Commit Graph

73 Commits (1ba1584c7a2abb32b073d1e13a978868a0e91b2a)

Author SHA1 Message Date
Carl Tashian 1ba1584c7a Formatted. 2 years ago
Carl Tashian a13e58e340 Update GetAuthorityInfo -> GetInfo 2 years ago
Carl Tashian 90cb6315b1 Progress. 2 years ago
Carl Tashian 055e75f394 Progress? 2 years ago
Carl Tashian f20784be56 format 2 years ago
Carl Tashian 91be50cf70 Add --quiet flag 2 years ago
Carl Tashian 91a25b52bd Print discord 2 years ago
Carl Tashian baf3c40fef Print some basic configuration info on startup 2 years ago
Herman Slatman d00729df0b
Refactor ACME Admin API 2 years ago
Herman Slatman c7c5c3c94e
Merge branch 'master' into herman/scep-macos-renewal-fixes 2 years ago
Herman Slatman 64680bb16d
Fix PR comments 2 years ago
Herman Slatman 3612eefc31
Cleanup 2 years ago
Herman Slatman 9c6580ccd2
Fix macOS SCEP client issues
Fixes #746
2 years ago
Herman Slatman d799359917
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 2d357da99b
Add tests for ACME revocation 3 years ago
Herman Slatman e0b495e4c8
Merge branch 'master' into hs/acme-eab 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Herman Slatman 9d4cafc4bd
Merge branch 'master' into hs/acme-eab 3 years ago
Mariano Cano 6729c79253 Add support for setting individual password for ssh and tls keys
This change add the following flags:
 * --ssh-host-password-file
 * --ssh-user-password-file

Fixes #693
3 years ago
Herman Slatman a98fe03e80
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman c6bfc6eac2
Fix PR comments 3 years ago
Mariano Cano 8fb5340dc9 Use a token at start time to configure linkedca.
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
3 years ago
max furman 77fdfc9fa3 Merge branch 'master' into max/cert-mgr-crud 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
Herman Slatman 03c472359c Add sync.WaitGroup for proper error handling in Run() 3 years ago
Herman Slatman 13fe7a0121 Make serving SCEP endpoints optional
Only when a SCEP provisioner is enabled, the SCEP endpoints
will now be available.

The SCEP endpoints will be served on an "insecure" server,
without TLS, only when an additional "insecureAddress" and a
SCEP provisioner are configured for the CA.
3 years ago
Herman Slatman 97b88c4d58 Address (most) PR comments 3 years ago
Herman Slatman 5df60c5a9b Add support for multiple SCEP provisioners
Similarly to how ACME suppors multiple provisioners, it's
now possible to load the right provisioner based on the
URL.
3 years ago
Herman Slatman 339039768c Refactor SCEP authority initialization and clean some code 3 years ago
Herman Slatman 48c86716a0 Add rudimentary (and incomplete) support for SCEP 3 years ago
max furman 9bf9bf142d wip 3 years ago
max furman 5d09d04d14 wip 3 years ago
max furman af3cf7dae9 first steps 3 years ago
max furman 7b5d6968a5 first commit 3 years ago
Herman Slatman 0487686f69
Merge branch 'master' into hs/scep 3 years ago
max furman 93c3c2bf2e Error handle non existent provisioner downstream and disable debug route logging 3 years ago
max furman b1888fd34d Use different method for unescpaed paths for the router 3 years ago
Max b724af30ad
Merge pull request #496 from smallstep/max/acme
Convert to ACME DB interface
3 years ago
Herman Slatman 2320d0911e
Add sync.WaitGroup for proper error handling in Run() 3 years ago
Herman Slatman b815478981
Make serving SCEP endpoints optional
Only when a SCEP provisioner is enabled, the SCEP endpoints
will now be available.

The SCEP endpoints will be served on an "insecure" server,
without TLS, only when an additional "insecureAddress" and a
SCEP provisioner are configured for the CA.
3 years ago
Herman Slatman c5e4ea08b3
Merge branch 'master' into hs/scep 3 years ago
Herman Slatman b97f024f8a
Remove superfluous call to StoreCertificate 3 years ago
max furman df05340521 fixing broken unit tests 3 years ago
max furman fc395f4d69 [acme db interface] compiles! 3 years ago
max furman 80a6640103 [acme db interface] wip 3 years ago
Mariano Cano 8c8c160c92 Fix method name in comment. 3 years ago
Mariano Cano bdeb0ccd7c Add support for the flag --issuer-password-file
The new flag allows to pass a file with the password used to decrypt
the key used in RA mode.
3 years ago
Herman Slatman 583d60dc0d
Address (most) PR comments 3 years ago
Herman Slatman e1cab4966f
Improve initialization of SCEP authority 3 years ago
Herman Slatman 8c5b12e21d
Add non-TLS server and improve crypto.Decrypter interface
A server without TLS was added to serve the SCEP endpoints. According
to the RFC, SCEP has to be served via HTTP. The `sscep` client, for
example, will stop any URL that does not start with `http://` from
being used, so serving SCEP seems to be the right way to do it.

This commit adds a second server for which no TLS configuration is
configured. A distinct field in the configuration, `insecureAddress`
was added to specify the address for the insecure server.

The SCEP endpoints will also still be served via HTTPS. Some clients
may be able to work with that.

This commit also improves how the crypto.Decrypter interface is
handled for the different types of KMSes supported by step. The
apiv1.Decrypter interface was added. Currently only SoftKMS
implements this interface, providing a crypto.Decrypter required
for SCEP operations.
3 years ago