smallstep-certificates

Commit Graph

Author	SHA1	Message	Date
Mariano Cano	d4627d1282	Make provisioner tests compile, they are still failing.	4 years ago
Mariano Cano	a8a6d0ada3	Fix indentation.	4 years ago
Mariano Cano	cf592fa0e1	Remove global check for number of k8sSA provisioners. This was causing a bug in the reload of the ca.	4 years ago
max furman	5788ac3f4f	sshpop token should not allow renew/rekey of user ssh certs	4 years ago
max furman	54e3cf7322	Add multiuse capability to k8ssa provisioners	4 years ago
max furman	29853ae016	sshpop provisioner + ssh renew \| revoke \| rekey first pass	4 years ago
max furman	c04f1e1bd4	sshpop first pass	4 years ago
max furman	5616386eed	Add SSH getHosts api	4 years ago
Mariano Cano	c7e4cc96a4	Change default user duration to 16h.	4 years ago
Mariano Cano	c729c5f925	Fix list of user ssh public keys.	4 years ago
Mariano Cano	ee22778264	Fix lint error.	4 years ago
Mariano Cano	8939caace4	Add tests for ssh authority methods.	4 years ago
Mariano Cano	4f06f3901e	Add some ssh related tests.	4 years ago
Mariano Cano	08850d5334	Add support for federated keys.	4 years ago
Mariano Cano	37f17213bb	Add initial support for check-host endpoint.	4 years ago
Mariano Cano	d08db4df23	Rename SSH methods.	4 years ago
Mariano Cano	b5bc249e1c	Add support for multiple ssh roots. Fixes #125	4 years ago
Mariano Cano	91130b9c3f	Add support for user data in templates.	4 years ago
Mariano Cano	a35988ff08	Add initial support for ssh config. Related to smallstep/cli#170	4 years ago
Mariano Cano	d4c47cf3e1	Fix tests.	4 years ago
Mariano Cano	961be1fbc7	Add endpoint to return the SSH public keys. Related to smallstep/ca-component#195	4 years ago
Mariano Cano	a197158426	Add initial implementation of ssh config.	4 years ago
Mariano Cano	69a1b68283	Merge branch 'ssh' into kms	4 years ago
max furman	92c48949d7	Remove test that is no longer implemented by the method.	5 years ago
max furman	1e5763031b	Add backdate validation to sshCertValidityValidator.	5 years ago
max furman	99e5bf4782	Remove all references to old apiError.	5 years ago
max furman	b265877050	Simplify statuscoder error generators.	5 years ago
max furman	c387b21808	Introduce generalized statusCoder errors and loads of ssh unit tests. * StatusCoder api errors that have friendly user messages. * Unit tests for SSH sign/renew/rekey/revoke across all provisioners.	5 years ago
Mariano Cano	9021951f1a	Fix types.	5 years ago
Mariano Cano	9641ab33b8	Use crypto.Signer instead of ssh.Signer in SSH options.	5 years ago
Mariano Cano	e98d7832b9	Add options to read the roots and federated roots from a bundle.	5 years ago
Mariano Cano	44eccc6bd8	Merge branch 'ssh' into kms	5 years ago
Mariano Cano	085ae82163	Remove the use of custom x509 package. Upgrade cli dependency.	5 years ago
Mariano Cano	c62526b39f	Add wip support for kms.	5 years ago
Mariano Cano	77af30bfa3	Remove debug statement.	5 years ago
Mariano Cano	f46dc03111	Add tests of profileLimitDuration with backdate.	5 years ago
Mariano Cano	165a91858e	Add tests for backdate and sshDefaultDuration	5 years ago
Mariano Cano	7e33aeb8d3	Add unit test for profileDefaultDuration.	5 years ago
Mariano Cano	f06db4099e	Add backdate support on ssh rekey.	5 years ago
Mariano Cano	935d0d4542	Add support for backdate to SSH certificates.	5 years ago
Mariano Cano	e67ccd9e3d	Add fault tolerance against clock skew accross system on TLS certificates.	5 years ago
