smallstep-certificates

Commit Graph

Author	SHA1	Message	Date
Mariano Cano	0a59efd853	Use new x509util to generate the CA certificate.	4 years ago
Mariano Cano	4943ae58d8	Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates.	4 years ago
Mariano Cano	e83e47a91e	Use sshutil and randutil from go.step.sm/crypto.	4 years ago
Mariano Cano	ce1eb0a01b	Use new x509util for renew/rekey.	4 years ago
Mariano Cano	f437b86a7b	Merge branch 'cert-templates' into ssh-cert-templates	4 years ago
Mariano Cano	c8d225a763	Use x509util from go.step.sm/crypto/x509util	4 years ago
Mariano Cano	37f84e9bb3	Add delay in test.	4 years ago
Mariano Cano	342cb713ee	Add test with custom templates.	4 years ago
Mariano Cano	8d89bbd62f	Remove unused code.	4 years ago
Mariano Cano	c4bbc81d9f	Fix authority tests.	4 years ago
Mariano Cano	413af88aad	Fix provisioning tests.	4 years ago
Mariano Cano	b66bdfabcd	Enforce an OIDC users to send all template variables.	4 years ago
Mariano Cano	9822305bb6	Use only the IID template on IID provisioners. Use always sshutil.DefaultIIDCertificate and require at least one principal on IID provisioners.	4 years ago
Mariano Cano	aa657cdb4b	Use SSHOptions inside provisioner options.	4 years ago
Mariano Cano	02379d494b	Add support for extensions and critical options on the identity function.	4 years ago
Mariano Cano	8ff8d90f8c	On JWK and X5C validate the key id on the request.	4 years ago
Mariano Cano	a78f7e8913	Add template support on k8ssa provisioner.	4 years ago
Mariano Cano	6c36ceb158	Add initial template support for iid provisisioners.	4 years ago
Mariano Cano	8e7bf96769	Fix error prefix.	4 years ago
Mariano Cano	e0dce54338	Add missing argument.	4 years ago
Mariano Cano	c1fc45c872	Simplify SSH modifiers with options. It also changes the behavior of the request options to modify only the validity of the certificate.	4 years ago
Mariano Cano	ad28f0f59a	Move variable where it is used.	4 years ago
Mariano Cano	715eb4eacc	Add initial support for ssh templates on OIDC.	4 years ago
Mariano Cano	c2dc76550c	Add ssh certificate template to X5C provisioner.	4 years ago
Mariano Cano	380a0d6daf	Add ssh certificate templates to JWK provisioner.	4 years ago
Mariano Cano	f75a12e10a	Add omitempty tag option.	4 years ago
Mariano Cano	d7e590908e	Use sshutil for ssh renewing and rekeying.	4 years ago
Mariano Cano	b66d123572	Use sshutil for SSH certificate signing.	4 years ago
Mariano Cano	570ede45e7	Do not enforce number of principals or extensions.	4 years ago
Mariano Cano	631f1612a1	Add TemplateData to SignSSHOptions.	4 years ago
Mariano Cano	c6746425a3	Add methods to initialize ssh templates in provisioners.	4 years ago
Mariano Cano	3e80f41c19	Change provisioner options to have X509 as a field.	4 years ago
max furman	3f844c5e23	Update the way SubjectKeyId is calculated, and more ... - swith lint to first in line for `make all` - update tests to conform with new subjectkeyid	4 years ago
Mariano Cano	a7b65f1e1e	Add authority.Sign test with custom templates.	4 years ago
David Cowden	86efe7aff0	aws: use http.NoBody instead of nil It's a little more descriptive.	4 years ago
David Cowden	2b121efc8f	aws: test constructor with empty IDMS string array	4 years ago
Mariano Cano	6c64fb3ed2	Rename provisioner options structs: * provisioner.ProvisionerOptions => provisioner.Options * provisioner.Options => provisioner.SignOptions * provisioner.SSHOptions => provisioner.SingSSHOptions	4 years ago
David Cowden	dc39eef721	aws: test badIDMS functional path The existing test only covers the constructor logic. Also test the live code path that is executed when a bad IDMS version is supplied.	4 years ago
David Cowden	51f16ee2e0	aws: add tests covering metadata service versions * Add constructor tests for the aws provisioner. * Add a test to make sure the "v1" logic continues to work. By and large, v2 is the way to go. However, there are some instances of things that specifically request metadata service version 1 and so this adds minimal coverage to make sure we don't accidentally break the path should anyone need to depend on the former logic.	4 years ago
David Cowden	5efe5f3573	metadata-v2: pull in joshathysolate-master Taking of this PR to get it across the goal line.	4 years ago
Mariano Cano	978ad7e2b6	Fix merged tests.	4 years ago
Mariano Cano	5ac3f8a160	Add provisioner options tests.	4 years ago
Mariano Cano	02c4f9817d	Set full token payload instead of only the known properties.	4 years ago
Mariano Cano	0c8376a7f6	Fix existing unit tests.	4 years ago
Mariano Cano	d64cb99a22	Fix authority package tests.	4 years ago
Mariano Cano	ccc705cdcd	Use alias x509legacy to cli x509util in tls.go.	4 years ago
Mariano Cano	8f0dd811af	Allow to send errors from template to cli.	4 years ago
Mariano Cano	a7fe0104c4	Remove ACME restrictions and add proper template support.	4 years ago
