Mariano Cano
72e2c4eb2e
Render proper policy and constrains errors
2022-09-21 18:35:18 -07:00
max furman
75bb196193
Add concurrency workflow config | fix broken test due to golang ver
2022-09-21 12:26:45 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2022-09-20 16:35:41 -07:00
Herman Slatman
cc26a0b394
Explicitly disable wildcard Common Name constraint
2022-05-06 13:58:48 +02:00
Herman Slatman
d82e51b748
Update AllowWildcardNames configuration name
2022-04-29 15:08:19 +02:00
Herman Slatman
2b7f6931f3
Change Subject Common Name verification
...
Subject Common Names can now also be configured to be allowed or
denied, similar to SANs. When a Subject Common Name is not explicitly
allowed or denied, its type will be determined and its value will be
validated according to the constraints for that type of name (i.e. URI).
2022-04-28 14:49:23 +02:00
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container
2022-04-26 13:12:16 +02:00
Herman Slatman
76112c2da1
Improve error creation and testing for core policy engine
2022-04-26 01:47:07 +02:00
Herman Slatman
a2cfbe3d54
Fix (part of) PR comments
2022-04-21 12:14:03 +02:00
Herman Slatman
82e0033428
Remove Adder options
2022-04-18 21:47:39 +02:00
Herman Slatman
679e2945f2
Disallow name constraint wildcard notation
2022-04-04 15:35:49 +02:00
Herman Slatman
96f4c49b0c
Improve how policy errors are returned and used
2022-04-04 13:58:16 +02:00
Herman Slatman
d8776d8f7f
Add K8sSA SSH user policy back
...
According to the docs, the K8sSA provisioner can be configured
to issue SSH user certs.
2022-04-01 15:37:48 +02:00
Herman Slatman
5f0dc42b1e
Fix tests on Go 1.18 due to IDNA deviations
...
In Go 1.18 the behavior for looking up domains with non-ASCII
characters was changed to be in accordance with UTS#46
(https://unicode.org/reports/tr46/ ). There's a slight difference
in how IDNA2003 and IDNA2008 process these. Go 1.18 handles
the deviations in accordance with IDNA2008 now.
2022-03-31 17:16:11 +02:00
Herman Slatman
571b21abbc
Fix (most) PR comments
2022-03-31 16:12:29 +02:00
Herman Slatman
613c99f00f
Fix linting issues
2022-03-24 13:10:49 +01:00
Herman Slatman
6b620c8e9c
Improve protobuf unmarshaling error handling
2022-03-24 10:54:45 +01:00
Herman Slatman
101ca6a2d3
Check admin subjects before changing policy
2022-03-21 15:53:59 +01:00
Herman Slatman
88c7b63c9d
Split SSH user and cert policy configuration and execution
2022-02-01 15:18:39 +01:00
Herman Slatman
a7eb27d309
Fix URI domains IDNA support
2022-01-31 15:34:02 +01:00
Herman Slatman
9617edf0c2
Improve internationalized domain name handling
...
This PR improves internationalized domain name handling according
to rules of IDNA and based on the description in RFC 5280, section 7:
https://datatracker.ietf.org/doc/html/rfc5280#section-7 .
Support for internationalized URI(s), so-called IRIs, still needs to
be done.
2022-01-27 17:18:33 +01:00
Herman Slatman
066bf32086
Fix part of PR comments
2022-01-25 15:00:07 +01:00
Herman Slatman
ff08b5055e
Fix linting issues
2022-01-18 14:42:56 +01:00
Herman Slatman
6440870a80
Clean up, improve test cases and coverage
2022-01-18 14:39:21 +01:00
Herman Slatman
1e808b61e5
Merge logic for X509 and SSH policy
2022-01-17 23:36:13 +01:00
Herman Slatman
6bc301339f
Improve test case and code coverage
2022-01-17 22:55:28 +01:00
Herman Slatman
6bc0513468
Add more tests
2022-01-04 15:41:40 +01:00
Herman Slatman
9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine
2022-01-03 12:25:24 +01:00