max furman
6af9437875
Rebase over master and a few more linter fixes
2 years ago
max furman
18a648cffa
Fix linter warning about bad error name
2 years ago
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2 years ago
Mariano Cano
8bd0174251
Rename field to IsCAServerCert
2 years ago
Mariano Cano
5df1694250
Add endpoint id for the RA certificate
...
In a linked RA mode, send an endpoint id to group the server
certificates.
2 years ago
Mariano Cano
eb091aec54
Simplify field names for ProvisionerInfo
2 years ago
Mariano Cano
369b8f81c3
Use go.step.sm/crypto/kms
...
Fixes #975
2 years ago
Mariano Cano
c5c7c30cc2
Fix typo in ProvisionerInfo
2 years ago
Mariano Cano
64744562c6
Send RA provisioner to linkedca.
2 years ago
Mariano Cano
9408d0f24b
Send RA provisioner information to the CA
2 years ago
Mariano Cano
3aebe8d019
Add missing comma in comment.
3 years ago
Mariano Cano
37b521ec6c
Merge branch 'master' into feat/vault
3 years ago
Mariano Cano
abf5fc32a3
Format comment.
3 years ago
Mariano Cano
c480936ba4
Split comments.
3 years ago
Mariano Cano
955d4cf80d
Add authority.WithX509SignerFunc
...
This change adds a new authority option that allows to pass a callback
that returns the certificate chain and signer used to sign X.509
certificates.
This option will be used by Caddy, they renew the intermediate
certificate weekly and there's no other way to replace it without
re-creating the embedded CA.
Fixes #874
3 years ago
Ahmet DEMIR
d957a57e24
fix: apply mariano suggestions and fixes
...
* use json.RawMessage to remote mapstructure in options
* use vault secretid structure to support multiple source aka string, file and env
* remove log prefix
* return raw cert on error on newline for cert and csr
* clean sans, commonName in createCertificate (bad copy/paste from StepCAS)
* verify authority fingerprint
* convert serial on revoke to bigint, bytes and vault dashed representation
3 years ago
Ahmet DEMIR
16390694e1
feat(vault): adding hashicorp vault cas
3 years ago
Ahmet DEMIR
26d7b70957
feat(cas): add generic Config parameter to allow more flexible configuration on CAS
3 years ago
Mariano Cano
52a18e0c2d
Add key name to CreateCertificateAuthority
3 years ago
Mariano Cano
6d644880bd
Allow to kms signers to define the SignatureAlgorithm
...
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.
On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
3 years ago
Mariano Cano
de719eb6f0
Add an option to avoid password prompts on step cas
...
When we are using `step ca init` to create a stepcas RA we don't
have access to the password for verify the provisioner.
3 years ago
Mariano Cano
35e6cc275a
Fix typos in comments.
3 years ago
Mariano Cano
ac3c754a6d
Use known CA and add tier and gcs bucket options.
3 years ago
Mariano Cano
529eb4bae9
Rename CAPool to CaPool.
3 years ago
Mariano Cano
072bd0dcf4
Add support for Google CAS v1
3 years ago
Herman Slatman
c5e4ea08b3
Merge branch 'master' into hs/scep
4 years ago
Mariano Cano
d9f93ccfde
Fix typo.
4 years ago
Mariano Cano
edc7c4d90e
Add support for password encrypted files
4 years ago
Mariano Cano
ce3e6bfdf6
Fix linting errors.
4 years ago
Mariano Cano
96de4e6ec8
Return a non-implemented error in stepcas.RenewCertificate.
4 years ago
Herman Slatman
583d60dc0d
Address (most) PR comments
4 years ago
Mariano Cano
bcf70206ac
Add support for revocation using an extra provisioner in the RA.
4 years ago
Mariano Cano
a6115e29c2
Add initial implementation of StepCAS.
...
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
4 years ago
Herman Slatman
e1cab4966f
Improve initialization of SCEP authority
4 years ago
Herman Slatman
7ad90d10b3
Refactor initialization of SCEP authority
4 years ago
Miclain K Keffeler
7a1eb43bb1
Update options.go
4 years ago
Miclain Keffeler
7545b4a625
leverage intermediate_ca.crt for appending certs.
4 years ago
Mariano Cano
a97fab4119
Fix mispell.
4 years ago
Mariano Cano
4f9200cc47
Add missing docs.
4 years ago
Mariano Cano
2b4b902975
Add initial support for `step ca init` with cloud cas.
...
Fixes smallstep/cli#363
4 years ago
Mariano Cano
9f21813dd6
Rename option.
4 years ago
Mariano Cano
8381e9bd17
Fix typos.
4 years ago
Mariano Cano
38fa780775
Add interface to get root certificate from CAS.
...
This change makes easier the configuration of cloudCAS as it does
not require to configure the root or intermediate certificate
in the ca.json. CloudCAS will get the root certificate using
the configured certificateAuthority.
4 years ago
Mariano Cano
fa099f2ae2
Change method name.
4 years ago
Mariano Cano
91aa1e87f1
Do not use go 1.15 methods.
4 years ago
Mariano Cano
8957e5e5a2
Add missing tests
4 years ago
Mariano Cano
01e6495f43
Add most of cloudcas unit tests and minor fixes.
4 years ago
Mariano Cano
8eff4e77a8
Comment request structs.
4 years ago
Mariano Cano
aad8f9e582
Pass issuer and signer to softCAS options.
...
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
4 years ago
Mariano Cano
c8d9cb0a1d
Complete cloudcas using CAS v1beta1.
4 years ago