Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-10-31 03:20:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,874 Commits 37 Branches 223 Tags 44 MiB
5fd70af2c8
Commit Graph

1170 Commits

Author SHA1 Message Date
Herman Slatman
5fd70af2c8
Make API responses aware of the new SCEP decrypter properties 2023-09-22 11:38:03 +02:00
Herman Slatman
3ade92f8d5
Support both a decrypter key URI as well as PEM 2023-09-22 11:10:22 +02:00
Herman Slatman
a3c9dd796a
Merge branch 'herman/scep-provisioner-decrypter' of github.com:smallstep/certificates into herman/scep-provisioner-decrypter 2023-09-21 09:55:18 +02:00
Herman Slatman
69a53eec33
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-09-21 09:55:07 +02:00
Max
b7c4ed26fb
Use provisioner name in error message (#1524) 2023-09-07 15:06:46 -07:00
Herman Slatman
33e661ce7d
Add a dummy CSR to SCEP request body tests 2023-09-07 20:37:29 +02:00
Herman Slatman
36f1dd70bf
Add CSR to SCEPCHALLENGE webhook request body 2023-09-07 14:11:53 +02:00
Herman Slatman
98d015b5c3
Fix linting issues 2023-09-04 15:36:37 +02:00
Herman Slatman
d9f56cdbdc
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-09-04 15:24:19 +02:00
Herman Slatman
9d3b78ae49
Add excludeIntermediate to SCEP provisioner 2023-09-04 14:55:27 +02:00
Max
e22166c628
provisionerOptionsToLinkedCA missing template and templateData (#1520) 2023-08-29 17:26:02 -07:00
Max
116ff8ed65
bump go.mod to go1.20 and associated linter fixes (#1518) 2023-08-29 11:52:13 -07:00
Remi Vichery
82b8e16d7f
Add all AWS identity document certificates 
* move to use embed instead of a multi-line string
* add test to ensure all certificates are valid
* add test to ensure validity (no expired certificate)
 2023-08-17 10:37:53 -07:00
Herman Slatman
e182c620c8
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-08-04 22:50:37 +02:00
Herman Slatman
645b6ffc18
Ensure no prompt is fired for loading provisioner decrypter 2023-08-04 22:50:22 +02:00
Mariano Cano
30ce9e65f7
Write configuration only if encoding succeeds 
This commit fixes a problem when the ca.json is truncated if the
encoding of the configuration fails. This can happen by adding a new
provisioner with bad template data.

Related to smallstep/cli#994
 2023-08-03 17:54:49 -07:00
Herman Slatman
e2e9bf5494
Clarify some SCEP properties 2023-08-04 01:55:52 +02:00
Herman Slatman
c0a1837cd9
Verify full decrypter/signer configuration at usage time 
When changing the SCEP configuration it is possible that one
or both of the decrypter configurations required are not available
or have been provided in a way that's not usable for actual SCEP
requests.

Instead of failing hard when provisioners are loaded,
which could result in the CA not starting properly, this type of
problematic configuration errors will now be handled at usage
time instead.
 2023-08-03 16:09:51 +02:00
Herman Slatman
fc1fb51854
Improve SCEP authority initialization and reload 2023-08-02 18:35:38 +02:00
Herman Slatman
569a1be12c
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-08-02 15:45:45 +02:00
Mariano Cano
cce7d9e839
Address comments from code review 2023-07-27 15:05:04 -07:00
Mariano Cano
c7c7decd5e
Add support for the disableSmallstepExtensions claim 
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.

