Commit Graph

51 Commits

Author SHA1 Message Date
Mariano Cano
30ce9e65f7
Write configuration only if encoding succeeds
This commit fixes a problem when the ca.json is truncated if the
encoding of the configuration fails. This can happen by adding a new
provisioner with bad template data.

Related to smallstep/cli#994
2023-08-03 17:54:49 -07:00
Mariano Cano
cce7d9e839
Address comments from code review 2023-07-27 15:05:04 -07:00
Mariano Cano
c7c7decd5e
Add support for the disableSmallstepExtensions claim
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.

Fixes #620
2023-07-27 15:05:01 -07:00
max furman
8b256f0351
address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Mariano Cano
002a058807
Use idpURL in json 2022-11-30 11:07:07 -08:00
Mariano Cano
be4cd17b40
Add omit empty to IDPurl 2022-11-29 12:23:02 -08:00
foleyjohnm
d6f9b3336d
Update config.go 2022-11-11 11:52:29 -05:00
foleyjohnm
c79d4e9316 adding CRLIDP config 2022-11-11 11:50:20 -05:00
Mariano Cano
59775fff0c
Merge branch 'master' into crl-support 2022-10-27 10:13:19 -07:00
Mariano Cano
8200d19894
Improve CRL implementation
This commit adds some changes to PR #731, some of them are:
- Add distribution point to the CRL
- Properly stop the goroutine that generates the CRLs
- CRL config validation
- Remove expired certificates from the CRL
- Require enable set to true to generate a CRL

This last point is the principal change in behaviour from the previous
implementation. The CRL will not be generated if it's not enabled, and
if it is enabled it will always be regenerated at some point, not only
if there is a revocation.
2022-10-26 18:55:24 -07:00
Herman Slatman
54c560f620
Improve configuration file initialization log output 2022-10-24 15:22:37 +02:00
Herman Slatman
674206320c
Write updated CA configuration after migrating provisioners 2022-10-11 14:12:06 +02:00
Raal Goff
f7df865687 refactor crl config, add some tests 2022-10-07 10:30:00 +08:00
Mariano Cano
4e19aa4c52 Add cache duration if crl is set 2022-09-14 12:21:52 -07:00
Mariano Cano
0829f37fe8 Define a default crl cache duration 2022-09-14 11:43:58 -07:00
Raal Goff
d2483f3a70 Merge branch 'master' into crl-support
# Conflicts:
#	authority/config/config.go
2022-09-08 09:45:04 +08:00
Mariano Cano
5e0be92273 Allow option to skip the validation of config 2022-08-16 14:04:04 -07:00
Mariano Cano
369b8f81c3 Use go.step.sm/crypto/kms
Fixes #975
2022-08-08 17:58:18 -07:00
max furman
99c9155467 disableSSHHostsListAPI -> disableGetSSHHosts 2022-08-04 18:44:44 -07:00
max furman
fb7f57a8df Add attribute to disable SSH Hosts list API 2022-07-27 23:30:00 -07:00
Raal Goff
60671b07d7 Merge branch 'master' into crl-support
# Conflicts:
#	api/api.go
#	authority/config/config.go
#	cas/softcas/softcas.go
#	db/db.go
2022-07-13 08:52:58 +08:00
Herman Slatman
ad2de16299
Merge branch 'master' into herman/allow-deny 2022-04-19 10:26:31 +02:00
Mariano Cano
fe9c3cf753
Merge branch 'master' into ahmet2mir-feat/vault 2022-04-18 15:35:26 -07:00
Herman Slatman
abcad679ff
Merge branch 'master' into herman/allow-deny 2022-04-18 21:54:55 +02:00
Herman Slatman
d6be9450be
Merge branch 'master' into herman/allow-deny 2022-04-15 11:57:05 +02:00
Mariano Cano
d3b6bc3c75 Merge branch 'master' into fix/adminra 2022-04-13 17:44:23 -07:00
Mariano Cano
674dc3c844 Rename unreleased claim to allowRenewalAfterExpiry for consistency. 2022-04-13 15:11:54 -07:00
Mariano Cano
37b521ec6c
Merge branch 'master' into feat/vault 2022-04-11 14:57:45 -07:00
Mariano Cano
c55b27a2fc Refactor admin token to use with RAs. 2022-04-07 18:14:43 -07:00
Raal Goff
d417ce3232 implement changes from review 2022-04-06 08:23:53 +08:00
Herman Slatman
571b21abbc
Fix (most) PR comments 2022-03-31 16:12:29 +02:00
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next 2022-03-24 12:36:12 +01:00
Mariano Cano
c903f00cd4 Rename claim to allowRenewAfterExpiry. 2022-03-14 15:40:01 -07:00
Mariano Cano
616490a9c6 Refactor renew after expiry token authorization
This changes adds a new authority method that authorizes the
renew after expiry tokens.
2022-03-10 20:21:01 -08:00
Mariano Cano
fd6a2eeb9c Add provisioner controller
The provisioner controller has the implementation of the identity
function as well as the renew methods with renew after expiry
support.
2022-03-09 18:39:09 -08:00
Herman Slatman
7c541888ad
Refactor configuration of allow/deny on authority level 2022-03-08 13:26:07 +01:00
Mariano Cano
c0525381eb Merge branch 'master' into feat/vault 2022-02-16 18:19:23 -08:00
Herman Slatman
716b946e7a
Normalize IPv6 hostname addresses 2022-01-19 17:14:45 +01:00
Ahmet DEMIR
68b980d689
feat(authority): avoid hardcoded cn in authority csr 2022-01-13 20:30:54 +01:00
Mariano Cano
da2802504b Use Default min version if not specified. 2021-08-11 15:33:45 -07:00
Mariano Cano
072ba4227c Add deployment type to config.
This field is ignored except for the start of the ca. If the type
is linked and the token is not passed, it will fail with an error.
2021-08-10 17:07:15 -07:00
Mariano Cano
384be6e205 Do not show provisioners if they are not required.
For deployment types like linked ca, the list of provisioners in
the ca.json are not required, so we should tag the json as omitempty.
2021-08-02 15:34:39 -07:00
Mariano Cano
4f27f4b002 Change default ciphersuites to newer names. 2021-07-28 13:56:05 -07:00
Mariano Cano
0730a165fd Add collection of files and authority template. 2021-07-27 19:19:58 -07:00
Mariano Cano
49c1427d15 Use authorityId instead of authorityID.
In json or javascript world authorityId, userId, ... are more common
than authorityID, ...
2021-07-12 15:31:05 +02:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
max furman
1726076ea2 wip 2021-05-25 16:52:06 -07:00
max furman
5d09d04d14 wip 2021-05-19 15:20:16 -07:00
max furman
af3cf7dae9 first steps 2021-05-19 15:20:16 -07:00
max furman
2f60f20b0b lots of codes 2021-05-19 15:20:16 -07:00