Mariano Cano
37f17213bb
Add initial support for check-host endpoint.
5 years ago
Mariano Cano
d08db4df23
Rename SSH methods.
5 years ago
Mariano Cano
b5bc249e1c
Add support for multiple ssh roots.
...
Fixes #125
5 years ago
Mariano Cano
a35988ff08
Add initial support for ssh config.
...
Related to smallstep/cli#170
5 years ago
Mariano Cano
961be1fbc7
Add endpoint to return the SSH public keys.
...
Related to smallstep/ca-component#195
5 years ago
Max
0a96062b76
Merge pull request #128 from jkralik/returnCertChain
...
Change api of functions Authority.Sign, Authority.Renew
5 years ago
max furman
d368791606
Add x5c provisioner capabilities
5 years ago
max furman
7aec7c2612
Create ACME database tables when initializing ACME autority.
5 years ago
Jozef Kralik
bc6074f596
Change api of functions Authority.Sign, Authority.Renew
...
Returns certificate chain instead of 2 members.
Implements #126
5 years ago
max furman
fe7973c060
wip
5 years ago
max furman
e3826dd1c3
Add ACME CA capabilities
5 years ago
Mariano Cano
10e7b81b9f
Merge branch 'master' into ssh-ca
5 years ago
max furman
635c59ed24
Accept emails SANs
5 years ago
Mariano Cano
1c8f610ca9
Add initial implementation of an SSH CA using the JWK provisioner.
...
Fixes smallstep/ca-component#187
5 years ago
Mariano Cano
44e85b51f2
Add some extra coverage.
5 years ago
Mariano Cano
aa63f8f32c
Add missing root certificate to test.
5 years ago
Mariano Cano
f9e2ea9bd6
Revert "Do not depend on config package."
...
This reverts commit cc1c6f2cb4
.
5 years ago
Mariano Cano
cc1c6f2cb4
Do not depend on config package.
...
Config package will panic if it cannot create the step path folder.
5 years ago
Mariano Cano
01b6aebbf7
Make provisioner more configurable.
...
The intention of this change is to make it usable from cert-manager.
5 years ago
Mariano Cano
e8498bf612
Add new WithDatabase to test reload.
6 years ago
Mariano Cano
120e2d0caf
Fix restart with simple DB.
6 years ago
Mariano Cano
3a1a4c5ea9
Do not allow reload with database configuration changes.
...
Fixes #smallstep/ca-component#170
6 years ago
Mariano Cano
b595c55f0a
Update CA properties on reload.
...
Fixes #71
6 years ago
max furman
c242602231
reload and shutdown trickery
...
* Only shutdown the database once.
* Be careful when reloading the CA. Depending on whether the DB has
already been shutdown, and error may be unrecoverable.
6 years ago
max furman
cbeca9383b
Update nosql integration
...
* shutdown and reload database on SIGHUP
6 years ago
Mariano Cano
c2c9798149
Fix review issues.
6 years ago
Mariano Cano
46b9b117e3
Add test for provisioner type.
6 years ago
Mariano Cano
13783301ce
Remove test for unnecessary method.
6 years ago
Mariano Cano
b4739c185d
Remove unnecessary method GetCertificateRenewer.
6 years ago
Mariano Cano
fa216ccaad
Use SetTransport method.
6 years ago
Mariano Cano
43c5831582
Merge branch 'master' into step-sds
6 years ago
max furman
ab4d569f36
Add /revoke API with interface db backend
6 years ago
Mariano Cano
888ef147fa
Expose a way to update the transport.
6 years ago
Mariano Cano
c42265972a
Add the autocert provisioner to the ca package.
6 years ago
Mariano Cano
7800f5960a
Add test for GetCertificateRenewer
6 years ago
Mariano Cano
8d2de64811
Add method to get a certificate renewer.
6 years ago
Mariano Cano
27b6ac0a58
Add INT and TERM signal handler.
6 years ago
Mariano Cano
64f2615864
Fix tests.
6 years ago
Mariano Cano
b07fe546fd
Fix types in tests.
6 years ago
Mariano Cano
5ce5a891f7
Add email SAN with email parameter in the JWK
6 years ago
Mariano Cano
262a9d0978
Merge pull request #27 from smallstep/mariano/renew-pool
...
SDK should update certificate pools safely
6 years ago
Mariano Cano
e0fff4d80b
Fix typo.
6 years ago
Mariano Cano
f1f6c548ad
Fix typo.
6 years ago
Mariano Cano
758d829355
Fix tests.
6 years ago
max furman
3415a1fef8
move SplitSANs to cli
6 years ago
Mariano Cano
975cb75fbd
Fix typo.
6 years ago
Mariano Cano
3c06d6f9bc
Fix comment.
6 years ago
Mariano Cano
e330ac547c
Fix comment.
6 years ago
Mariano Cano
cd934bbede
Remove println
6 years ago
max furman
6937bfea7b
claims.SANS -> claims.SANs
6 years ago
Mariano Cano
4c9dccd3f6
Allow multiple certificates in the root pem.