Fixes #620
 2023-07-27 15:05:01 -07:00
Herman Slatman
1ce80cf740
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-07-27 01:03:26 +02:00
Herman Slatman
567fc25404
Use the RSA decryption configuration for signing responses too 2023-07-27 00:55:39 +02:00
Mariano Cano
7061147885
Use step.Abs to load the certificate templates 
step.Abs has been removed from crypto and they need to be set when those
methods are used
 2023-07-26 15:44:02 -07:00
Herman Slatman
557672bb4b
Add some notes for SCEP provisioners 2023-07-26 19:11:51 +02:00
Mariano Cano
95887ebf40
Merge pull request #1481 from smallstep/remove-user-regex 
Remove OIDC user regexp check
 2023-07-25 10:56:13 -07:00
Josh Drake
ff424fa944
Fix tests. 2023-07-24 15:27:49 -05:00
Josh Drake
904f416d20
Include authorization principal in provisioner webhooks. 2023-07-24 00:30:05 -05:00
Mariano Cano
5bfe96d8c7
Send X5C leaf certificate to webhooks 
This commit adds a new property that will be sent to authorizing and
enriching webhooks when signing certificates using the X5C provisioner.
 2023-07-20 13:03:45 -07:00
Mariano Cano
7fa97bedec
Remove OIDC user regexp check 
This commit removes the regular expression check on OIDC usernames.
Although it is not recommended to use any character in a username,
it is possible to create and use them. The tool useradd has the flag
--badname and adduser has --allow-badname and --allow-all-names to
create new users with any character.

Moreover, it is possible to create any username with the rest of
provisioners.

Fixes #1436
 2023-07-19 11:05:01 -07:00
Herman Slatman
b2bf2c330b
Simplify SCEP provisioner context handling 2023-06-01 16:22:00 +02:00
Herman Slatman
8fc3a46387
Refactor the SCEP authority initialization 
Instead of relying on an intermediate `scep.Service` struct,
initialize the `scep.Authority` directly. This removes one redundant
layer of indirection.
 2023-06-01 15:50:51 +02:00
Herman Slatman
6985b4be62
Clean up the SCEP authority and provisioner 2023-06-01 14:43:32 +02:00
Herman Slatman
a1f187e3df
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-06-01 12:12:12 +02:00
Herman Slatman
180162bd6a
Refactor SCEP provisioner and decrypter 2023-06-01 12:10:54 +02:00
Herman Slatman
0377fe559b
Add basic version of provisioner specific SCEP decrypter 2023-05-26 23:52:49 +02:00
Mariano Cano
71fcdf8a0a
Fix linter errors from #1404 2023-05-25 16:55:00 -07:00
Ruslan Nugmanov
1031324273
add AWS public certificates for me-central-1 and ap-southeast-3 
As per https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-signature.html
 2023-05-25 13:47:13 +01:00
max furman
8b256f0351
address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Herman Slatman
8c53dc9029
Use require.NoError where appropriate in provisioner tests 2023-05-04 11:44:22 +02:00
Herman Slatman
0153ff4377
Remove superfluous GetChallengePassword 2023-05-04 11:43:57 +02:00
Herman Slatman
f9ec62f46c
Merge branch 'master' into herman/improve-scep-marshaling 2023-05-04 10:47:53 +02:00
Herman Slatman
c73f157ea4
Remove unused error from challenge validation controller creator 2023-05-02 00:52:11 +02:00
Herman Slatman
4bb88adf63
Move SCEP checks after reload of provisioners in CA initialization 2023-05-01 23:59:48 +02:00
Herman Slatman
e8c1e8719d
Refactor SCEP webhook validation 2023-05-01 22:09:42 +02:00
Herman Slatman
ad4d8e6c68
Add SCEPCHALLENGE as valid webhook type in admin API 2023-04-29 01:40:03 +02:00
Herman Slatman
419478d1e5
Make SCEP webhook validation look better 2023-04-29 01:15:39 +02:00
Herman Slatman
dfc56f21b8
Merge branch 'master' into herman/acme-da-tpm 2023-04-03 22:22:53 +02:00
Mariano Cano
ac35f3489c
Remove unused certificate validators and modifiers 
With the introduction of certificate templates some certificate
validators and modifiers are not used anymore. This commit deletes the
ones that are not used.
 2023-03-31 14:54:49 -07:00