smallstep-certificates

mirror of https://github.com/smallstep/certificates.git synced 2024-11-15 18:12:59 +00:00

Author	SHA1	Message	Date
Mariano Cano	8374c0d26e	Fix some more extra white spaces	2022-09-23 10:52:24 -07:00
Mariano Cano	965d59c0a8	Fix comment typos and extra white spaces	2022-09-23 10:50:44 -07:00
Mariano Cano	2eba5326db	Remove policy validation on renew	2022-09-22 12:17:16 -07:00
Mariano Cano	ccd93684c3	Remove unused variable	2022-09-22 11:54:21 -07:00
Mariano Cano	246566a195	Change way to get hasNameConstraints	2022-09-22 11:35:11 -07:00
Mariano Cano	b94c0d09be	Set up test properly	2022-09-22 11:07:28 -07:00
Mariano Cano	0214e015a0	Clarify comments by code review	2022-09-22 11:07:22 -07:00
Mariano Cano	23045e1812	Clarify comments by code review	2022-09-22 11:05:06 -07:00
max furman	4c7a2ce3eb	Fix errors.As linter warnings	2022-09-22 00:04:31 -07:00
Mariano Cano	15dc7901e5	Fix unit tests	2022-09-21 18:46:46 -07:00
Mariano Cano	d68c765e20	Add context to errors	2022-09-21 18:46:34 -07:00
Mariano Cano	72e2c4eb2e	Render proper policy and constrains errors	2022-09-21 18:35:18 -07:00
Mariano Cano	4b79405dac	Check constraints and policy for leaf certificates too	2022-09-21 15:54:28 -07:00
Mariano Cano	a6e85cbbf6	Fix linter errors	2022-09-21 14:56:15 -07:00
Mariano Cano	325d8bca4f	Merge branch 'master' into name-constraints	2022-09-21 13:29:44 -07:00
max furman	2d4efc8292	Fix linter warnings	2022-09-21 12:29:20 -07:00
max furman	75bb196193	Add concurrency workflow config \| fix broken test due to golang ver	2022-09-21 12:26:45 -07:00
max furman	120629edab	Do not use the templateError in the BadRequestErr	2022-09-20 23:07:16 -07:00
max furman	7c5e5b2b87	Even more linter fixes	2022-09-20 21:48:04 -07:00
max furman	f3d1863ec6	A few more linter errors	2022-09-20 21:01:55 -07:00
max furman	1e0ea6f958	more linting fixes	2022-09-20 19:05:12 -07:00
max furman	33458c88aa	Standardize linting file and fix or ignore lots of linting errors	2022-09-20 19:05:12 -07:00
Mariano Cano	f0a24bd8ca	Add acme property to enable challenges Fixes #1027	2022-09-20 19:01:53 -07:00
Mariano Cano	567d96c771	Revert "Run on plaintext HTTP to support Cloud Run" This reverts commit `09b9673a60`.	2022-09-20 18:57:46 -07:00
Mariano Cano	191d9e8629	Use go.step.sm/crypto to set the permanent identifier	2022-09-20 18:57:43 -07:00
Mariano Cano	debe565e42	Validate constraints on Sign and Renew/Rekey Fixes #1060	2022-09-20 18:52:47 -07:00
Mariano Cano	89b6aa924a	Normalize IPs in matchIPConstraint	2022-09-20 18:44:15 -07:00
Brandon Weeks	f3d2bd7a19	Run on plaintext HTTP to support Cloud Run	2022-09-20 16:43:30 -07:00
Herman Slatman	25cbe02b9e	Add provisioner template validation Fixes #1012	2022-09-20 16:40:25 -07:00
Max	2de7d3fcf0	Update authority/provisioner/claims.go Co-authored-by: Mariano Cano <mariano@smallstep.com>	2022-09-20 16:35:43 -07:00
max furman	ab0d2503ae	Standardize linting file and fix or ignore lots of linting errors	2022-09-20 16:35:41 -07:00
Mariano Cano	3f58f30b21	Name tests properly	2022-09-20 15:53:08 -07:00
Mariano Cano	75bff055fc	Add StatusCoder to ConstraintError	2022-09-20 14:45:47 -07:00
Mariano Cano	2959aa676d	Add helper ValidateCertificate	2022-09-20 13:12:34 -07:00
Mariano Cano	8b54e25f64	Allow nil engines	2022-09-20 12:33:03 -07:00
Mariano Cano	2a15e3eee1	Rename constraint.Service to constraint.Engine	2022-09-20 11:38:32 -07:00
