988 Commits

Author	SHA1	Message	Date
Mariano Cano	1938b1bb34	Merge branch 'master' into herman/fix-template-validation	2022-08-25 13:31:33 -07:00
Mariano Cano	1d1e024b84	Upgrade to go.step.sm/crypto v0.18.0	2022-08-25 12:40:31 -07:00
Herman Slatman	6b7b989988	Add provisioner template validation ... Fixes #1012	2022-08-23 16:27:49 +02:00
Mariano Cano	23b8f45b37	Address gosec warnings ... Most if not all false positives	2022-08-18 17:46:20 -07:00
Mariano Cano	0c7467ceb2	Allow to automatically configure and linked RA	2022-08-16 14:39:02 -07:00
Mariano Cano	5e0be92273	Allow option to skip the validation of config	2022-08-16 14:04:04 -07:00
Mariano Cano	b62f4d1000	Add lgtm comments on some security warnings	2022-08-11 17:32:57 -07:00
Mariano Cano	a5439c43cd	Remove ciphersuites without Lucky13 countermeasures ... SHA-256 variants of the CBC ciphersuites don't implement any Lucky13 countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and https://www.imperialviolet.org/2013/02/04/luckythirteen.html.	2022-08-11 17:11:04 -07:00
Mariano Cano	8bd0174251	Rename field to IsCAServerCert	2022-08-11 15:14:26 -07:00
Mariano Cano	5df1694250	Add endpoint id for the RA certificate ... In a linked RA mode, send an endpoint id to group the server certificates.	2022-08-11 14:47:11 -07:00
Mariano Cano	eb091aec54	Simplify field names for ProvisionerInfo	2022-08-10 17:44:14 -07:00
Mariano Cano	369b8f81c3	Use go.step.sm/crypto/kms ... Fixes #975	2022-08-08 17:58:18 -07:00
Max	3e2729e391	Merge pull request #989 from smallstep/max/disable-ssh-hosts ... Add attribute to disable SSH Hosts list API	2022-08-08 14:15:35 -07:00
max furman	99c9155467	disableSSHHostsListAPI -> disableGetSSHHosts	2022-08-04 18:44:44 -07:00
Mariano Cano	64744562c6	Send RA provisioner to linkedca.	2022-08-03 18:44:25 -07:00
Mariano Cano	6b5d3dca95	Add provisioner name to RA info	2022-08-03 18:44:04 -07:00
Mariano Cano	a1f54921d2	Rename internal field	2022-08-03 12:07:45 -07:00
Mariano Cano	f9df8ac05f	Remove unused interface	2022-08-03 12:03:49 -07:00
Mariano Cano	9408d0f24b	Send RA provisioner information to the CA	2022-08-02 19:28:49 -07:00
max furman	fb7f57a8df	Add attribute to disable SSH Hosts list API	2022-07-27 23:30:00 -07:00
Shulhan	fe04f93d7f	all: reformat all go files with the next gofmt (Go 1.19) ... There are some changes that manually edited, for example using '-' as default list and grouping imports.	2022-06-16 01:28:59 +07:00
Mariano Cano	9c049eec5a	Add revoke ssh unit test	2022-05-25 17:10:07 -07:00
Mariano Cano	ce9a23a0f7	Fix SSH certificate revocation	2022-05-25 16:55:22 -07:00
Mariano Cano	911cec21da	Merge pull request #943 from smallstep/ssh-renew-provisioner ... Add provisioner to SSH renewals	2022-05-23 17:21:55 -07:00
Mariano Cano	94f5b92513	Use proper context in authority package	2022-05-23 15:31:43 -07:00
Mariano Cano	1be74eca62	Merge branch 'master' into ssh-renew-provisioner	2022-05-23 14:31:15 -07:00
Mariano Cano	26dd97e718	Merge branch 'master' into context-authority	2022-05-23 12:36:16 -07:00
Mariano Cano	6b3a8f22f3	Add provisioner to SSH renewals ... This commit allows to report the provisioner to the linkedca when a SSH certificate is renewed.	2022-05-20 14:41:44 -07:00
Mariano Cano	3c4d0412ef	Merge pull request #941 from smallstep/ssh-provisioner ... Report SSH provisioner	2022-05-20 12:24:30 -07:00
Max	f8148071fb	Merge pull request #915 from smallstep/max/removing-beta ... exposing authority configuration for provisioner cli commands	2022-05-19 22:53:59 -07:00
max furman	5443aa073a	gofmt -s	2022-05-19 22:46:25 -07:00
Max	586e4fd3b5	Update authority/options.go ... Co-authored-by: Mariano Cano <mariano@smallstep.com>	2022-05-19 22:26:20 -07:00
Mariano Cano	dd985ce154	Clarify errors when sending renewed certificates	2022-05-19 18:41:13 -07:00
Mariano Cano	a627f21440	Fix AuthorizeSSHSign tests with extra SignOption	2022-05-18 18:51:36 -07:00
Mariano Cano	e7d7eb1a94	Add provisioner as a signOption for SSH	2022-05-18 18:42:42 -07:00
Mariano Cano	293586079a	Store provisioner with SignSSH ... This change also allows to store the old certificate on renewal on linkedca or if the db interface supports it.	2022-05-18 18:33:53 -07:00
Mariano Cano	c8d7ad7ab9	Fix store certificates methods with new interface	2022-05-18 18:33:22 -07:00
Mariano Cano	de99c3cac0	Report provisioner and parent on linkedca	2022-05-18 18:30:53 -07:00
Herman Slatman	479eda7339	Improve error message when client renews with expired certificate ... When a client provides an expired certificate and `AllowAfterExpiry` is not enabled, the client would get a rather generic error with instructions to view the CA logs. Viewing the CA logs can be done when running `step-ca`, but they can't be accessed easily in the hosted solution. This commit returns a slightly more informational message to the client in this specific situation.	2022-05-19 01:25:30 +02:00
max furman	bfb406bf70	Fixes for PR review	2022-05-18 09:43:32 -07:00
Mariano Cano	898ca41268	Merge branch 'master' into context-authority	2022-05-12 17:14:46 -07:00
Herman Slatman	c695b23e24	Fix check for admin not belonging to policy	2022-05-12 16:33:32 +02:00
max furman	25b8d196d8	Couple changes in response to PR ... - add skipInit option to skip authority initialization - check admin API status when removing provisioners - no need to check admins when not using Admin API	2022-05-11 17:04:43 -07:00
Mariano Cano	8942422973	Add GetID() and add authority to initial context	2022-05-10 16:51:09 -07:00
Mariano Cano	1e03bbb1af	Change types in the ACMEAdminResponder	2022-05-06 14:11:10 -07:00
Mariano Cano	f639bfc53b	Use contexts on the new PolicyAdminResponder	2022-05-06 14:05:08 -07:00
Mariano Cano	d461918eb0	Merge branch 'master' into context-authority	2022-05-06 13:21:41 -07:00
Herman Slatman	0f4ffa504a	Fix linting issues	2022-05-06 13:23:09 +02:00
Herman Slatman	7104299119	Add full policy validation in API	2022-05-06 13:12:13 +02:00
Herman Slatman	105211392c	Don't rely on linkedca model stability in API response bodies	2022-05-05 14:10:52 +02:00