max furman	f9ef5070f9	Move api errors to their own package and modify the typedef	5 years ago
Mariano Cano	6d6f496331	Allow no provisioners.	5 years ago
Mariano Cano	96b6989658	Addapt test to api change.	5 years ago
Max	1f42637ba1	Merge pull request #143 from smallstep/expired-cert Expired cert	5 years ago
max furman	1e17ec7d33	Use x5cInsecure token for /ssh/check-host endpoint	5 years ago
Mariano Cano	e841a86b48	Make sure to define the KeyID from the token if available.	5 years ago
Mariano Cano	8eeb82d0ce	Store renew certificate in the database.	5 years ago
Mariano Cano	50152391a3	Add leeway in identity not before.	5 years ago
max furman	55237d635c	Fix authority calling wrong revoke method	5 years ago
Mariano Cano	92d1db1616	Make test compilable.	5 years ago
Mariano Cano	5d35586402	Update template tests.	5 years ago
max furman	c2a3bcfab5	resolving merge	5 years ago
max furman	927784237d	Use an actual Hosts type when returning ssh hosts	5 years ago
Mariano Cano	7a06a60f88	Add missing version.go file.	5 years ago
Mariano Cano	2f18a26d4f	Add version endpoint.	5 years ago
max furman	35912cc906	change func def for getSSHHosts * continue to return all hosts if injection method not specified	5 years ago
Mariano Cano	3fda081e42	Add identity certificate in ssh response.	5 years ago
max furman	c407a9319b	Add getSSHHosts injection func	5 years ago
max furman	8b2105a8f9	Instrument getIdentity func for OIDC ssh provisioner	5 years ago
max furman	f25a2a43eb	remove printfs	5 years ago
max furman	6ca1df5081	Add WithGetIdentityFunc option and attr to authority * Add Identity type to provisioner	5 years ago
Mariano Cano	86a0558587	Add support for /ssh/bastion method.	5 years ago
Mariano Cano	8585b29711	Make test to compile, they still fail.	5 years ago
Mariano Cano	43b663e0c3	Move Option type to a new file.	5 years ago
Mariano Cano	be93c9e1f4	Add missing comment.	5 years ago
Mariano Cano	fcccb06696	Fix some provisioner tests	5 years ago
Mariano Cano	2cb6bd880b	Make audiences compatible with the old version.	5 years ago
Mariano Cano	efc2180c4a	Complete AuthDB interface.	5 years ago
Mariano Cano	a4fd76f1a8	Make provisioner tests compile, they are still failing.	5 years ago
Mariano Cano	0c3b9ebf45	Fix indentation.	5 years ago
Mariano Cano	69a7058ff0	Remove global check for number of k8sSA provisioners. This was causing a bug in the reload of the ca.	5 years ago
max furman	e679deddd7	sshpop token should not allow renew/rekey of user ssh certs	5 years ago
max furman	946094d2b7	Add multiuse capability to k8ssa provisioners	5 years ago
max furman	a9ea292bd4	sshpop provisioner + ssh renew \| revoke \| rekey first pass	5 years ago
max furman	b5f15531d8	sshpop first pass	5 years ago
max furman	64b69374fa	Add SSH getHosts api	5 years ago
Mariano Cano	cf2b9301c0	Change default user duration to 16h.	5 years ago
Mariano Cano	e5da24f269	Fix list of user ssh public keys.	5 years ago
Mariano Cano	91ccc3802c	Fix lint error.	5 years ago
Mariano Cano	c2e20c7877	Add tests for ssh authority methods.	5 years ago
Mariano Cano	40052a1824	Add some ssh related tests.	5 years ago
Mariano Cano	38d735be6e	Add support for federated keys.	5 years ago
Mariano Cano	3ee0dcec93	Add initial support for check-host endpoint.	5 years ago
Mariano Cano	a50d59338e	Rename SSH methods.	5 years ago
Mariano Cano	e84489775b	Add support for multiple ssh roots. Fixes #125	5 years ago
Mariano Cano	caa2174efc	Add support for user data in templates.	5 years ago