Mariano Cano	cf2989a848	Add token and subject to K8sSA provisioner to be used in custom templates.	4 years ago
Mariano Cano	71be83b25e	Add iss#sub uri in OIDC certificates. Admin will use the CR template if none is provided.	4 years ago
Mariano Cano	c58117b30d	Allow to use base64 when defining a template in the ca.json.	4 years ago
Mariano Cano	b2ca3176f5	Prepend insecure to user and CR variables names.	4 years ago
Mariano Cano	b11486f41f	Fix option method for template variable.	4 years ago
Mariano Cano	04f5053a7a	Add template support for x5c.	4 years ago
Mariano Cano	eb8886d828	Add CR subject as iid default subject. Add a minimal subject with just a common name to iid provisioners in case we want to use it.	4 years ago
Mariano Cano	e60ea419cc	Add template support for gcp provisioner.	4 years ago
Mariano Cano	32646c49bf	Add templates support to Azure provisioner.	4 years ago
Mariano Cano	a44f0ca866	Add token payload.	4 years ago
Mariano Cano	00fd41a3d0	Add template support to K8sSA provisioners.	4 years ago
Mariano Cano	13b704aeed	Add template support for AWS provisioner.	4 years ago
Mariano Cano	49b9aa6e3f	Fix log string.	4 years ago
Mariano Cano	4795e371bd	Add back the support for ca.json DN template.	4 years ago
Mariano Cano	e6fed5e0aa	Minor fixes and comments.	4 years ago
Mariano Cano	81cd288104	Enable templates in acme provisioners.	4 years ago
Mariano Cano	ca2fb42d68	Move options to the provisioner.	4 years ago
Mariano Cano	206bc6757a	Add initial support for templates in the OIDC provisioner.	4 years ago
Mariano Cano	95c3a41bf0	Rename UserData to TemplateData and fix unmarshaling.	4 years ago
Mariano Cano	9f3acc254b	Set the token payload in the JWK provisioner.	4 years ago
Mariano Cano	ef0ed0ff95	Integrate simple templates in the JWK provisioner.	4 years ago
Mariano Cano	d1d9ae42d6	Use certificates x509util instead of cli for certificate signing.	4 years ago
Mariano Cano	9032018cf2	Convert x509util.WithOptions to new modifiers.	4 years ago
Carl Tashian	912e298043	Whitelist -> Allowlist per https://tools.ietf.org/id/draft-knodel-terminology-01.html	4 years ago
max furman	fd05f3249b	A few last fixes and tests added for rekey/renew ... - remove all `renewOrRekey` - explicitly test difference between renew and rekey (diff pub keys) - add back tests for renew	4 years ago
Max	ea9bc493b8	Merge pull request #307 from dharanikumar-s/master Add support for rekeying Fixes #292	4 years ago
dharanikumar-s	57fb0c80cf	Removed calculating SubjectKeyIdentifier on Rekey	4 years ago
dharanikumar-s	dfda497929	Renamed RenewOrRekey to Rekey	4 years ago
dharanikumar-s	fe73154a20	Corrected misspelling	4 years ago
dharanikumar-s	0c21f0ae9e	Added error check after GenerateDefaultKeyPair	4 years ago
dharanikumar-s	2479371c06	Added error check while marshalling public key	4 years ago
dharanikumar-s	b368a53149	Modified TestAuthority_Renew to TestAuthority_RenewOrRekey	4 years ago
dharanikumar-s	c8c3581e2f	SubjectKeyIdentifier extention is calculated from public key passed to this function instead of copying from old certificate	4 years ago
dharanikumar-s	8f504483ce	Added RenewOrRekey function based on @maraino suggestion. RenewOrReky is called from Renew.	4 years ago
dharanikumar-s	3813f57b1a	Add support for rekeying Fixes #292	4 years ago
Max	debce1cec2	Merge pull request #299 from smallstep/max/refactor Refactor	4 years ago
max furman	accf1be7e9	wip	4 years ago
max furman	71d87b4e61	wip	4 years ago
max furman	d25e7f64c2	wip	4 years ago
max furman	3636ba3228	wip	4 years ago
Mariano Cano	39650637d4	Merge pull request #297 from smallstep/no-bastion-bastion Do not return bastion for the configured bastion host.	4 years ago
Mariano Cano	fcfc4e9b2b	Fix ssh federated template variables.	4 years ago
max furman	1951669e13	wip	4 years ago
Mariano Cano	b0fdd0b2be	Do not return bastion for the configured bastion host. Fixes #296	4 years ago
Mariano Cano	ff32746312	Add test case for error executing template.	4 years ago
Mariano Cano	e3ae751b57	Use templates from authority instead of config.	4 years ago
Mariano Cano	237baa5169	Check for required variables in templates. Fixes smallstep/cli#232	4 years ago
Mariano Cano	6c844a0618	Load default templates if no templates are configured.	4 years ago
Max	2ebfc73f77	Merge pull request #290 from smallstep/max/profileLimit Update profileLimitDuration validator ...	4 years ago
max furman	7d5cf34ce5	Update profileLimitDuration validator ... - respect notBefore of the provisioner - modify/fix the reported errors	4 years ago
Mariano Cano	9832d1538b	Avoid nil pointer panic on step ssh config with no templates.	4 years ago
Mariano Cano	4ac51dd508	Merge pull request #274 from smallstep/oidc-raw-locals Allow dots and other symbols in principals for OIDC	4 years ago

1 2 3 4 5 ...

559 Commits (335435decfd395879f6f087f1a919ec371d5f1fb)