max furman
bfb406bf70
Fixes for PR review
2022-05-18 09:43:32 -07:00
Mariano Cano
f639bfc53b
Use contexts on the new PolicyAdminResponder
2022-05-06 14:05:08 -07:00
Mariano Cano
d461918eb0
Merge branch 'master' into context-authority
2022-05-06 13:21:41 -07:00
Mariano Cano
62d93a644e
Apply base context to test of the ca package
2022-05-02 19:39:50 -07:00
Mariano Cano
9147356d8a
Fix linter errors
2022-05-02 18:47:47 -07:00
Mariano Cano
d1f75f1720
Refactor ACME api.
2022-04-28 19:15:18 -07:00
Mariano Cano
688f9ceb56
Add scep authority to context.
2022-04-27 18:02:37 -07:00
Mariano Cano
216d8f0efb
Handle acme requests with the new api
2022-04-27 15:44:41 -07:00
Mariano Cano
439cb81b13
Use admin Route function
2022-04-27 12:16:16 -07:00
Mariano Cano
8bd4e1d73e
Inject the acme database in the context
2022-04-27 12:13:16 -07:00
Mariano Cano
0446e82320
Add context methods for the authority database
2022-04-27 12:05:19 -07:00
Mariano Cano
623c296555
Create context methods from admin database
2022-04-27 11:58:52 -07:00
Mariano Cano
d5070ecf31
Use server BaseContext
...
Instead of using the authority middleware this change adds the
authority in the base context of the server.
2022-04-27 11:06:55 -07:00
Mariano Cano
a93653ea8e
Use api.Route instead of the caHandler.
2022-04-26 14:32:55 -07:00
Mariano Cano
900a640f01
Enable the authority middleware in the server
2022-04-26 12:55:28 -07:00
Herman Slatman
2a7620641f
Fix more PR comments
2022-04-26 10:15:17 +02:00
Herman Slatman
76112c2da1
Improve error creation and testing for core policy engine
2022-04-26 01:47:07 +02:00
max furman
b91affdd34
exposing authority configuration for provisioner cli commands
2022-04-25 10:23:07 -07:00
Herman Slatman
a3c51881c7
Merge branch 'master' into herman/allow-deny
2022-04-22 15:52:36 +02:00
Herman Slatman
b72430f4ea
Block all APIs when using linked deployment mode
2022-04-21 16:18:55 +02:00
Carl Tashian
97b64aa851
Cosmetic fix for consistency in the startup messages
2022-04-20 09:24:53 -07:00
Herman Slatman
ad2de16299
Merge branch 'master' into herman/allow-deny
2022-04-19 10:26:31 +02:00
Mariano Cano
4770b405ba
Drop any query string from the admin tokens
...
This commit makes sure the admin token audience is passed without
a query string (or any fragment).
2022-04-18 15:18:23 -07:00
Herman Slatman
ff8cb19b78
Fix usage of URL in generateAdminToken
2022-04-18 21:59:06 +02:00
Herman Slatman
abcad679ff
Merge branch 'master' into herman/allow-deny
2022-04-18 21:54:55 +02:00
Mariano Cano
2fbff47acf
Add missing return in test.
2022-04-11 12:18:44 -07:00
Mariano Cano
304bb5b97a
Remove unused code.
2022-04-07 18:31:41 -07:00
Mariano Cano
8abd568f03
Merge branch 'master' into fix/adminra
2022-04-07 18:25:41 -07:00
Mariano Cano
c55b27a2fc
Refactor admin token to use with RAs.
2022-04-07 18:14:43 -07:00
Herman Slatman
034b7943fe
Merge branch 'master' into herman/allow-deny
2022-04-07 14:12:20 +02:00
Herman Slatman
7df52dbb76
Add ACME EAB policy
2022-04-07 14:11:53 +02:00
Carl Tashian
150eee70df
Updates based on Herman's feedback
2022-04-05 10:59:25 -07:00
Carl Tashian
acc75bc679
Add context name to startup info
2022-04-04 12:29:27 -07:00
Carl Tashian
4b9f44982d
Merge branch 'master' into startup-info
2022-04-04 12:19:55 -07:00
Carl Tashian
43f2c655b9
More info on startup
2022-04-04 12:16:37 -07:00
Carl Tashian
7ebb2e4c74
Update ca/ca.go
...
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2022-04-04 11:14:04 -07:00
Carl Tashian
1ba1584c7a
Formatted.
2022-03-30 16:08:10 -07:00
Carl Tashian
a13e58e340
Update GetAuthorityInfo -> GetInfo
2022-03-30 16:07:16 -07:00
Carl Tashian
90cb6315b1
Progress.
2022-03-30 16:05:26 -07:00
Carl Tashian
055e75f394
Progress?