Mariano Cano	7b8bb6deb4	Add initial support for ssh config. Related to smallstep/cli#170	5 years ago
Mariano Cano	c6a5772356	Fix tests.	5 years ago
Mariano Cano	fe3149cf52	Add endpoint to return the SSH public keys. Related to smallstep/ca-component#195	5 years ago
Mariano Cano	dc6ffb7670	Add initial implementation of ssh config.	5 years ago
max furman	8f07ff6a39	Add kubernetes service account provisioner	5 years ago
Max	0a96062b76	Merge pull request #128 from jkralik/returnCertChain Change api of functions Authority.Sign, Authority.Renew	5 years ago
max furman	d368791606	Add x5c provisioner capabilities	5 years ago
Jozef Kralik	bc6074f596	Change api of functions Authority.Sign, Authority.Renew Returns certificate chain instead of 2 members. Implements #126	5 years ago
Mariano Cano	59526d3225	Merge pull request #105 from smallstep/okta-support Address support on OIDC provisioners	5 years ago
Mariano Cano	39b41b5e83	Merge pull request #107 from smallstep/ssh-valid-after Truncate to seconds ValidAfter	5 years ago
Mariano Cano	d59a5b222f	Truncate to seconds to avoid rounding up times. It can cause that certs are not valid yet, if they are used right away.	5 years ago
max furman	fe7973c060	wip	5 years ago
Mariano Cano	adc1d54b0d	Define valid after as 1m before now. It avoids errors with immediate use of cert.	5 years ago
Mariano Cano	72f1a61f06	Increase coverage.	5 years ago
Mariano Cano	b7045f27a9	Increase coverage.	5 years ago
Mariano Cano	a16b2125bc	Fix tests.	5 years ago
Mariano Cano	6c4abfabbb	Make /.well-known/openid-configuration optional	5 years ago
Mariano Cano	3527ee6940	Add support for listenAddress parameter if OIDC provisioners. Fixes smallstep/cli#150	5 years ago
max furman	44e864030d	Remove debug logging	5 years ago
max furman	e3826dd1c3	Add ACME CA capabilities	5 years ago
max furman	d204469280	Add a few more validity checks to default ssh cert validator	5 years ago
Mariano Cano	396b4222aa	Implement validator for ssh keys. Fixes #100	5 years ago
max furman	61d52a8510	Small fixes associated with PR review * additions and grammar edits to documentation * clarification of error msgs	5 years ago
Mariano Cano	10e7b81b9f	Merge branch 'master' into ssh-ca	5 years ago
max furman	ac234771c7	Remove unknown provisioner WARNning and leave TODO	5 years ago
max furman	ca8daf5f12	Update comment and warn	5 years ago
Mariano Cano	9200f11ed8	Skip unsupported provisioners.	5 years ago
Max	5dac2459c3	Merge pull request #96 from smallstep/max/2084 Enforce >= 2048 bit rsa keys in CSRs	5 years ago
max furman	d3e74a0d2e	switch from metalinter to golangci-lint	5 years ago
max furman	2b41faa9cf	Enforce >= 2048 bit rsa keys at the provisioner layer * Fixes #94 * In the future this should be configurable by provisioner	5 years ago
max furman	635c59ed24	Accept emails SANs	5 years ago
Mariano Cano	db4baa0487	Add tests for authority sign ssh methods.	5 years ago
Mariano Cano	34e1e3380a	Fix lint errors.	5 years ago
Mariano Cano	57a529cc1a	Allow to enable the SSH CA per provisioner	5 years ago
Mariano Cano	e71072d389	Add experimental support for provisioning users.	5 years ago
Mariano Cano	390aecca0b	Check for error creating signers.	5 years ago
Mariano Cano	004ea12212	Allow to use custom SSH user/host key files.	5 years ago
Mariano Cano	dc657565a7	Add SSH test for GCP.	5 years ago
Mariano Cano	7983aa8661	Add azure ssh tests.	5 years ago
Mariano Cano	2cac85a8c8	Add aws tests.	5 years ago
