Herman Slatman
f17bfdf57d
Reformat the SSH certificate logging output for read- and parsability
1 year ago
Herman Slatman
81140f859c
Fix `valid-from` and `valid-to` times
1 year ago
Herman Slatman
39e658b527
Add test for `LogSSHCertificate`
1 year ago
Herman Slatman
c365d8580e
Move provisioner marshaling logic to api package
2 years ago
Mariano Cano
c7f226bcec
Add support for renew when using stepcas
...
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.
The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.
Fixes #1021 for stepcas
2 years ago
Raal Goff
d2483f3a70
Merge branch 'master' into crl-support
...
# Conflicts:
# authority/config/config.go
2 years ago
Mariano Cano
23b8f45b37
Address gosec warnings
...
Most if not all false positives
2 years ago
Raal Goff
9fa5f46213
add minor doco, Test_CRLGeneration(), fix some issues from merge
2 years ago
Raal Goff
60671b07d7
Merge branch 'master' into crl-support
...
# Conflicts:
# api/api.go
# authority/config/config.go
# cas/softcas/softcas.go
# db/db.go
2 years ago
Mariano Cano
43ddcf2efe
Do not use deprecated AuthorizeSign
2 years ago
Mariano Cano
817af3d696
Fix unit tests on the api package
2 years ago
Raal Goff
49c41636cc
implemented some requested changes
3 years ago
Andrew Reed
d5d70baba7
Add /roots.pem handler ( #866 )
...
* Add /roots.pem handler
* Review changes
* Remove no peer cert test case
3 years ago
Panagiotis Siatras
29092b9d8a
api: refactored to use the read package
3 years ago
Mariano Cano
616490a9c6
Refactor renew after expiry token authorization
...
This changes adds a new authority method that authorizes the
renew after expiry tokens.
3 years ago
Mariano Cano
afb5d36206
Allow to renew certificates using an x5c-like token.
3 years ago
Herman Slatman
5fe9909174
Refactor AdminAuthority interface
3 years ago
Herman Slatman
2215a05c28
Add tests for ACME EAB Admin
...
Refactored some of the existing bits for testing the Authority
API by creation of a new LinkedAuthority interface and changing
visibility of the MockAuthority to be usable by other packages.
At this time, not all of the functions of MockAuthority it usable
yet. Will refactor when needed or requested.
3 years ago
Mariano Cano
8c8db0d4b7
Modify errs.BadRequestErr() to always return an error to the client.
3 years ago
Mariano Cano
8ce807a6cb
Modify errs.BadRequest() calls to always send an error to the client.
3 years ago
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
3 years ago
max furman
933b40a02a
Introduce gocritic linter and address warnings
3 years ago
max furman
9fdef64709
Admin level API for provisioner mgmt v1
3 years ago
Mariano Cano
c1c986922b
Show Ed25519 in the public-key log field.
3 years ago
max furman
f88f58440f
add //nolint for new 1.16 deprecation warnings
...
- dsa
- pem.DecryptPEMBlock
4 years ago
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
4 years ago
Mariano Cano
4943ae58d8
Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates.
4 years ago
Mariano Cano
e83e47a91e
Use sshutil and randutil from go.step.sm/crypto.
4 years ago
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
4 years ago
max furman
fd05f3249b
A few last fixes and tests added for rekey/renew ...
...
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
4 years ago
dharanikumar-s
dfda497929
Renamed RenewOrRekey to Rekey
4 years ago
dharanikumar-s
a3b5211e0f
gofmted the code
4 years ago
dharanikumar-s
954fda657b
Added renewOrRekey to mockAuthority. Added Test_caHandler_Rekey
4 years ago
Mariano Cano
fa416336a8
Add context to tests.
5 years ago
max furman
1cb8bb3ae1
Simplify statuscoder error generators.
5 years ago
max furman
dccbdf3a90
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
5 years ago
Mariano Cano
dedf6b17be
Addapt tests to the api change.
5 years ago
Mariano Cano
b179ad3662
Fix api tests.
5 years ago
Mariano Cano
8bf3bf701e
Add support for /ssh/bastion method.
5 years ago
Mariano Cano
0ae9bab21e
Fix api tests.
5 years ago
Mariano Cano
d880a98295
Add tests for ssh api methods.
5 years ago
Mariano Cano
d08db4df23
Rename SSH methods.
5 years ago
Mariano Cano
91130b9c3f
Add support for user data in templates.
5 years ago
Mariano Cano
a35988ff08
Add initial support for ssh config.
...
Related to smallstep/cli#170
5 years ago
Mariano Cano
961be1fbc7
Add endpoint to return the SSH public keys.
...
Related to smallstep/ca-component#195
5 years ago
Jozef Kralik
bc6074f596
Change api of functions Authority.Sign, Authority.Renew
...
Returns certificate chain instead of 2 members.
Implements #126
5 years ago
max furman
e3826dd1c3
Add ACME CA capabilities
5 years ago
max furman
61d52a8510
Small fixes associated with PR review
...
* additions and grammar edits to documentation
* clarification of error msgs
5 years ago
Mariano Cano
10e7b81b9f
Merge branch 'master' into ssh-ca
5 years ago
max furman
2b41faa9cf
Enforce >= 2048 bit rsa keys at the provisioner layer
...
* Fixes #94
* In the future this should be configurable by provisioner
5 years ago