Mariano Cano
b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3
10 months ago
Mariano Cano
49045a1150
Change CommonName validator in JWK
...
This commit changes the common name validator in the JWK provisioner to
accept either the token subject or any of the sans in the token.
12 months ago
Max
9f84f7ce35
Allow for identity certificate signing (in sshSign) by skipping validators ( #1572 )
...
- skip urisValidator for identity certificate signing. Implemented
by building the validator with the context in a hacky way.
1 year ago
Andrew Reed
7101fbb0ee
Provisioner webhooks ( #1001 )
2 years ago
max furman
4c7a2ce3eb
Fix errors.As linter warnings
2 years ago
max furman
7c5e5b2b87
Even more linter fixes
2 years ago
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2 years ago
Mariano Cano
23b8f45b37
Address gosec warnings
...
Most if not all false positives
2 years ago
Herman Slatman
9797b3350e
Merge branch 'master' into herman/allow-deny
3 years ago
Mariano Cano
b7e11da480
Merge branch 'master' into feat/linkedra
3 years ago
Herman Slatman
2fbdf7d5b0
Merge branch 'master' into herman/allow-deny
3 years ago
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages ( #860 )
...
* api/render: initial implementation of the package
* acme/api: refactored to support api/render
* authority/admin: refactored to support api/render
* ca: refactored to support api/render
* api: refactored to support api/render
* api/render: implemented Error
* api: refactored to support api/render.Error
* acme/api: refactored to support api/render.Error
* authority/admin: refactored to support api/render.Error
* ca: refactored to support api/render.Error
* ca: fixed broken tests
* api/render, api/log: moved error logging to this package
* acme: refactored Error so that it implements render.RenderableError
* authority/admin: refactored Error so that it implements render.RenderableError
* api/render: implemented RenderableError
* api/render: added test coverage for Error
* api/render: implemented statusCodeFromError
* api: refactored RootsPEM to work with render.Error
* acme, authority/admin: fixed pointer receiver name for consistency
* api/render, errs: moved StatusCoder & StackTracer to the render package
3 years ago
Mariano Cano
6851842841
Fix unit tests.
3 years ago
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
3 years ago
Mariano Cano
4690fa64ed
Add public methods to retrieve the provisioner extensions.
3 years ago
Mariano Cano
389815642d
Fix tests: certs are truncated to seconds.
3 years ago
Mariano Cano
259e95947c
Add support for the provisioner controller
...
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
3 years ago
Herman Slatman
9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine
3 years ago
max furman
9fdef64709
Admin level API for provisioner mgmt v1
3 years ago
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
4 years ago
Mariano Cano
413af88aad
Fix provisioning tests.
4 years ago
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
4 years ago
Mariano Cano
0c8376a7f6
Fix existing unit tests.
4 years ago
max furman
71d87b4e61
wip
4 years ago
max furman
1cb8bb3ae1
Simplify statuscoder error generators.
5 years ago
max furman
dccbdf3a90
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
5 years ago
Mariano Cano
7db7b1ee4c
Fix some provisioner tests
5 years ago
Mariano Cano
d4627d1282
Make provisioner tests compile, they are still failing.
5 years ago
max furman
d368791606
Add x5c provisioner capabilities
5 years ago
Mariano Cano
396b4222aa
Implement validator for ssh keys.
...
Fixes #100
5 years ago
Mariano Cano
10e7b81b9f
Merge branch 'master' into ssh-ca
5 years ago
max furman
2b41faa9cf
Enforce >= 2048 bit rsa keys at the provisioner layer
...
* Fixes #94
* In the future this should be configurable by provisioner
5 years ago
max furman
635c59ed24
Accept emails SANs
5 years ago
Mariano Cano
34e1e3380a
Fix lint errors.
5 years ago
Mariano Cano
d231bfb764
Update jwk and oidc tests.
5 years ago
Mariano Cano
b0240772da
Add tests for SSH certs with JWK provisioners.
5 years ago
Mariano Cano
f8cacc11b1
Fix tests.
5 years ago
max furman
ab4d569f36
Add /revoke API with interface db backend
6 years ago
Mariano Cano
76618558ae
Improve unit tests.
6 years ago
Mariano Cano
7378ed27ac
Refactor claims so they can be totally omitted if only the parent is set.
6 years ago
Mariano Cano
60880d1f0a
Add domains and check emails properly.
6 years ago
Mariano Cano
945a1371f1
Fix tests.
6 years ago
Mariano Cano
4ceb88fbae
Add tests for OIDC and complete some JWK tests.
6 years ago
Mariano Cano
f17d2d9694
Remove debug statements.
6 years ago
Mariano Cano
67c79fd014
Add tests for default provisioner.
6 years ago
Mariano Cano
54d86ca1c1
testing work in progress.
6 years ago
Mariano Cano
1671ab2590
Fix some tests.
6 years ago
Mariano Cano
a1782733fe
Rename files.
6 years ago