Mariano Cano	f8a71899fd	Add missing file.	5 years ago
Mariano Cano	d231bfb764	Update jwk and oidc tests.	5 years ago
Mariano Cano	a8f4ad1b8e	Set default SSH options if no user options are given.	5 years ago
Mariano Cano	c17375a10a	Create convenient method to mock the timeduration.	5 years ago
Mariano Cano	4c1a11c1bc	Add Unix method to TimeDuration.	5 years ago
Mariano Cano	b0240772da	Add tests for SSH certs with JWK provisioners.	5 years ago
Mariano Cano	780eeb5487	Remove debug print.	5 years ago
Mariano Cano	ad91842d06	Add test for SanitizeSSHUserPrincipal	5 years ago
Mariano Cano	f8cacc11b1	Fix tests.	5 years ago
Mariano Cano	b827a59e96	Add SSH host certificate support for GCP provisioner.	5 years ago
Mariano Cano	221d323b68	Fix containsAllMembers	5 years ago
Mariano Cano	18a285e847	Change azure ssh key id.	5 years ago
Mariano Cano	aef52e4334	Add support for SSH host certificates in azure.	5 years ago
Mariano Cano	7d670b20ea	Add support of ssh host certinficates in AWS provisioner.	5 years ago
Mariano Cano	7583f1c739	Do not require all principals, allow subgroups.	5 years ago
Mariano Cano	41b97372e6	Rename function to SanitizeSSHUserPrincipal	5 years ago
Mariano Cano	53f62f871c	Set not extensions to host certificates.	5 years ago
Mariano Cano	48c98dea2a	Make SanitizeSSHPrincipal a public function.	5 years ago
Mariano Cano	f01286bb48	Add support for SSH certificates to OIDC. Update the interface for all the provisioners.	5 years ago
Mariano Cano	7a64a84761	Pass the given context.	5 years ago
Mariano Cano	e1cd5ee8c3	Add context to the Authorize method. Fix tests.	5 years ago
Mariano Cano	2127d09ef3	Rename context type to apiCtx. It will conflict with the context package.	5 years ago
Mariano Cano	082ebda85b	Merge branch 'master' of github.com:smallstep/certificates into ssh-ca	5 years ago
Mariano Cano	d7221e15ac	Always marshal timeduration as a string	5 years ago
Mariano Cano	3ff410c695	fix ssh validity modifier	5 years ago
Mariano Cano	1c8f610ca9	Add initial implementation of an SSH CA using the JWK provisioner. Fixes smallstep/ca-component#187	5 years ago
Mariano Cano	f5beed3b96	Merge pull request #83 from matteo-s/oidc-groups Add option for checking group membership declared in JWT token	5 years ago
Mariano Cano	3e69194cc4	Fix lint error	5 years ago
Mariano Cano	900ab9cc12	Allow custom common names in cloud identity provisioners.	5 years ago
Mariano Cano	5f4217ca4c	Simplify abs, it performs even better.	5 years ago
Matteo Saloni	1919cfdff3	Add option for checking group membership declared in JWT token	5 years ago
Mariano Cano	e66272d6f0	Fix panic when max-age is set to zero. Fixes #81	5 years ago
Mariano Cano	578beec25d	Merge pull request #65 from smallstep/cloud-identities Cloud identities	5 years ago
Mariano Cano	8f8c862c04	Fix spelling errors.	5 years ago
Mariano Cano	b88a2f1373	Fix provisioner id in LoadByCertificate	5 years ago
Mariano Cano	37dff5124b	Fix audience tests. Fixes smallstep/step#156	5 years ago
Mariano Cano	2491593cdd	Add ca-url based audience for AWS tokens Fixes smallstep/step#156	5 years ago
Mariano Cano	4fa9e9333d	Add NewDuration constructor.	5 years ago
Mariano Cano	37f2096dff	Add Stringer interface to provisioner.Type. Add missing file.	5 years ago
Mariano Cano	6e4a09651a	Add comments with links to cloud docs.	5 years ago
Mariano Cano	536ec36b9e	Add support for instance age check in AWS. Fixes smallstep/step#164	5 years ago
