Commit Graph

78 Commits

Author SHA1 Message Date
Herman Slatman
2b7f6931f3
Change Subject Common Name verification
Subject Common Names can now also be configured to be allowed or
denied, similar to SANs. When a Subject Common Name is not explicitly
allowed or denied, its type will be determined and its value will be
validated according to the constraints for that type of name (i.e. URI).
2022-04-28 14:49:23 +02:00
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container 2022-04-26 13:12:16 +02:00
Herman Slatman
2a7620641f
Fix more PR comments 2022-04-26 10:15:17 +02:00
Herman Slatman
3fa96ebf13
Improve policy errors returned to client 2022-04-24 13:11:32 +02:00
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages (#860)
* api/render: initial implementation of the package

* acme/api: refactored to support api/render

* authority/admin: refactored to support api/render

* ca: refactored to support api/render

* api: refactored to support api/render

* api/render: implemented Error

* api: refactored to support api/render.Error

* acme/api: refactored to support api/render.Error

* authority/admin: refactored to support api/render.Error

* ca: refactored to support api/render.Error

* ca: fixed broken tests

* api/render, api/log: moved error logging to this package

* acme: refactored Error so that it implements render.RenderableError

* authority/admin: refactored Error so that it implements render.RenderableError

* api/render: implemented RenderableError

* api/render: added test coverage for Error

* api/render: implemented statusCodeFromError

* api: refactored RootsPEM to work with render.Error

* acme, authority/admin: fixed pointer receiver name for consistency

* api/render, errs: moved StatusCoder & StackTracer to the render package
2022-03-30 11:22:22 +03:00
Mariano Cano
79349b4d7c Add options to use custom renewal methods. 2022-03-10 13:01:08 -08:00
Mariano Cano
259e95947c Add support for the provisioner controller
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
2022-03-09 18:43:45 -08:00
Mariano Cano
300c19f8b9 Add a custom enforcer that can be used to modify a cert. 2022-02-02 14:36:58 -08:00
Herman Slatman
a3cf6bac36
Add special handling for *json.UnmarshalTypeError 2022-01-12 11:15:39 +01:00
Herman Slatman
0475a4d26f
Refactor extraction of JSON template syntax errors 2022-01-12 10:41:36 +01:00
Herman Slatman
a5455d3572
Improve errors related to template execution failures (slightly) 2022-01-10 15:49:37 +01:00
Herman Slatman
3bc3957b06
Merge branch 'master' into hs/acme-revocation 2021-12-09 09:36:52 +01:00
Herman Slatman
47a8a3c463
Add test case for ACME Revoke to Authority 2021-12-02 17:11:36 +01:00
Mariano Cano
d35848f7a9 Fix unit tests. 2021-11-24 11:43:24 -08:00
Mariano Cano
ff04873a2a Change the default error type to forbidden in Sign.
The errors will also be propagated from sign options.
2021-11-23 18:58:16 -08:00
Mariano Cano
b9beab071d Fix unit tests. 2021-11-23 18:43:36 -08:00
Mariano Cano
668d3ea6c7 Modify errs.Wrap() with bad request to send messages to users. 2021-11-18 18:44:58 -08:00
Mariano Cano
8c8db0d4b7 Modify errs.BadRequestErr() to always return an error to the client. 2021-11-18 18:17:36 -08:00
Mariano Cano
8ce807a6cb Modify errs.BadRequest() calls to always send an error to the client. 2021-11-18 15:12:44 -08:00
Mariano Cano
440616cffa
Merge pull request #750 from smallstep/duration-errors
Report duration errors directly to the cli.
2021-11-17 12:06:31 -08:00
Mariano Cano
1aadd63cef Use always badRequest on duration errors. 2021-11-17 12:00:54 -08:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
Mariano Cano
0b8528ce6b Allow mTLS revocation without provisioner. 2021-03-22 13:37:31 -07:00
Miclain Keffeler
7545b4a625 leverage intermediate_ca.crt for appending certs. 2020-12-23 22:41:10 -06:00
Mariano Cano
60515d92c5 Remove unnecessary properties. 2020-09-16 13:31:26 -07:00
Mariano Cano
1550a21f68 Fix unit tests. 2020-09-15 18:14:21 -07:00
Mariano Cano
ce5e1b4934 Fix merge issue. 2020-08-28 14:44:43 -07:00
Mariano Cano
35bd3ec383
Merge pull request #329 from smallstep/ssh-cert-templates
SSH cert templates
2020-08-28 14:42:58 -07:00
Mariano Cano
ba918100d0 Use go.step.sm/crypto/jose
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
max furman
46fc922afd Remove unused code; fix usage wrong word; add gap time for unit test 2020-08-20 18:48:17 -07:00
max furman
cb594ed2e0 go mod tidy and golang 1.15.0 cleanup ...
- cs.NegotiatedProtocolIsMutual has been deprecated but we still build
in travis with 1.14 so for now we'll ignore this linting error
- string(int) was resolving to string of a single rune rather than
string of digits -> use fmt.Sprint
2020-08-17 13:48:37 -07:00
Mariano Cano
d30a95236d Use always go.step.sm/crypto 2020-08-14 15:33:50 -07:00
Mariano Cano
3577d696c7 Use new x509util in tls_test.go 2020-08-10 18:14:32 -07:00
Mariano Cano
4943ae58d8 Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates. 2020-08-10 15:29:18 -07:00
Mariano Cano
ce1eb0a01b Use new x509util for renew/rekey. 2020-08-05 19:09:06 -07:00
Mariano Cano
3e80f41c19 Change provisioner options to have X509 as a field. 2020-07-30 17:44:22 -07:00
Mariano Cano
a7b65f1e1e Add authority.Sign test with custom templates. 2020-07-22 19:18:45 -07:00
Mariano Cano
6c64fb3ed2 Rename provisioner options structs:
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
2020-07-22 18:24:45 -07:00
Mariano Cano
978ad7e2b6 Fix merged tests. 2020-07-21 14:34:55 -07:00
Mariano Cano
d64cb99a22 Fix authority package tests. 2020-07-21 14:21:48 -07:00
max furman
fd05f3249b A few last fixes and tests added for rekey/renew ...
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
2020-07-09 12:11:40 -07:00
Max
ea9bc493b8
Merge pull request #307 from dharanikumar-s/master
Add support for rekeying Fixes #292
2020-07-09 11:39:00 -07:00
dharanikumar-s
dfda497929 Renamed RenewOrRekey to Rekey 2020-07-08 11:47:59 +05:30
dharanikumar-s
0c21f0ae9e Added error check after GenerateDefaultKeyPair 2020-07-05 22:38:45 +05:30
dharanikumar-s
b368a53149 Modified TestAuthority_Renew to TestAuthority_RenewOrRekey 2020-07-05 22:17:57 +05:30
max furman
71d87b4e61 wip 2020-06-24 23:25:15 -07:00
Mariano Cano
bfe1f4952d Rename interface to CertificateEnforcer and add tests. 2020-03-31 11:41:36 -07:00
Mariano Cano
4eaeede77d Fix unit tests. 2020-02-11 14:05:37 -08:00