Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,822 Commits
47 Branches
215 Tags
44 MiB
dependabot/go_modules/github.com/fxamacker/cbor/v2-2.7.0
dependabot/go_modules/github.com/go-chi/chi/v5-5.0.14
dependabot/go_modules/google.golang.org/api-0.185.0
dependabot/github_actions/softprops/action-gh-release-2.0.6
root-not-found-error-message
relative-paths-config
master
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
dependabot/go_modules/github.com/google/go-tpm-0.9.1
wire-acme-extensions
mariano/init-provisioners
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4d48072746'
${ noResults }
Commit Graph

581 Commits (4d48072746864c44f44349f6f3d419a8a452af3f)

Author SHA1 Message Date
max furman 4d48072746 wip admin CRUD 3 years ago
max furman 98a6e54530 wip 3 years ago
max furman af3cf7dae9 first steps 3 years ago
max furman 2f60f20b0b lots of codes 3 years ago
max furman 7b5d6968a5 first commit 3 years ago
Cristian Le d7eec869c2 Fix the previous tests 3 years ago
Cristian Le c2d30f7260 gofmt everything 3 years ago
Cristian Le f38a72a62b Leftover from previous commit 3 years ago
Cristian Le 1d2445e1d8 Removed the variadic username 
Could be useful later on, but for the current PR changes should be minimized
 3 years ago
Cristian Le 9e00b82bdf Revert `oidc_test.go` 
Moving the `preferred_username` to a separate PR
 3 years ago
Cristian Le decf0fc8ce Revert using preferred_username 
It might present a security issue if the users can change this value for themselves. Needs further investigation
 3 years ago
Cristian Le 21732f213b Fix shadow issue in CI 3 years ago
Mariano Cano 08e5ec6ad1 Fix IsAdminGroup comment. 3 years ago
Mariano Cano 46c1dc80fb Use map[string]struct{} instead of map[string]bool 3 years ago
Mariano Cano aafac179a5 Add test for oidc with preferred usernames. 3 years ago
Cristian Le f730c0bec4 Sanitize usernames 3 years ago
Cristian Le 48666792c7 Draft: adding usernames to GetIdentityFunc 3 years ago
Cristian Le 79eec83f3e Rename and reformat to PreferredUsername 3 years ago
Cristian Le 09a21fef26 Implement #550 
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
 3 years ago
max furman 8c709fe3c2 Init config on load | Add wrapper for cli 3 years ago
Mariano Cano 2cbaee9c1d Allow to use an alternative interface to store renewed certs. 
This can be useful to know if a certificate has been renewed and
link one certificate with the 'parent'.
 3 years ago
Mariano Cano e6833ecee3 Add extension of db.AuthDB to store the fullchain. 
Add a temporary solution to allow an extension of an db.AuthDB
interface that logs the fullchain of certificates instead of just
the leaf.
 3 years ago
Max b724af30ad
Merge pull request #496 from smallstep/max/acme 
Convert to ACME DB interface
 3 years ago
Mariano Cano aea2a7c9f3 Update sshd_config.tpl to a Match all block. 
Fixes #479
 3 years ago
max furman 2ae43ef2dc [acme db interface] wip errors 3 years ago
Mariano Cano 0b8528ce6b Allow mTLS revocation without provisioner. 3 years ago
Mariano Cano bcf70206ac Add support for revocation using an extra provisioner in the RA. 3 years ago
Mariano Cano a6115e29c2 Add initial implementation of StepCAS. 
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
 3 years ago
Mariano Cano fbd2208044 Close key manager for safe reloads when a cgo module is used. 3 years ago
max furman 16665c97f0 Allow empty SAN in CSR for validation ... 
- The default template will always use the SANs from the token.
- If there are any SANs they must be validated against the token.
 3 years ago
Miclain Keffeler cf063d1f4a Revert "Begins to fix issue 87" 
This reverts commit e2ba4159c3.
 4 years ago
Miclain Keffeler 21dc406382 Begins to fix issue 87 4 years ago
Miclain Keffeler 7545b4a625 leverage intermediate_ca.crt for appending certs. 4 years ago
Mariano Cano 5017b7d21f Recalculate token id instead of validating it. 4 years ago
Mariano Cano 86c947babc Upgrade crypto and fix test. 4 years ago
Mariano Cano 0cf594a003 Validate payload ID. 
Related to #435
 4 years ago
Anton Lundin 3e6137110b Add support for using ssh-agent as a KMS 
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys
for issuing ssh certificates signed by a key managed by a ssh-agent. It
uses the golang.org/x/crypto package to get a native Go implementation
to talk to a ssh-agent.

This was primarly written to be able to use gpg-agent to provide the
keys stored in a YubiKeys openpgp interface, but can be used for other
setups like proxying a ssh-agent over network.

That way the signing key for ssh certificates can be kept in a
"sign-only" hsm.

This code was written for my employer Intinor AB, but for simplicity
sake gifted to me to contribute upstream.

Signed-off-by: Anton Lundin <glance@acc.umu.se>
 4 years ago
Mariano Cano 39b23c057d Add all AWS certificates used to verify base64 signatures. 4 years ago
Mariano Cano ef92a3a6d7 Move cas options under authority. 4 years ago
Mariano Cano 7d1686dc53 Add option to specify the AWS IID certificates to use. 
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.

Fixes #393
 4 years ago
Mariano Cano 647b9b4541
Merge pull request #367 from smallstep/cas 
Support for CAS Interface and CloudCAS
 4 years ago
Mariano Cano 3e0ab8fba7 Fix typo. 4 years ago
Mariano Cano d64427487d Add comment about the missing error check. 4 years ago
Mariano Cano 072adc906e Print root fingerprint for CloudCAS. 4 years ago
Mariano Cano 38fa780775 Add interface to get root certificate from CAS. 
This change makes easier the configuration of cloudCAS as it does
not require to configure the root or intermediate certificate
in the ca.json. CloudCAS will get the root certificate using
the configured certificateAuthority.
 4 years ago
Mariano Cano 4c8bf87dc1 Use new admin template for K8ssa and admin-OIDC provisioners. 
This change replaces the .Insecure.CR template to one that sets
all the SANs, but uses key usages and extended key usages for
regular TLS certificates.
 4 years ago
Mariano Cano d79b4e709e Create a hash of a token if a token id is empty. 4 years ago
Mariano Cano 60515d92c5 Remove unnecessary properties. 4 years ago
Mariano Cano 1550a21f68 Fix unit tests. 4 years ago
Mariano Cano e17ce39e3a Add support for Revoke using CAS. 4 years ago