Mariano Cano	45e594f98c	Make the constraint service public	2022-09-20 11:36:45 -07:00
Mariano Cano	7bea2f4d0e	Add more constraint unit tests	2022-09-20 11:33:36 -07:00
Mariano Cano	495494ce8f	Return a typed error	2022-09-20 10:36:44 -07:00
Mariano Cano	6686f0437d	Remove x509 prefixes	2022-09-20 10:23:51 -07:00
Mariano Cano	0263468424	Initial work on name constraints validation Issue #1060	2022-09-19 19:45:13 -07:00
Mariano Cano	34c6c65671	Pass attestation information to the Sign method Attestation information might be useful in authorizing webhooks	2022-09-16 12:37:41 -07:00
Mariano Cano	42102d88d5	Fix merge and add unit tests	2022-09-15 15:50:04 -07:00
Mariano Cano	ee7307bd41	Cherry-pick acme.go from `acdfdf3`	2022-09-15 14:45:14 -07:00
Mariano Cano	8fc4a58242	Fix nil pointer exception, missing error	2022-09-15 13:05:39 -07:00
Raal Goff	40baf73dff	remove incorrect check on revoked certificate dates, add mutex lock for generating CRLs,	2022-09-15 15:03:42 +08:00
Mariano Cano	4e19aa4c52	Add cache duration if crl is set	2022-09-14 12:21:52 -07:00
Mariano Cano	0829f37fe8	Define a default crl cache duration	2022-09-14 11:43:58 -07:00
Mariano Cano	4a4f7ca9ba	Fix panic if cacheDuration is not set	2022-09-14 11:16:47 -07:00
Mariano Cano	bb0210e875	Fix typo in linkedca variable	2022-09-09 14:34:32 -07:00
Mariano Cano	1e098aef5b	Fixes ACMEAttestationFormat comment	2022-09-09 10:57:32 -07:00
Mariano Cano	66407139e5	Add methods to convert attestation formats	2022-09-08 17:49:24 -07:00
Mariano Cano	ba42aaf865	Add attestationFormat property in the ACME provisioner	2022-09-08 17:16:50 -07:00
Mariano Cano	b2119e9f2c	Merge pull request #977 from smallstep/device-attestation Device attestation	2022-09-08 13:26:28 -07:00
Mariano Cano	fd4e96d1f4	Rename method to IsChallengeEnabled	2022-09-08 13:22:35 -07:00
Mariano Cano	c77b4ff9c5	Fix linter errors	2022-09-08 12:49:16 -07:00
Mariano Cano	59c5219a07	Use a type for acme challenges	2022-09-08 12:34:06 -07:00
Raal Goff	924082bb49	fix linter errors	2022-09-08 10:09:37 +08:00
Raal Goff	d2483f3a70	Merge branch 'master' into crl-support # Conflicts: # authority/config/config.go	2022-09-08 09:45:04 +08:00
Raal Goff	b89f210469	remove fail-email test and add ok-empty-email test	2022-09-07 07:45:27 +08:00
Mariano Cano	a2749ca8ed	Merge branch 'master' into device-attestation	2022-09-06 12:29:06 -07:00
Raal Goff	7a03c43fe2	allow missing Email claim in OIDC tokens, use subject when its missing	2022-09-05 12:43:32 +08:00
Mariano Cano	1938b1bb34	Merge branch 'master' into herman/fix-template-validation	2022-08-25 13:31:33 -07:00
Mariano Cano	1d1e024b84	Upgrade to go.step.sm/crypto v0.18.0	2022-08-25 12:40:31 -07:00
Mariano Cano	f1c63bc38d	Fix challenge mapping	2022-08-24 19:30:28 -07:00
Mariano Cano	df96b126dc	Add AuthorizeChallenge unit tests	2022-08-24 12:31:09 -07:00
Mariano Cano	bca311b05e	Add acme property to enable challenges Fixes #1027	2022-08-23 17:11:40 -07:00
Herman Slatman	6b7b989988	Add provisioner template validation Fixes #1012	2022-08-23 16:27:49 +02:00
Mariano Cano	693dc39481	Merge branch 'master' into device-attestation	2022-08-22 17:59:17 -07:00
Mariano Cano	b1e9d5ee86	Revert "Run on plaintext HTTP to support Cloud Run" This reverts commit `09b9673a60`.	2022-08-22 17:50:14 -07:00
Mariano Cano	23b8f45b37	Address gosec warnings Most if not all false positives	2022-08-18 17:46:20 -07:00