Mariano Cano	c431538ff2	Add support for instance age check in GCP. Fixes smallstep/step#164	5 years ago
Mariano Cano	4cef086c00	Allow to use emails as service accounts on GCP Fixes smallstep/step#163	5 years ago
Mariano Cano	0a756ce9d0	Use on GCP audiences with the format https://<ca-url>#<provisioner-type>/<provisioner-name> Fixes smallstep/step#156	5 years ago
Mariano Cano	a54bf925eb	Add filtering by GCP Project ID. Fixes smallstep/step#155	5 years ago
Mariano Cano	54d0186d1f	Change condition to fail if the length is not the expected.	5 years ago
Mariano Cano	dbd3131068	Fix comments.	5 years ago
Mariano Cano	9f39cb5f2a	Add test.	5 years ago
Mariano Cano	fb6a1afd89	Fix typo.	5 years ago
Mariano Cano	3a1a4c5ea9	Do not allow reload with database configuration changes. Fixes #smallstep/ca-component#170	5 years ago
Mariano Cano	cf07c8f4c0	Fix typos.	5 years ago
Mariano Cano	54570095d4	Merge branch 'master' into cloud-identities	5 years ago
Mariano Cano	423d505d04	Replace subscriptions with resource groups.	5 years ago
Mariano Cano	32d2d6b75a	Remove debug code.	5 years ago
Mariano Cano	e0aaa1a577	Use tenant id in azures's provisioner x509 extension.	5 years ago
Mariano Cano	89eeada2a2	Add support for loading azure tokens by tenant id.	5 years ago
Mariano Cano	803d81d332	Improve azure unit tests.	5 years ago
Mariano Cano	4c5fec06bf	Require TenantID in azure, add some tests.	5 years ago
Mariano Cano	12937c6b75	Remove pkcs7 related variables and structs.	5 years ago
Mariano Cano	6412b1a79b	Add first version of Asure support. Fixes #69	5 years ago
max furman	81db527f12	NoopDB -> SimpleDB	5 years ago
max furman	b73fe8c157	Add used OTT to DB during authToken step	5 years ago
Mariano Cano	70196b2331	Add skeleton for the Azure provisioner. Related to #69	5 years ago
Mariano Cano	81bfd2c1cb	Add tests for AWS provisioner Fixes #68	5 years ago
Mariano Cano	f755fddc35	Fix lint errors.	5 years ago
Mariano Cano	b6a5ebcfc9	Move code to switch default.	5 years ago
Mariano Cano	a7f06c765d	Fix load of gcp and aws provisioner by certificate.	5 years ago
Mariano Cano	da93e40f90	Add constant for Azure type.	5 years ago
Mariano Cano	37e84aa535	Add DisableCustomSANs and DisableTrustOnFirstUse to GCP provisioner. Fixes #67	5 years ago
Mariano Cano	75ef5a2275	Add AWS provisioner. Fixes #68	5 years ago
Mariano Cano	5defd8289d	Add missing config in tests.	5 years ago
Mariano Cano	27c98806c0	Use GetTokenID.	5 years ago
Mariano Cano	2c68915b70	Fix comment.	5 years ago
Mariano Cano	fb6321fb2c	Use gcpConfig type to keep configuration urls. Fixes #67	5 years ago
Mariano Cano	7e53b28320	Disable revoke for GCP.	5 years ago
Mariano Cano	7727fa5665	Update GCP tests.	5 years ago
Mariano Cano	1ea4b0ad64	Add unit test for GCP provider	5 years ago
Mariano Cano	b4729cd670	Use JWKSet to get the GCP keys.	5 years ago
Mariano Cano	f794dbeb93	Add support for GCP identity tokens.	5 years ago
max furman	9977eff153	bump cli dep and fix text error msg	5 years ago
max furman	ff20d9f5af	Fix composite literal uses unkeyed field	5 years ago
max furman	ab4d569f36	Add /revoke API with interface db backend	5 years ago
Mariano Cano	1812c0619a	Update go-jose to 2.3.0. This is a dependency for smallstep/cli#105, it will be solved once square/go-jose#224 gets merged	5 years ago
Mariano Cano	04da00d716	Merge pull request #55 from smallstep/x509util-real-x509 Use standard x509 creating signed certificates	5 years ago
Mariano Cano	7b9e08bcfa	Fix comment.	5 years ago
