Herman Slatman
6929e31fe0
Merge branch 'master' into hs/acme-eab
3 years ago
Herman Slatman
22ff90f655
Merge branch 'master' into hs/acme-eab
3 years ago
Herman Slatman
07addd0cac
Fix linting issue
3 years ago
Herman Slatman
a68208a3ba
Set Step CLI User-Agent when performing ACME requests
3 years ago
Mariano Cano
2c63abcf52
fix grammar
3 years ago
Mariano Cano
7c4e6dcc96
Remove duplicated code in bootstrap methods
3 years ago
Mariano Cano
64c19d4264
Fix subject in test, use ip
3 years ago
Mariano Cano
b0b2e77b0e
Avoid doing unauthenticated requests on the SDK
...
When step-ca runs with mTLS required on some endpoints, the SDK
used in autocert will fail to start because the identity certificate
is missing. This certificate is only required to retrieve all roots,
in most cases there's only one, and the SDK has access to it.
3 years ago
Herman Slatman
d799359917
Merge branch 'master' into hs/acme-eab
3 years ago
Herman Slatman
3bc3957b06
Merge branch 'master' into hs/acme-revocation
3 years ago
Herman Slatman
d0c23973cc
Merge branch 'master' into hs/acme-eab
3 years ago
Herman Slatman
2d357da99b
Add tests for ACME revocation
3 years ago
Mariano Cano
d35848f7a9
Fix unit tests.
3 years ago
Mariano Cano
b9beab071d
Fix unit tests.
3 years ago
Mariano Cano
8c8db0d4b7
Modify errs.BadRequestErr() to always return an error to the client.
3 years ago
Mariano Cano
8ce807a6cb
Modify errs.BadRequest() calls to always send an error to the client.
3 years ago
max furman
7fac8c96c3
Merge branch 'master' into max/context
3 years ago
max furman
a7d144996f
SSH backwards compat updates
...
- use existence of new value in data map as boolean
- add tests for backwards and forwards compatibility
- fix old tests that used static dir locations
3 years ago
max furman
d777fc23c2
Add ca.WithInsecure and use methods for file names
3 years ago
max furman
e5951fd84c
Use methods in the step package
...
* rather than variables set at execution time, which may not match the
actual current context
3 years ago
max furman
7eeebca529
Enable step path contexts in identity and pki paths
3 years ago
max furman
10db335f13
mv pkg config -> step
3 years ago
max furman
741ac64c61
change name of package cli-utils/config to cli-utils/step
3 years ago
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
3 years ago
Herman Slatman
bcd1240a0e
Merge branch 'master' into hs/acme-eab
3 years ago
Mariano Cano
36b622bfc2
Use Golang's default keep-alive.
...
Since Go 1.13 a net.Listen keep-alive is enabled by default if
the protocol and OS supports it. The new one is 15s to match
the net.Dial default one. Previously http.Server ListenAndServe
and ListenAndServeTLS used to add a wrapper with 3m that we
replicated.
See https://github.com/golang/go/issues/31510
3 years ago
Herman Slatman
dd4b4b0435
Fix remaining gocritic remarks
3 years ago
Herman Slatman
e0b495e4c8
Merge branch 'master' into hs/acme-eab
3 years ago
max furman
933b40a02a
Introduce gocritic linter and address warnings
3 years ago
Herman Slatman
f34d68897a
Refactor retrieval of provisioner into middleware
3 years ago
Herman Slatman
9d4cafc4bd
Merge branch 'master' into hs/acme-eab
3 years ago
Herman Slatman
c2bc1351c6
Add provisioner to remove endpoint and clear reference index on delete
3 years ago
Herman Slatman
9c0020352b
Add lookup by reference and make reference optional
3 years ago
Mariano Cano
6729c79253
Add support for setting individual password for ssh and tls keys
...
This change add the following flags:
* --ssh-host-password-file
* --ssh-user-password-file
Fixes #693
3 years ago
Herman Slatman
f11c0cdc0c
Add endpoint for listing ACME EAB keys
3 years ago
Herman Slatman
9d09f5e575
Add support for deleting ACME EAB keys
3 years ago
Herman Slatman
a98fe03e80
Merge branch 'master' into hs/acme-eab
3 years ago
Herman Slatman
1dba8698e3
Use LinkedCA.EABKey type in ACME EAB API
3 years ago
Mariano Cano
e3ef4a7da9
Update test with default tls options.
3 years ago
Herman Slatman
c6a4c4ecba
Change ACME EAB endpoint
3 years ago
Herman Slatman
c6bfc6eac2
Fix PR comments
3 years ago
Herman Slatman
b65a588d5b
Make authentication work for /admin/eak
3 years ago
Mariano Cano
8fb5340dc9
Use a token at start time to configure linkedca.
...
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
3 years ago
max furman
1df21b9b6a
Addressing comments in PR review
...
- added a bit of validation to admin create and update
- using protojson where possible in admin api
- fixing a few instances of admin -> acme in errors
3 years ago
max furman
77fdfc9fa3
Merge branch 'master' into max/cert-mgr-crud
3 years ago
max furman
9fdef64709
Admin level API for provisioner mgmt v1
3 years ago
Herman Slatman
03c472359c
Add sync.WaitGroup for proper error handling in Run()
3 years ago
Herman Slatman
13fe7a0121
Make serving SCEP endpoints optional
...
Only when a SCEP provisioner is enabled, the SCEP endpoints
will now be available.
The SCEP endpoints will be served on an "insecure" server,
without TLS, only when an additional "insecureAddress" and a
SCEP provisioner are configured for the CA.
3 years ago
Herman Slatman
97b88c4d58
Address (most) PR comments
3 years ago
Herman Slatman
5df60c5a9b
Add support for multiple SCEP provisioners
...
Similarly to how ACME suppors multiple provisioners, it's
now possible to load the right provisioner based on the
URL.
3 years ago