Mariano Cano
30ce9e65f7
Write configuration only if encoding succeeds
...
This commit fixes a problem when the ca.json is truncated if the
encoding of the configuration fails. This can happen by adding a new
provisioner with bad template data.
Related to smallstep/cli#994
2023-08-03 17:54:49 -07:00
Mariano Cano
cce7d9e839
Address comments from code review
2023-07-27 15:05:04 -07:00
Mariano Cano
c7c7decd5e
Add support for the disableSmallstepExtensions claim
...
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.
Fixes #620
2023-07-27 15:05:01 -07:00
max furman
8b256f0351
address linter warning for go 1.19
2023-05-09 23:47:28 -07:00
Mariano Cano
002a058807
Use idpURL in json
2022-11-30 11:07:07 -08:00
Mariano Cano
be4cd17b40
Add omit empty to IDPurl
2022-11-29 12:23:02 -08:00
foleyjohnm
d6f9b3336d
Update config.go
2022-11-11 11:52:29 -05:00
foleyjohnm
c79d4e9316
adding CRLIDP config
2022-11-11 11:50:20 -05:00
Mariano Cano
59775fff0c
Merge branch 'master' into crl-support
2022-10-27 10:13:19 -07:00
Mariano Cano
8200d19894
Improve CRL implementation
...
This commit adds some changes to PR #731 , some of them are:
- Add distribution point to the CRL
- Properly stop the goroutine that generates the CRLs
- CRL config validation
- Remove expired certificates from the CRL
- Require enable set to true to generate a CRL
This last point is the principal change in behaviour from the previous
implementation. The CRL will not be generated if it's not enabled, and
if it is enabled it will always be regenerated at some point, not only
if there is a revocation.
2022-10-26 18:55:24 -07:00
Herman Slatman
54c560f620
Improve configuration file initialization log output
2022-10-24 15:22:37 +02:00
Herman Slatman
674206320c
Write updated CA configuration after migrating provisioners
2022-10-11 14:12:06 +02:00
Raal Goff
f7df865687
refactor crl config, add some tests
2022-10-07 10:30:00 +08:00
Mariano Cano
4e19aa4c52
Add cache duration if crl is set
2022-09-14 12:21:52 -07:00
Mariano Cano
0829f37fe8
Define a default crl cache duration
2022-09-14 11:43:58 -07:00
Raal Goff
d2483f3a70
Merge branch 'master' into crl-support
...
# Conflicts:
# authority/config/config.go
2022-09-08 09:45:04 +08:00
Mariano Cano
5e0be92273
Allow option to skip the validation of config
2022-08-16 14:04:04 -07:00
Mariano Cano
369b8f81c3
Use go.step.sm/crypto/kms
...
Fixes #975
2022-08-08 17:58:18 -07:00
max furman
99c9155467
disableSSHHostsListAPI -> disableGetSSHHosts
2022-08-04 18:44:44 -07:00
max furman
fb7f57a8df
Add attribute to disable SSH Hosts list API
2022-07-27 23:30:00 -07:00
Raal Goff
60671b07d7
Merge branch 'master' into crl-support
...
# Conflicts:
# api/api.go
# authority/config/config.go
# cas/softcas/softcas.go
# db/db.go
2022-07-13 08:52:58 +08:00
Herman Slatman
ad2de16299
Merge branch 'master' into herman/allow-deny
2022-04-19 10:26:31 +02:00
Mariano Cano
fe9c3cf753
Merge branch 'master' into ahmet2mir-feat/vault
2022-04-18 15:35:26 -07:00
Herman Slatman
abcad679ff
Merge branch 'master' into herman/allow-deny
2022-04-18 21:54:55 +02:00
Herman Slatman
d6be9450be
Merge branch 'master' into herman/allow-deny
2022-04-15 11:57:05 +02:00
Mariano Cano
d3b6bc3c75
Merge branch 'master' into fix/adminra
2022-04-13 17:44:23 -07:00
Mariano Cano
674dc3c844
Rename unreleased claim to allowRenewalAfterExpiry for consistency.
2022-04-13 15:11:54 -07:00
Mariano Cano
37b521ec6c
Merge branch 'master' into feat/vault
2022-04-11 14:57:45 -07:00
Mariano Cano
c55b27a2fc
Refactor admin token to use with RAs.
2022-04-07 18:14:43 -07:00
Raal Goff
d417ce3232
implement changes from review
2022-04-06 08:23:53 +08:00
Herman Slatman
571b21abbc
Fix (most) PR comments
2022-03-31 16:12:29 +02:00
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
2022-03-24 12:36:12 +01:00
Mariano Cano
c903f00cd4
Rename claim to allowRenewAfterExpiry.
2022-03-14 15:40:01 -07:00
Mariano Cano
616490a9c6
Refactor renew after expiry token authorization
...
This changes adds a new authority method that authorizes the
renew after expiry tokens.
2022-03-10 20:21:01 -08:00
Mariano Cano
fd6a2eeb9c
Add provisioner controller
...
The provisioner controller has the implementation of the identity
function as well as the renew methods with renew after expiry
support.
2022-03-09 18:39:09 -08:00
Herman Slatman
7c541888ad
Refactor configuration of allow/deny on authority level
2022-03-08 13:26:07 +01:00
Mariano Cano
c0525381eb
Merge branch 'master' into feat/vault
2022-02-16 18:19:23 -08:00
Herman Slatman
716b946e7a
Normalize IPv6 hostname addresses
2022-01-19 17:14:45 +01:00
Ahmet DEMIR
68b980d689
feat(authority): avoid hardcoded cn in authority csr
2022-01-13 20:30:54 +01:00
Mariano Cano
da2802504b
Use Default min version if not specified.
2021-08-11 15:33:45 -07:00
Mariano Cano
072ba4227c
Add deployment type to config.
...
This field is ignored except for the start of the ca. If the type
is linked and the token is not passed, it will fail with an error.
2021-08-10 17:07:15 -07:00
Mariano Cano
384be6e205
Do not show provisioners if they are not required.
...
For deployment types like linked ca, the list of provisioners in
the ca.json are not required, so we should tag the json as omitempty.
2021-08-02 15:34:39 -07:00
Mariano Cano
4f27f4b002
Change default ciphersuites to newer names.
2021-07-28 13:56:05 -07:00
Mariano Cano
0730a165fd
Add collection of files and authority template.
2021-07-27 19:19:58 -07:00
Mariano Cano
49c1427d15
Use authorityId instead of authorityID.
...
In json or javascript world authorityId, userId, ... are more common
than authorityID, ...
2021-07-12 15:31:05 +02:00
max furman
9fdef64709
Admin level API for provisioner mgmt v1
2021-07-02 19:05:17 -07:00
max furman
1726076ea2
wip
2021-05-25 16:52:06 -07:00
max furman
5d09d04d14
wip
2021-05-19 15:20:16 -07:00
max furman
af3cf7dae9
first steps
2021-05-19 15:20:16 -07:00
max furman
2f60f20b0b
lots of codes
2021-05-19 15:20:16 -07:00