6 years ago
max furman
ab78534b08
add test for SAN backwards compatibility with CLI
...
* new provisioner tokens always contain the crt.Subject.CommonName
in the SANS attribute of the token claims. added tests that verifies
backwards compatibility still works in cases where the token does not
contain the subject as a SAN claim.
6 years ago
max furman
e6e8443f3c
allow multiple identical SANs in cert
6 years ago
max furman
f0683c2e0a
Enable signing certificates with custom SANs
...
* validate against SANs in token. must be 1:1 equivalent.
6 years ago
Mariano Cano
d394dd233a
Initiate default RootCAs/ClientCAs when no options are passed.
6 years ago
Mariano Cano
25eba1a96c
WIP on the safely rotate of root and federated certificates.
...
Fixes #23
6 years ago
Mariano Cano
bacbf85aa3
Add new bootstrap method that creates a listener.
6 years ago
Mariano Cano
984bf8d38c
Add missing file.
6 years ago
Mariano Cano
1cc5e94666
Add simple test for federation.
6 years ago
Mariano Cano
dbd1bf11f1
Rename variable.
6 years ago
Mariano Cano
7dc61bf233
Remove deprecated code
6 years ago
Mariano Cano
518b597535
Remove mTLS client requirement in /roots and /federation
6 years ago
Mariano Cano
9adc65febf
Add test for newTLSOptionCtx
6 years ago
Mariano Cano
6116523055
Fix random order in tests.
6 years ago
Mariano Cano
8510e25b3b
Add test with bootstrap server.
6 years ago
Mariano Cano
f99ae9da93
Add root rotation test.
6 years ago
Mariano Cano
af9e6488fc
Make the renew test shorter.
6 years ago
Mariano Cano
25ddbaedff
Allow to customize the minimal cert duration for tests.
6 years ago
Mariano Cano
10aaece1b0
Update root certificates on renew.
6 years ago
Mariano Cano
6d3e8ed93c
Add all root certificates by default on bootstrap methods.
6 years ago
Mariano Cano
d296cf95a9
Add mTLS request to get all the root CAs, not the federated ones.
6 years ago
Mariano Cano
98cc243a37
Add support for multiple roots.
6 years ago
Mariano Cano
722bcb7e7a
Add initial support for federated root certificates.
6 years ago
Mariano Cano
7e2f80ac30
Fix grammar error
6 years ago
max furman
c0107ab5b9
Fix ca renew documentation
6 years ago
Mariano Cano
f7a5be3942
Force the renew of the CA server.
6 years ago
Mariano Cano
b0a410066b
Add support for parsing endpoints without schema.
...
Fixes smallstep/ca-component#117
6 years ago
Mariano Cano
d872f09910
Use mTLS by default on SDK methods.
...
Add options to modify the tls.Config for different configurations.
Fixes #7
6 years ago
Mariano Cano
9c64dbda9a
Add helpers to add direct support for mTLS.
6 years ago
Mariano Cano
b23e3bec7f
Remove comment of removed arguments.
6 years ago
max furman
5f2d998584
change documentation for bootstrap Server|Client
...
* provide documentation for default and non-default invocation.
6 years ago
Mariano Cano
ba88c8c5cb
Add context to bootstrap methods.
6 years ago
Mariano Cano
7eb8aeb1f1
Add tests for bootstrap functions.
6 years ago
Mariano Cano
091506a994
Add bootstrap helpers that uses just a token.
6 years ago
max furman
c74fcd57a7
ca-component -> certificates
...
* fix redundant error check
* add README
6 years ago
max furman
0d9dd2d14b
provisioner issuer -> name
6 years ago
Mariano Cano
71a3587b76
Add client support for provisioner cursor and limit options.
...
Fixes #83
6 years ago
Mariano Cano
99cab73360
Remove unused import /provisioners/jwk-set-by-issuer
6 years ago
max furman
ee7db4006a
change sign + authorize authority api | add provisioners
...
* authorize returns []interface{}
- operators in this list can conform to any interface the user decides
- our implementation has a combination of certificate claim validators
and certificate template modifiers.
* provisioners can set and enforce tls cert options
6 years ago
Mariano Cano
d7c31c3133
Properly fill CSR DNSNames or IPAddresses
6 years ago
Mariano Cano
2b2598c695
Fix audience to fix ca tests.
6 years ago
Mariano Cano
511e1a9e23
Fix getting transport from root fingerprint.
6 years ago
max furman
0b5f6487e1
change provisioners api
...
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
6 years ago
Mariano Cano
7b6a3ea427
Add client methods for provisioning endpoints.
6 years ago
max furman
378166a3b2
add full stack tests for multiple provisioners api
...
* /provisioners and /provisioners/<key-id>/encrypted-key
6 years ago
max furman
d773770a44
add authority.New unit tests
6 years ago
max furman
c284a2c0ab
first commit
6 years ago