Mariano Cano	0c7467ceb2	Allow to automatically configure and linked RA	2022-08-16 14:39:02 -07:00
Mariano Cano	5e0be92273	Allow option to skip the validation of config	2022-08-16 14:04:04 -07:00
Mariano Cano	b62f4d1000	Add lgtm comments on some security warnings	2022-08-11 17:32:57 -07:00
Mariano Cano	a5439c43cd	Remove ciphersuites without Lucky13 countermeasures SHA-256 variants of the CBC ciphersuites don't implement any Lucky13 countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and https://www.imperialviolet.org/2013/02/04/luckythirteen.html.	2022-08-11 17:11:04 -07:00
Mariano Cano	8bd0174251	Rename field to IsCAServerCert	2022-08-11 15:14:26 -07:00
Mariano Cano	5df1694250	Add endpoint id for the RA certificate In a linked RA mode, send an endpoint id to group the server certificates.	2022-08-11 14:47:11 -07:00
Mariano Cano	eb091aec54	Simplify field names for ProvisionerInfo	2022-08-10 17:44:14 -07:00
Mariano Cano	21427d5d65	Replace instead of prepend provisioner extension With non standard SANs this will generate the SAN and provisioner extension in the same order.	2022-08-09 16:48:00 -07:00
Mariano Cano	369b8f81c3	Use go.step.sm/crypto/kms Fixes #975	2022-08-08 17:58:18 -07:00
Mariano Cano	e02a190fa7	Merge branch 'master' into device-attestation	2022-08-08 17:29:59 -07:00
Max	3e2729e391	Merge pull request #989 from smallstep/max/disable-ssh-hosts Add attribute to disable SSH Hosts list API	2022-08-08 14:15:35 -07:00
max furman	99c9155467	disableSSHHostsListAPI -> disableGetSSHHosts	2022-08-04 18:44:44 -07:00
Mariano Cano	64744562c6	Send RA provisioner to linkedca.	2022-08-03 18:44:25 -07:00
Mariano Cano	6b5d3dca95	Add provisioner name to RA info	2022-08-03 18:44:04 -07:00
Mariano Cano	a1f54921d2	Rename internal field	2022-08-03 12:07:45 -07:00
Mariano Cano	f9df8ac05f	Remove unused interface	2022-08-03 12:03:49 -07:00
Mariano Cano	9408d0f24b	Send RA provisioner information to the CA	2022-08-02 19:28:49 -07:00
max furman	fb7f57a8df	Add attribute to disable SSH Hosts list API	2022-07-27 23:30:00 -07:00
Raal Goff	60671b07d7	Merge branch 'master' into crl-support # Conflicts: # api/api.go # authority/config/config.go # cas/softcas/softcas.go # db/db.go	2022-07-13 08:52:58 +08:00
Brandon Weeks	09b9673a60	Run on plaintext HTTP to support Cloud Run	2022-06-23 05:19:36 +10:00
Shulhan	fe04f93d7f	all: reformat all go files with the next gofmt (Go 1.19) There are some changes that manually edited, for example using '-' as default list and grouping imports.	2022-06-16 01:28:59 +07:00
Mariano Cano	9c049eec5a	Add revoke ssh unit test	2022-05-25 17:10:07 -07:00
Mariano Cano	ce9a23a0f7	Fix SSH certificate revocation	2022-05-25 16:55:22 -07:00
Mariano Cano	911cec21da	Merge pull request #943 from smallstep/ssh-renew-provisioner Add provisioner to SSH renewals	2022-05-23 17:21:55 -07:00
Mariano Cano	94f5b92513	Use proper context in authority package	2022-05-23 15:31:43 -07:00
Mariano Cano	1be74eca62	Merge branch 'master' into ssh-renew-provisioner	2022-05-23 14:31:15 -07:00
Mariano Cano	26dd97e718	Merge branch 'master' into context-authority	2022-05-23 12:36:16 -07:00
Mariano Cano	6b3a8f22f3	Add provisioner to SSH renewals This commit allows to report the provisioner to the linkedca when a SSH certificate is renewed.	2022-05-20 14:41:44 -07:00
Mariano Cano	3c4d0412ef	Merge pull request #941 from smallstep/ssh-provisioner Report SSH provisioner	2022-05-20 12:24:30 -07:00

1 2 3 4 5 ...

1116 Commits