28 13:29:39 -08:00
Mariano Cano	8297e5c717	Add tests for backdate and sshDefaultDuration	2020-01-28 13:29:39 -08:00
Mariano Cano	93b65bee7c	Add unit test for profileDefaultDuration.	2020-01-28 13:29:39 -08:00
Mariano Cano	74b5d7f984	Add backdate support on ssh rekey.	2020-01-28 13:29:39 -08:00
Mariano Cano	84ff172093	Add support for backdate to SSH certificates.	2020-01-28 13:29:39 -08:00
Mariano Cano	5565d61bf3	Add fault tolerance against clock skew accross system on TLS certificates.	2020-01-28 13:29:39 -08:00
max furman	b9f6aacb0f	Move api errors to their own package and modify the typedef	2020-01-28 13:29:39 -08:00
Mariano Cano	f033422ffa	Allow no provisioners.	2020-01-28 13:29:39 -08:00
Mariano Cano	f4615d6258	Addapt test to api change.	2020-01-28 13:29:39 -08:00
max furman	3ac388612a	Use x5cInsecure token for /ssh/check-host endpoint	2020-01-28 13:29:39 -08:00
Mariano Cano	08eac1b00d	Make sure to define the KeyID from the token if available.	2020-01-28 13:29:39 -08:00
Mariano Cano	de3ba58455	Store renew certificate in the database.	2020-01-28 13:29:39 -08:00
Mariano Cano	caa2b8dbb7	Add leeway in identity not before.	2020-01-28 13:29:39 -08:00
max furman	9caadbb341	Fix authority calling wrong revoke method	2020-01-28 13:29:39 -08:00
Mariano Cano	f26103d150	Make test compilable.	2020-01-28 13:29:39 -08:00
Mariano Cano	557a45abfa	Update template tests.	2020-01-28 13:29:39 -08:00
max furman	656f35e522	Use an actual Hosts type when returning ssh hosts	2020-01-28 13:29:39 -08:00
Mariano Cano	03bb26fb91	Add missing version.go file.	2020-01-28 13:28:17 -08:00
Mariano Cano	c60641701b	Add version endpoint.	2020-01-28 13:28:16 -08:00
max furman	f92bb06b6c	change func def for getSSHHosts * continue to return all hosts if injection method not specified	2020-01-28 13:28:16 -08:00

1 2 3 4 5 ...

394 Commits