Mariano Cano
4a4f7ca9ba
Fix panic if cacheDuration is not set
2 years ago
Raal Goff
924082bb49
fix linter errors
2 years ago
Raal Goff
d2483f3a70
Merge branch 'master' into crl-support
...
# Conflicts:
# authority/config/config.go
2 years ago
Raal Goff
b89f210469
remove fail-email test and add ok-empty-email test
2 years ago
Raal Goff
7a03c43fe2
allow missing Email claim in OIDC tokens, use subject when its missing
2 years ago
Mariano Cano
1938b1bb34
Merge branch 'master' into herman/fix-template-validation
2 years ago
Mariano Cano
1d1e024b84
Upgrade to go.step.sm/crypto v0.18.0
2 years ago
Herman Slatman
6b7b989988
Add provisioner template validation
...
Fixes #1012
2 years ago
Mariano Cano
23b8f45b37
Address gosec warnings
...
Most if not all false positives
2 years ago
Mariano Cano
0c7467ceb2
Allow to automatically configure and linked RA
2 years ago
Mariano Cano
5e0be92273
Allow option to skip the validation of config
2 years ago
Mariano Cano
b62f4d1000
Add lgtm comments on some security warnings
2 years ago
Mariano Cano
a5439c43cd
Remove ciphersuites without Lucky13 countermeasures
...
SHA-256 variants of the CBC ciphersuites don't implement any Lucky13
countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and
https://www.imperialviolet.org/2013/02/04/luckythirteen.html .
2 years ago
Mariano Cano
8bd0174251
Rename field to IsCAServerCert
2 years ago
Mariano Cano
5df1694250
Add endpoint id for the RA certificate
...
In a linked RA mode, send an endpoint id to group the server
certificates.
2 years ago
Mariano Cano
eb091aec54
Simplify field names for ProvisionerInfo
2 years ago
Mariano Cano
369b8f81c3
Use go.step.sm/crypto/kms
...
Fixes #975
2 years ago
Max
3e2729e391
Merge pull request #989 from smallstep/max/disable-ssh-hosts
...
Add attribute to disable SSH Hosts list API
2 years ago
max furman
99c9155467
disableSSHHostsListAPI -> disableGetSSHHosts
2 years ago
Mariano Cano
64744562c6
Send RA provisioner to linkedca.
2 years ago
Mariano Cano
6b5d3dca95
Add provisioner name to RA info
2 years ago
Mariano Cano
a1f54921d2
Rename internal field
2 years ago
Mariano Cano
f9df8ac05f
Remove unused interface
2 years ago
Mariano Cano
9408d0f24b
Send RA provisioner information to the CA
2 years ago
max furman
fb7f57a8df
Add attribute to disable SSH Hosts list API
2 years ago
Raal Goff
60671b07d7
Merge branch 'master' into crl-support
...
# Conflicts:
# api/api.go
# authority/config/config.go
# cas/softcas/softcas.go
# db/db.go
2 years ago
Shulhan
fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19)
...
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
2 years ago
Mariano Cano
9c049eec5a
Add revoke ssh unit test
2 years ago
Mariano Cano
ce9a23a0f7
Fix SSH certificate revocation
2 years ago
Mariano Cano
911cec21da
Merge pull request #943 from smallstep/ssh-renew-provisioner
...
Add provisioner to SSH renewals
2 years ago
Mariano Cano
94f5b92513
Use proper context in authority package
2 years ago
Mariano Cano
1be74eca62
Merge branch 'master' into ssh-renew-provisioner
2 years ago
Mariano Cano
26dd97e718
Merge branch 'master' into context-authority
2 years ago
Mariano Cano
6b3a8f22f3
Add provisioner to SSH renewals
...
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
2 years ago
Mariano Cano
3c4d0412ef
Merge pull request #941 from smallstep/ssh-provisioner
...
Report SSH provisioner
2 years ago
Max
f8148071fb
Merge pull request #915 from smallstep/max/removing-beta
...
exposing authority configuration for provisioner cli commands
2 years ago
max furman
5443aa073a
gofmt -s
2 years ago
Max
586e4fd3b5
Update authority/options.go
...
Co-authored-by: Mariano Cano <mariano@smallstep.com>
2 years ago
Mariano Cano
dd985ce154
Clarify errors when sending renewed certificates
2 years ago
Mariano Cano
a627f21440
Fix AuthorizeSSHSign tests with extra SignOption
2 years ago
Mariano Cano
e7d7eb1a94
Add provisioner as a signOption for SSH
2 years ago
Mariano Cano
293586079a
Store provisioner with SignSSH
...
This change also allows to store the old certificate on renewal on
linkedca or if the db interface supports it.
2 years ago
Mariano Cano
c8d7ad7ab9
Fix store certificates methods with new interface
2 years ago
Mariano Cano
de99c3cac0
Report provisioner and parent on linkedca
2 years ago
Herman Slatman
479eda7339
Improve error message when client renews with expired certificate
...
When a client provides an expired certificate and `AllowAfterExpiry`
is not enabled, the client would get a rather generic error with
instructions to view the CA logs. Viewing the CA logs can be done
when running `step-ca`, but they can't be accessed easily in the
hosted solution.
This commit returns a slightly more informational message to the
client in this specific situation.
2 years ago
max furman
bfb406bf70
Fixes for PR review
2 years ago
Mariano Cano
898ca41268
Merge branch 'master' into context-authority
2 years ago
Herman Slatman
c695b23e24
Fix check for admin not belonging to policy
2 years ago
max furman
25b8d196d8
Couple changes in response to PR
...
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
admins when not using Admin API
2 years ago
Mariano Cano
8942422973
Add GetID() and add authority to initial context
2 years ago