2022-03-30 15:48:42 -07:00
Herman Slatman
2fbdf7d5b0
Merge branch 'master' into herman/allow-deny
2022-03-30 14:50:14 +02:00
Herman Slatman
0e052fe299
Add authority policy API
2022-03-30 14:21:39 +02:00
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages ( #860 )
...
* api/render: initial implementation of the package
* acme/api: refactored to support api/render
* authority/admin: refactored to support api/render
* ca: refactored to support api/render
* api: refactored to support api/render
* api/render: implemented Error
* api: refactored to support api/render.Error
* acme/api: refactored to support api/render.Error
* authority/admin: refactored to support api/render.Error
* ca: refactored to support api/render.Error
* ca: fixed broken tests
* api/render, api/log: moved error logging to this package
* acme: refactored Error so that it implements render.RenderableError
* authority/admin: refactored Error so that it implements render.RenderableError
* api/render: implemented RenderableError
* api/render: added test coverage for Error
* api/render: implemented statusCodeFromError
* api: refactored RootsPEM to work with render.Error
* acme, authority/admin: fixed pointer receiver name for consistency
* api/render, errs: moved StatusCoder & StackTracer to the render package
2022-03-30 11:22:22 +03:00
Mariano Cano
750e9ee2f8
Attempt to fix TestBootstrapClientServerRotation
...
This change attempts to fix the test TestBootstrapClientServerRotation.
Due to the backdate, the renew options get too large, causing
continuous renewals, and random errors. After experimenting with
different options, truncating durations to seconds have shown better
results than rounding or just use the plain time.
2022-03-28 14:55:40 -07:00
Mariano Cano
5ab79f53be
Fix linter errors
2022-03-28 14:55:39 -07:00
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
2022-03-24 12:36:12 +01:00
Mariano Cano
ba0b170818
Attempt to fix TestBootstrapClientServerRotation
...
This change attempts to fix the test TestBootstrapClientServerRotation.
Due to the backdate, the renew options get too large, causing
continuous renewals, and random errors. After experimenting with
different options, truncating durations to seconds have shown better
results than rounding or just use the plain time.
2022-03-23 19:14:28 -07:00
Carl Tashian
f20784be56
format
2022-03-22 10:41:16 -07:00
Carl Tashian
91be50cf70
Add --quiet flag
2022-03-21 19:55:21 -07:00
Carl Tashian
91a25b52bd
Print discord
2022-03-21 16:59:28 -07:00
Carl Tashian
baf3c40fef
Print some basic configuration info on startup
2022-03-21 16:55:09 -07:00
Mariano Cano
ad8a813abe
Fix linter errors
2022-03-21 16:53:57 -07:00
Panagiotis Siatras
e6b2359273
ca: fixed import statement order
2022-03-18 20:21:01 +02:00
Panagiotis Siatras
9ba33bab4e
ca: refactored to use the read package
2022-03-18 20:21:00 +02:00
Mariano Cano
915911efb6
Disable http loggers in test.
...
They hide the test that fail on tests in the CI.
2022-03-15 12:26:00 -07:00
Mariano Cano
ead742ca0f
Fix unit test
2022-03-15 12:13:01 -07:00
Herman Slatman
81b0c6c37c
Add API implementation for authority and provisioner policy
2022-03-15 15:56:04 +01:00
Mariano Cano
6dcde8a743
Fix typo
2022-03-11 15:22:53 -08:00
Mariano Cano
a4dd586a81
Add method to get the CA url from the client.
2022-03-11 15:13:39 -08:00
Mariano Cano
616490a9c6
Refactor renew after expiry token authorization
...
This changes adds a new authority method that authorizes the
renew after expiry tokens.
2022-03-10 20:21:01 -08:00
Mariano Cano
41ea67ce10
Attempt to fix a bootstrap tests
2022-03-10 13:01:31 -08:00
Herman Slatman
4ebf43c011
Merge pull request #820 from smallstep/herman/acme-api
...
Refactor ACME Admin API
2022-02-10 13:11:44 +01:00
Herman Slatman
5cb23c6029
Merge pull request #804 from smallstep/herman/normalize-ipv6-dns-names
...
Normalize IPv6 hostname addresses
2022-02-09 11:25:24 +01:00
Herman Slatman
d00729df0b
Refactor ACME Admin API
2022-02-08 13:26:30 +01:00
Chris Crook
11637b5793
Add descriptive provisioner JWK decryption error messages
...
Wrap other errors in decryption process with more helpful messaging. This should help users troubleshoot misconfiguration more easily.
