Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-17 15:29:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,287 Commits 39 Branches 223 Tags 44 MiB
14959dbb2e
Commit Graph

87 Commits

Author SHA1 Message Date
Mariano Cano
725a913f66
Allow custom SCEP key manager 
This commit allows to inject a custom key manger for SCEP.
 2024-04-09 18:44:29 -07:00
Mariano Cano
10f6a901ec
Let the CA determine the RA lifetime 
When the RA mode with StepCAS is used, let the CA decide which lifetime
the RA should get instead of requiring always 24h.

This commit also fixes linter warnings.

Related to #1094
 2024-03-12 14:29:55 -07:00
Mariano Cano
b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3 2023-12-12 16:36:48 -08:00
Mariano Cano
52baf52f84
Change scep password type to string 
This commit changes the type of the decrypter key password to string to
be consistent with other passwords in the ca.json
 2023-09-26 10:36:58 -07:00
Herman Slatman
4fd4227b73
Use shorter SCEP decrypter property names from linkedca 2023-09-22 11:44:49 +02:00
Herman Slatman
5fd70af2c8
Make API responses aware of the new SCEP decrypter properties 2023-09-22 11:38:03 +02:00
Herman Slatman
d9f56cdbdc
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-09-04 15:24:19 +02:00
Herman Slatman
9d3b78ae49
Add excludeIntermediate to SCEP provisioner 2023-09-04 14:55:27 +02:00
Max
e22166c628
provisionerOptionsToLinkedCA missing template and templateData (#1520) 2023-08-29 17:26:02 -07:00
Herman Slatman
569a1be12c
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-08-02 15:45:45 +02:00
Mariano Cano
c7c7decd5e
Add support for the disableSmallstepExtensions claim 
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.

Fixes #620
 2023-07-27 15:05:01 -07:00
Herman Slatman
567fc25404
Use the RSA decryption configuration for signing responses too 2023-07-27 00:55:39 +02:00
Herman Slatman
180162bd6a
Refactor SCEP provisioner and decrypter 2023-06-01 12:10:54 +02:00
Herman Slatman
0153ff4377
Remove superfluous GetChallengePassword 2023-05-04 11:43:57 +02:00
Herman Slatman
c169defc73
Merge pull request #1136 from smallstep/herman/ignore-empty-acme-meta 2022-11-08 09:56:00 +01:00
Herman Slatman
920c4f02c5
Add additional properties to provisioner converters 2022-11-07 22:34:35 +01:00
Mariano Cano
c7f226bcec
Add support for renew when using stepcas 
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.

The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.

Fixes #1021 for stepcas
 2022-11-04 16:42:07 -07:00
Mariano Cano
bd1938b0da
Add support for storing or sending attestation data to linkedca 2022-10-06 12:22:19 -07:00
Andrew Reed
7101fbb0ee
Provisioner webhooks (#1001) 2022-09-29 19:16:26 -05:00
Mariano Cano
906c5067b9
Include attestation roots on provisioner converters 2022-09-29 16:12:55 -07:00
max furman
f3d1863ec6
A few more linter errors 2022-09-20 21:01:55 -07:00
Mariano Cano
f0a24bd8ca
Add acme property to enable challenges 
Fixes #1027
 2022-09-20 19:01:53 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
bb0210e875 Fix typo in linkedca variable 2022-09-09 14:34:32 -07:00
Mariano Cano
66407139e5 Add methods to convert attestation formats 2022-09-08 17:49:24 -07:00
Mariano Cano
59c5219a07 Use a type for acme challenges 2022-09-08 12:34:06 -07:00
Mariano Cano
f1c63bc38d Fix challenge mapping 2022-08-24 19:30:28 -07:00
Mariano Cano
bca311b05e Add acme property to enable challenges 
Fixes #1027
 2022-08-23 17:11:40 -07:00
Max
f8148071fb
Merge pull request #915 from smallstep/max/removing-beta 
exposing authority configuration for provisioner cli commands
 2022-05-19 22:53:59 -07:00
Herman Slatman
c695b23e24
Fix check for admin not belonging to policy 2022-05-12 16:33:32 +02:00
max furman
25b8d196d8 Couple changes in response to PR 
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
  admins when not using Admin API
 2022-05-11 17:04:43 -07:00
Herman Slatman
60d8b22d89
Change context retrievers to MustTFromContext 2022-05-05 11:05:57 +02:00
max furman
b91affdd34 exposing authority configuration for provisioner cli commands 2022-04-25 10:23:07 -07:00
Herman Slatman
a2cfbe3d54
Fix (part of) PR comments 2022-04-21 12:14:03 +02:00
Herman Slatman
abcad679ff
Merge branch 'master' into herman/allow-deny 2022-04-18 21:54:55 +02:00
Herman Slatman
d6be9450be
Merge branch 'master' into herman/allow-deny 2022-04-15 11:57:05 +02:00
Mariano Cano
d3b6bc3c75 Merge branch 'master' into fix/adminra 2022-04-13 17:44:23 -07:00
Mariano Cano
674dc3c844 Rename unreleased claim to allowRenewalAfterExpiry for consistency. 2022-04-13 15:11:54 -07:00
Mariano Cano
00cd0f5f21
Apply suggestions from code review 
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
 2022-04-12 14:44:55 -07:00
Mariano Cano
1d1e095447 Add tests for LoadProvisionerByCertificate. 2022-04-08 13:06:29 -07:00
Mariano Cano
dfdc9c06ed Fix linter error importShadow 2022-04-07 18:33:13 -07:00
Mariano Cano
c55b27a2fc Refactor admin token to use with RAs. 2022-04-07 18:14:43 -07:00
Mariano Cano
db337debcd Load provisioner from the database instead of the extension. 2022-04-05 19:25:47 -07:00
Mariano Cano
df8ffb35af Remove unnecessary database in provisioner config. 2022-04-05 17:39:06 -07:00
Herman Slatman
96f4c49b0c
Improve how policy errors are returned and used 2022-04-04 13:58:16 +02:00
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next 2022-03-24 12:36:12 +01:00
Herman Slatman
81b0c6c37c
Add API implementation for authority and provisioner policy 2022-03-15 15:56:04 +01:00
Mariano Cano
c903f00cd4 Rename claim to allowRenewAfterExpiry. 2022-03-14 15:40:01 -07:00
Mariano Cano
79349b4d7c Add options to use custom renewal methods. 2022-03-10 13:01:08 -08:00
Mariano Cano
6f46cdb432
Merge pull request #829 from vijayjt/new-azure-token-authz-options 
Add subscription and object ID validation options to Azure provisioner
 2022-02-28 14:31:28 -08:00