Commit Graph

1212 Commits (3ba1fbd881314b1f6a56fa347c10e997028477d9)
 

Author SHA1 Message Date
max furman 99e5bf4782 Remove all references to old apiError. 5 years ago
max furman b265877050 Simplify statuscoder error generators. 5 years ago
max furman c387b21808 Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
5 years ago
Mariano Cano fa8116497c Make Signer public and add contructor NewCloudKMS. 5 years ago
Mariano Cano 5d5ee68d88 Make GCP client public to facilitate extensibility. 5 years ago
Mariano Cano dff498f17f Add tests for cloudkms. 5 years ago
Mariano Cano 264179cda3 Add tests for kms and kms/apiv1 packages. 5 years ago
Mariano Cano c250c6ad91 Add unit tests for softkms. 5 years ago
Mariano Cano a773977a81 Fix interface change. 5 years ago
Mariano Cano 927a3b3a86 Return crypto.PublicKey on kms.GetPublicKey. 5 years ago
Mariano Cano ec2046bba8 Add grpc dependency. 5 years ago
Mariano Cano 9021951f1a Fix types. 5 years ago
Mariano Cano a9c2db8f98 Add close method and fix types in softkms. 5 years ago
Mariano Cano a3128a26bb Add Close method to the key manager interface. 5 years ago
Mariano Cano e60beeb7fc Make cloudkms more robust.
* Automatically create key rings if needed.
* User CryptoKeyVersions if needed.
* Add support to close the client.
* Add new pareters to CreateKey responses to make things easier.
5 years ago
Mariano Cano 3f8de17a40 Cleanup types and add initial support for the options required for PKCS11. 5 years ago
Mariano Cano 9641ab33b8 Use crypto.Signer instead of ssh.Signer in SSH options. 5 years ago
Mariano Cano e98d7832b9 Add options to read the roots and federated roots from a bundle. 5 years ago
Mariano Cano 44eccc6bd8 Merge branch 'ssh' into kms 5 years ago
Mariano Cano 3ce267cdd6 Upgrade smallste/cli 5 years ago
Mariano Cano ab1807d6a0 Use release v1.19.1 of golangci-lint
See https://github.com/golangci/golangci-lint/issues/885
5 years ago
Mariano Cano 3cbf30b555 Upgrade golangci-lint to v1.22.2 5 years ago
Mariano Cano 085ae82163 Remove the use of custom x509 package.
Upgrade cli dependency.
5 years ago
Mariano Cano 995375013d Update dependencies for kms support. 5 years ago
Mariano Cano c62526b39f Add wip support for kms. 5 years ago
Mariano Cano d13754166a Add support for cloudkms and softkms. 5 years ago
Mariano Cano 8a10c5032f
Merge pull request #150 from smallstep/backdate
Add backdate support to the x509 and SSH certificates.
5 years ago
Mariano Cano 77af30bfa3 Remove debug statement. 5 years ago
Mariano Cano f46dc03111 Add tests of profileLimitDuration with backdate. 5 years ago
Mariano Cano 165a91858e Add tests for backdate and sshDefaultDuration 5 years ago
Mariano Cano 7e33aeb8d3 Add unit test for profileDefaultDuration. 5 years ago
Mariano Cano f06db4099e Add backdate support on ssh rekey. 5 years ago
Mariano Cano 935d0d4542 Add support for backdate to SSH certificates. 5 years ago
Mariano Cano 64e0a2ca6f Disable backdata on ca tests. 5 years ago
Mariano Cano 76c14560b0 Use errs package for HTTP errors. 5 years ago
Mariano Cano 50717b3ffa Update assert package. 5 years ago
Mariano Cano e67ccd9e3d Add fault tolerance against clock skew accross system on TLS certificates. 5 years ago
max furman 967e86a48b Simplify trimming *. prefix of domain in acme dns validation. 5 years ago
Max 37d33968f1
Merge pull request #146 from anxolerd/normalize-wildcard
Perform domain normalization for wildcard domains
5 years ago
Oleksandr Kovalchuk ec8ff0bced
Add testcase which ensures we pass correct domain to lookupTxt
Make sure we do not pass domains with asterisk (wildcard) in the middle,
like _acme-challenge.*.example.com to lookupTxt function, but preprocess
domain and remove leading wildcard so we lookup for
_acme-challenge.example.com.
5 years ago
Oleksandr Kovalchuk 46832bb9b3
Remove superflurous Printf statement
The statement was used for debug purposes and should not be included in
the final build
5 years ago
Oleksandr Kovalchuk a995cca418
Perform domain normalization for wildcard domains
Perform domain normalization for wildcard domains, so we do query
TXT records for _acme-challenge.example.domain instead of
_acme-challenge.*.example.domain when performing DNS-01 challenge. In
this way the behavior is consistent with letsencrypt and records queried
are in sync with the ones that are shown in certbot manual mode.
5 years ago
Mariano Cano 1fa35491ea Update cli dependency. 5 years ago
Mariano Cano eeabf5ba4c Fix tests. 5 years ago
Mariano Cano a6deea7d8d Renew identity certificate in /ssh/rekey and /ssh/renew 5 years ago
Mariano Cano 0b5d37b284 Add method to just write the identity certificate. 5 years ago
Mariano Cano 839fe6b952 Add method to renew the identity. 5 years ago
max furman aa58940582 Should be returning nil from applyIdentity if cert expired. 5 years ago
max furman 6200aeaad0 cli dep update 5 years ago
Max bd6eca6342
Merge pull request #145 from smallstep/err 5 years ago