Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,180 Commits
40 Branches
214 Tags
91 MiB
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '10f6a901ec'
${ noResults }
Commit Graph

73 Commits (10f6a901ec98f0eb7ba101f772cc96f2694abb25)

Author SHA1 Message Date
Mariano Cano 10f6a901ec
Let the CA determine the RA lifetime 
When the RA mode with StepCAS is used, let the CA decide which lifetime
the RA should get instead of requiring always 24h.

This commit also fixes linter warnings.

Related to #1094
 2 months ago
Mariano Cano 49045a1150
Change CommonName validator in JWK 
This commit changes the common name validator in the JWK provisioner to
accept either the token subject or any of the sans in the token.
 7 months ago
Max 9f84f7ce35
Allow for identity certificate signing (in sshSign) by skipping validators (#1572) 
- skip urisValidator for identity certificate signing. Implemented
  by building the validator with the context in a hacky way.
 8 months ago
Mariano Cano c7c7decd5e
Add support for the disableSmallstepExtensions claim 
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.

Fixes #620
 10 months ago
max furman 8b256f0351
address linter warning for go 1.19 1 year ago
Andrew Reed 7101fbb0ee
Provisioner webhooks (#1001) 2 years ago
Mariano Cano a1f54921d2 Rename internal field 2 years ago
Mariano Cano 9408d0f24b Send RA provisioner information to the CA 2 years ago
Mariano Cano e7d7eb1a94 Add provisioner as a signOption for SSH 2 years ago
Herman Slatman 5e9bce508d
Unexport GetPolicy() 2 years ago
Herman Slatman c40a4d2694
Contain policy engines inside provisioner Controller 2 years ago
Herman Slatman 9797b3350e
Merge branch 'master' into herman/allow-deny 2 years ago
Herman Slatman 571b21abbc
Fix (most) PR comments 2 years ago
Herman Slatman dc23fd23bf
Merge branch 'master' into herman/allow-deny-next 2 years ago
Mariano Cano b401376829 Add current provisioner to AuthorizeSign SignOptions. 
The original provisioner cannot be retrieved from a certificate
if a linked ra is used.
 2 years ago
Mariano Cano 616490a9c6 Refactor renew after expiry token authorization 
This changes adds a new authority method that authorizes the
renew after expiry tokens.
 2 years ago
Mariano Cano 259e95947c Add support for the provisioner controller 
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
 2 years ago
Herman Slatman 7c541888ad
Refactor configuration of allow/deny on authority level 2 years ago
Herman Slatman 88c7b63c9d
Split SSH user and cert policy configuration and execution 2 years ago
Herman Slatman 512b8d6730
Refactor instantiation of policy engines 
Instead of using the `base` struct, the x509 and SSH policy
engines are now added to each provisioner directly.
 2 years ago
Herman Slatman 6440870a80
Clean up, improve test cases and coverage 2 years ago
Herman Slatman 6bc0513468
Add more tests 2 years ago
Herman Slatman 9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine 2 years ago
Mariano Cano 668d3ea6c7 Modify errs.Wrap() with bad request to send messages to users. 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
max furman 638766c615 wip 3 years ago
max furman 5d09d04d14 wip 3 years ago
Mariano Cano ba918100d0 Use go.step.sm/crypto/jose 
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
 4 years ago
Mariano Cano e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 4 years ago
Mariano Cano f437b86a7b Merge branch 'cert-templates' into ssh-cert-templates 4 years ago
Mariano Cano c8d225a763 Use x509util from go.step.sm/crypto/x509util 4 years ago
Mariano Cano aa657cdb4b Use SSHOptions inside provisioner options. 4 years ago
Mariano Cano 8ff8d90f8c On JWK and X5C validate the key id on the request. 4 years ago
Mariano Cano 380a0d6daf Add ssh certificate templates to JWK provisioner. 4 years ago
Mariano Cano 6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 4 years ago
Mariano Cano 02c4f9817d Set full token payload instead of only the known properties. 4 years ago
Mariano Cano e6fed5e0aa Minor fixes and comments. 4 years ago
Mariano Cano ca2fb42d68 Move options to the provisioner. 4 years ago
Mariano Cano 9f3acc254b Set the token payload in the JWK provisioner. 4 years ago
Mariano Cano ef0ed0ff95 Integrate simple templates in the JWK provisioner. 4 years ago
max furman 71d87b4e61 wip 4 years ago
max furman 3636ba3228 wip 4 years ago
max furman 1951669e13 wip 4 years ago
max furman 1cb8bb3ae1 Simplify statuscoder error generators. 4 years ago
max furman dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests. 
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
 4 years ago
Mariano Cano 84ff172093 Add support for backdate to SSH certificates. 4 years ago
Mariano Cano 08eac1b00d Make sure to define the KeyID from the token if available. 4 years ago
max furman 9caadbb341 Fix authority calling wrong revoke method 4 years ago
max furman 414a94b210 Instrument getIdentity func for OIDC ssh provisioner 4 years ago
Mariano Cano a86dc78b5d Add missing comment. 4 years ago