Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,928 Commits
41 Branches
214 Tags
91 MiB
master
mariano/signer
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '23b8f45b37'
${ noResults }
Commit Graph

55 Commits (23b8f45b37e8541de9d08aeb4e7e17fa260fcf27)

Author SHA1 Message Date
Mariano Cano 23b8f45b37 Address gosec warnings 
Most if not all false positives
 2 years ago
Herman Slatman c40a4d2694
Contain policy engines inside provisioner Controller 2 years ago
Mariano Cano 674dc3c844 Rename unreleased claim to allowRenewalAfterExpiry for consistency. 2 years ago
Mariano Cano 082734474b
Merge pull request #845 from vijayjt/azure-user-mi-token 
WIP: Support Azure tokens generated by managed identities
 2 years ago
Mariano Cano c903f00cd4 Rename claim to allowRenewAfterExpiry. 2 years ago
Mariano Cano 259e95947c Add support for the provisioner controller 
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
 2 years ago
vijayjt 4822516d72 Remove redundant parameter type declaration 2 years ago
vijayjt e699244291 Support Azure tokens from managed identities not associated with a VM 2 years ago
Herman Slatman e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Mariano Cano aafac179a5 Add test for oidc with preferred usernames. 3 years ago
Mariano Cano 0cf594a003 Validate payload ID. 
Related to #435
 3 years ago
Mariano Cano 7d1686dc53 Add option to specify the AWS IID certificates to use. 
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.

Fixes #393
 4 years ago
Mariano Cano c94a1c51be Merge branch 'master' into ssh-cert-templates 4 years ago
Mariano Cano ba918100d0 Use go.step.sm/crypto/jose 
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
 4 years ago
Mariano Cano d30a95236d Use always go.step.sm/crypto 4 years ago
Mariano Cano aaaa7e9b4e Merge branch 'master' into cert-templates 4 years ago
Mariano Cano e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 4 years ago
Mariano Cano 6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 4 years ago
David Cowden 51f16ee2e0 aws: add tests covering metadata service versions 
* Add constructor tests for the aws provisioner.
* Add a test to make sure the "v1" logic continues to work.

By and large, v2 is the way to go. However, there are some instances of
things that specifically request metadata service version 1 and so this
adds minimal coverage to make sure we don't accidentally break the path
should anyone need to depend on the former logic.
 4 years ago
Josh Hogle 18ac5c07e2 Added support for specifying IMDS version preference 4 years ago
Josh Hogle 8c6a46887b Added token URL fixes to tests 4 years ago
Josh Hogle dd27901b12 Moved token URL and TTL to config values 4 years ago
Mariano Cano 4e9bff0986 Add support for OIDC multitoken tenants for azure. 4 years ago
max furman dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests. 
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
 4 years ago
Mariano Cano 84ff172093 Add support for backdate to SSH certificates. 4 years ago
Mariano Cano 7db7b1ee4c Fix some provisioner tests 4 years ago
max furman 8f07ff6a39 Add kubernetes service account provisioner 5 years ago
max furman d368791606 Add x5c provisioner capabilities 5 years ago
Mariano Cano a16b2125bc Fix tests. 5 years ago
max furman e3826dd1c3 Add ACME CA capabilities 5 years ago
Mariano Cano d231bfb764 Update jwk and oidc tests. 5 years ago
Mariano Cano b0240772da Add tests for SSH certs with JWK provisioners. 5 years ago
Mariano Cano 900ab9cc12 Allow custom common names in cloud identity provisioners. 5 years ago
Mariano Cano e66272d6f0 Fix panic when max-age is set to zero. 
Fixes #81
 5 years ago
Mariano Cano 37dff5124b Fix audience tests. 
Fixes smallstep/step#156
 5 years ago
Mariano Cano 536ec36b9e Add support for instance age check in AWS. 
Fixes smallstep/step#164
 5 years ago
Mariano Cano c431538ff2 Add support for instance age check in GCP. 
Fixes smallstep/step#164
 5 years ago
Mariano Cano 0a756ce9d0 Use on GCP audiences with the format https://<ca-url>#<provisioner-type>/<provisioner-name> 
Fixes smallstep/step#156
 5 years ago
Mariano Cano 803d81d332 Improve azure unit tests. 5 years ago
Mariano Cano 4c5fec06bf Require TenantID in azure, add some tests. 5 years ago
Mariano Cano 81bfd2c1cb Add tests for AWS provisioner 
Fixes #68
 5 years ago
Mariano Cano 5defd8289d Add missing config in tests. 5 years ago
Mariano Cano 1ea4b0ad64 Add unit test for GCP provider 5 years ago
max furman ab4d569f36 Add /revoke API with interface db backend 5 years ago
Mariano Cano 7378ed27ac Refactor claims so they can be totally omitted if only the parent is set. 5 years ago
Mariano Cano 60880d1f0a Add domains and check emails properly. 5 years ago
Mariano Cano 4ceb88fbae Add tests for OIDC and complete some JWK tests. 5 years ago
Mariano Cano fb279c89fb Restore deleted methods. 5 years ago
Mariano Cano af9688c419 Fix some testing errors. 5 years ago