Mariano Cano	64f2615864	Fix tests.	5 years ago
Mariano Cano	6d92ba75b9	Don't use pointer in TimeDuration.MarshalJSON	5 years ago
Mariano Cano	698058baa9	Add tests for TimeDuration.	5 years ago
Mariano Cano	00fed1c538	Add initial version of time duration support in sign requests.	5 years ago
Mariano Cano	8c8547bf65	Remove unnecessary parse and improve tests.	5 years ago
Mariano Cano	b9530909a4	Fix tests.	5 years ago
Mariano Cano	a3e2b4a552	Move certificate check to the right place.	5 years ago
Mariano Cano	30a6889d1f	Use standard x509 instead of step one.	5 years ago
Mariano Cano	68ff077ea9	Improve tests.	5 years ago
Mariano Cano	76618558ae	Improve unit tests.	5 years ago
Mariano Cano	7378ed27ac	Refactor claims so they can be totally omitted if only the parent is set.	5 years ago
Mariano Cano	5d5f03f963	Set omitempty to admins and domains.	5 years ago
Mariano Cano	8a05cdde52	Add audience in the error v2	5 years ago
Mariano Cano	f8fba4df6b	Add audience in error.	5 years ago
Mariano Cano	60880d1f0a	Add domains and check emails properly.	5 years ago
Mariano Cano	5edbce017f	Set docs for client secret as mandatory, but it can be blank.	5 years ago
Mariano Cano	2c0c0112c6	Add an optional client secret field.	5 years ago
Mariano Cano	945a1371f1	Fix tests.	5 years ago
Mariano Cano	0b4cde1ad3	Move type to the first position of the struct.	5 years ago
Mariano Cano	23e6de57a2	Address comments in code review.	5 years ago
Mariano Cano	07cdc1021c	Use OIDC nonce as the reuse key.	5 years ago
Mariano Cano	7fd737cbb1	Fix lint warnings.	5 years ago
Mariano Cano	1f5ff5c899	Fix sign and renew tests.	5 years ago
Mariano Cano	2fb77b8a4d	Truncate to seconds the startTime to simplify tests.	5 years ago
Mariano Cano	1a9e8bad74	Truncate to seconds instead of rounding.	5 years ago
Mariano Cano	b77621675c	Fix and simplify authorize tests.	5 years ago
Mariano Cano	ef4d809ee6	Move matchesAudience and stripPort tests to provisioner package.	5 years ago
Mariano Cano	636d92b19b	Add missing files.	5 years ago
Mariano Cano	a8d03c39bb	Move Duration to a new file and move tests to provisioner package.	5 years ago
Mariano Cano	c24d868d9d	Add tests for sign options.	5 years ago
Mariano Cano	5dfcbcf5dc	Add noop tests.	5 years ago
Mariano Cano	4ceb88fbae	Add tests for OIDC and complete some JWK tests.	5 years ago
Mariano Cano	dce3100cfb	Add missing time in validation.	5 years ago
Mariano Cano	fb279c89fb	Restore deleted methods.	5 years ago
Mariano Cano	955405d6aa	Add some comments added to master.	5 years ago
Mariano Cano	af9688c419	Fix some testing errors.	5 years ago
Mariano Cano	f17d2d9694	Remove debug statements.	5 years ago
Mariano Cano	67c79fd014	Add tests for default provisioner.	5 years ago
Mariano Cano	cf2dba3efb	Add tests for keyStore.	5 years ago
Mariano Cano	2a5430fee1	Complete tests for collection.	5 years ago
Mariano Cano	54d86ca1c1	testing work in progress.	5 years ago
Mariano Cano	9f7f871f25	Add noop provisioner and use it if a provisioner cannot been found from a cert.	5 years ago
Mariano Cano	47817ab212	Fix interface type.	5 years ago
Mariano Cano	cc8764c343	Initialize the list for backward compatibility.	5 years ago
Mariano Cano	c0ef6f8dc5	Add missing modifier and change return codes.	5 years ago
Mariano Cano	a97ea87caa	Move options to provisioner so we can set the duration of the cert.	5 years ago
Mariano Cano	507fd01062	Remove provisioner intermediate type.	5 years ago