Fixes #816
2022-02-04 17:53:58 -05:00
Herman Slatman
bfa2245abb
Merge branch 'master' into herman/normalize-ipv6-dns-names
2022-02-03 17:24:08 +01:00
Herman Slatman
c7c5c3c94e
Merge branch 'master' into herman/scep-macos-renewal-fixes
2022-01-31 13:20:16 +01:00
Herman Slatman
fd9845e9c7
Add cursor and limit to ACME EAB DB interface
2022-01-24 14:03:56 +01:00
Herman Slatman
716b946e7a
Normalize IPv6 hostname addresses
2022-01-19 17:14:45 +01:00
Herman Slatman
64680bb16d
Fix PR comments
2022-01-19 11:31:33 +01:00
Herman Slatman
3612eefc31
Cleanup
2022-01-18 15:54:18 +01:00
Herman Slatman
9c6580ccd2
Fix macOS SCEP client issues
...
Fixes #746
2022-01-14 10:48:23 +01:00
Herman Slatman
30859d3c83
Remove server-side paging logic for ExternalAccountKeys
2022-01-06 14:09:35 +01:00
Herman Slatman
6929e31fe0
Merge branch 'master' into hs/acme-eab
2022-01-04 16:41:36 +01:00
Herman Slatman
22ff90f655
Merge branch 'master' into hs/acme-eab
2021-12-22 12:54:41 +01:00
Herman Slatman
07addd0cac
Fix linting issue
2021-12-22 11:58:00 +01:00
Herman Slatman
a68208a3ba
Set Step CLI User-Agent when performing ACME requests
2021-12-22 11:54:01 +01:00
Mariano Cano
2c63abcf52
fix grammar
2021-12-15 12:16:21 -08:00
Mariano Cano
7c4e6dcc96
Remove duplicated code in bootstrap methods
2021-12-15 11:24:46 -08:00
Mariano Cano
64c19d4264
Fix subject in test, use ip
2021-12-14 15:27:18 -08:00
Mariano Cano
b0b2e77b0e
Avoid doing unauthenticated requests on the SDK
...
When step-ca runs with mTLS required on some endpoints, the SDK
used in autocert will fail to start because the identity certificate
is missing. This certificate is only required to retrieve all roots,
in most cases there's only one, and the SDK has access to it.
2021-12-14 14:42:38 -08:00
Herman Slatman
d799359917
Merge branch 'master' into hs/acme-eab
2021-12-09 13:58:40 +01:00
Herman Slatman
3bc3957b06
Merge branch 'master' into hs/acme-revocation
2021-12-09 09:36:52 +01:00
Herman Slatman
d0c23973cc
Merge branch 'master' into hs/acme-eab
2021-12-06 13:01:23 +01:00
Herman Slatman
2d357da99b
Add tests for ACME revocation
2021-11-26 17:27:42 +01:00
Mariano Cano
d35848f7a9
Fix unit tests.
2021-11-24 11:43:24 -08:00
Mariano Cano
b9beab071d
Fix unit tests.
2021-11-23 18:43:36 -08:00
Mariano Cano
8c8db0d4b7
Modify errs.BadRequestErr() to always return an error to the client.
2021-11-18 18:17:36 -08:00
Mariano Cano
8ce807a6cb
Modify errs.BadRequest() calls to always send an error to the client.
2021-11-18 15:12:44 -08:00
max furman
7fac8c96c3
Merge branch 'master' into max/context
2021-11-17 11:40:01 -08:00
max furman
a7d144996f
SSH backwards compat updates
...
- use existence of new value in data map as boolean
- add tests for backwards and forwards compatibility
- fix old tests that used static dir locations
2021-11-16 21:47:14 -08:00
max furman
d777fc23c2
Add ca.WithInsecure and use methods for file names
2021-11-16 21:47:14 -08:00
max furman
e5951fd84c
Use methods in the step package
...
* rather than variables set at execution time, which may not match the
actual current context
2021-11-16 21:47:14 -08:00
max furman
7eeebca529
Enable step path contexts in identity and pki paths
2021-11-16 21:47:14 -08:00
max furman
10db335f13
mv pkg config -> step
2021-11-16 21:47:14 -08:00
max furman
741ac64c61
change name of package cli-utils/config to cli-utils/step
2021-11-16 21:47:14 -08:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
2021-11-13 01:30:03 +01:00
Herman Slatman
bcd1240a0e
Merge branch 'master' into hs/acme-eab
2021-10-16 13:32:13 +02:00
Mariano Cano
36b622bfc2
Use Golang's default keep-alive.
...
Since Go 1.13 a net.Listen keep-alive is enabled by default if
the protocol and OS supports it. The new one is 15s to match
the net.Dial default one. Previously http.Server ListenAndServe
and ListenAndServeTLS used to add a wrapper with 3m that we
replicated.
See https://github.com/golang/go/issues/31510
2021-10-15 14:12:43 -07:00
Herman Slatman
dd4b4b0435
Fix remaining gocritic remarks
2021-10-11 23:34:23 +02:00