Mariano Cano	1671ab2590	Fix some tests.	5 years ago
Mariano Cano	d92a7f2948	Rename provisioner to jwk.	5 years ago
Mariano Cano	a1782733fe	Rename files.	5 years ago
Mariano Cano	2d00cd0933	Validate audiences in the default provisioner.	5 years ago
Mariano Cano	33c1449360	Remove deprecated file.	5 years ago
Mariano Cano	57b705f6cf	Use provisioner sign options.	5 years ago
Mariano Cano	9d4034fbf6	Remove unused code.	5 years ago
Mariano Cano	6d395f3818	Add missing validy validator to oidc.	5 years ago
Mariano Cano	602a42813c	Re-enable replay protection for JWK provisioner.	5 years ago
Mariano Cano	ab1cca03d7	Use new provisioners in authorize methods.	5 years ago
Mariano Cano	54ed49f072	Rename package.	5 years ago
Mariano Cano	c776ca3bd6	Use provisioner.Collection to store and request the provisioners.	5 years ago
Mariano Cano	34833d4fd5	Add validators from the authority package.	5 years ago
Mariano Cano	0dee841a4f	Complete first version of provisioner implementations.	5 years ago
Mariano Cano	7eb6eb1d3e	Complete provisioner.Claims with methods from authority.	5 years ago
Mariano Cano	fb77397fc7	Add new options to locate or list provisioners.	5 years ago
Mariano Cano	34ff388828	Use new types in config.	5 years ago
Mariano Cano	62dab7b6b8	Rename interface method.	5 years ago
Mariano Cano	5a8f78d9d0	Add support to collection to load the encrypted keys.	5 years ago
Mariano Cano	dd0376657c	Move collection to a new file.	5 years ago
Mariano Cano	4b2b6ffe32	Create the provisioner type used to englobe all different provisioners.	5 years ago
Mariano Cano	bed3132028	Move provisioner to authority/provisioner package.	5 years ago
Mariano Cano	fc0b2ca5a6	Revert "Move provisioners to authority/provisioner package." This reverts commit `f88d622a67`.	5 years ago
Mariano Cano	f88d622a67	Move provisioners to authority/provisioner package.	5 years ago
Mariano Cano	a2a45f635b	Add initial implementation of an OIDC provisioner.	5 years ago
max furman	229e5908b7	Added test for different authority key id after renew Also ran dep ensure.	5 years ago
Mariano Cano	d78febec7a	Fix extensions copy on renew Fixes #36	5 years ago
max furman	7e43402575	bug fix: don't add common name to CSR validation claims in Sign * added unit test for this case	5 years ago
max furman	3415a1fef8	move SplitSANs to cli	5 years ago
max furman	6937bfea7b	claims.SANS -> claims.SANs	5 years ago
max furman	93f39c64a0	backwards compat only when SANS empty	5 years ago
max furman	fe8c8614b2	SANS backwards compat when token missing sujbect SAN	5 years ago
max furman	e6e8443f3c	allow multiple identical SANs in cert	5 years ago
max furman	f0683c2e0a	Enable signing certificates with custom SANs * validate against SANs in token. must be 1:1 equivalent.	5 years ago
Derrick Lyndon Pallas	7a5c4a1112	authority/provisioners: fix overflow on 32-bit systems In Go, len returns signed ints, not unsigned ints; consequently, this code comparison overflows on 32-bit systems, like ARM.	6 years ago
max furman	2c72ada610	remove dead code	6 years ago
max furman	6dc89f46d8	make Duration public	6 years ago
max furman	0615f7eb11	don't wrap time.Duration	6 years ago
max furman	4b742042ee	make Duration wrapper publicly accessible	6 years ago
Mariano Cano	e8ac3f4888	Add comment to differentiate GetRootCertificates and GetRoots.	6 years ago
Mariano Cano	6e620073f5	Rename method Empties to HasEmpties	6 years ago

... 4 5 6 7 8 ...

582 Commits (5d09d04d144bddd56c9d6490a929fedaf8c0d5a1)