Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-11 07:11:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,901 Commits 37 Branches 223 Tags 44 MiB
7052a32c2c
Commit Graph

129 Commits

Author SHA1 Message Date
Mariano Cano
68a89fbb02 Split Go 1.19 problematic with build tags 2022-06-16 10:58:45 -07:00
Shulhan
0e7257a236
kms/uri: fix test on Parse for the next Go release 
The next Go release add field OmitHost to url.URL [1] which cause the
TestParse fail.
Since the CI supports two consecutive Go versions at the same times, we
copy the uri_test.go to uri_119_test.go for testing with Go 1.19.

While at it, print the got and want object using the same format
(%#v) and type (*URL) for consistency.

[1] https://go-review.googlesource.com/c/go/+/391294
 2022-06-17 00:32:08 +07:00
Shulhan
fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19) 
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
 2022-06-16 01:28:59 +07:00
Mariano Cano
d5c6572da4 Fix typo. 2021-12-17 10:55:23 -08:00
Mariano Cano
5a32401d23 Implement the kms.Decrypter with PKCS#11 
This interface allows the use of SCEP with PKCS#11 modules.
 2021-12-16 18:30:09 -08:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
Mariano Cano
7ec1424cb6 Fix help. 2021-10-29 14:47:57 -07:00
Mariano Cano
8366b7ddf1 Revert "Remove extractable from StoreCertificate." 
This reverts commit 614ee79489.
 2021-10-29 14:45:10 -07:00
Mariano Cano
614ee79489 Remove extractable from StoreCertificate. 2021-10-29 12:02:24 -07:00
Mariano Cano
fa11e82b67 Add tests with extractable property. 2021-10-28 19:45:19 -07:00
Mariano Cano
886b9a1d8d Store the certificate passed. 2021-10-28 18:16:16 -07:00
Mariano Cano
aa80bf9f07 Merge branch 'smallstep_master' into extractable 2021-10-28 18:11:42 -07:00
Mariano Cano
6be383da34 Refactor pkcs#11 extractable certs and keys. 2021-10-28 18:04:11 -07:00
Mariano Cano
bef50bd7d9 Fix typo in variable name. 2021-10-26 17:57:59 -07:00
Mariano Cano
ead394fba7 Add strategy to retry the sign operation if the key is not yet ready 2021-10-20 18:09:50 -07:00
Mariano Cano
edd475b81b Allow to configure azurekms using the URI 
With an URI, azurekms can be configured with client credentials,
and it can define a default vault and protection level.
 2021-10-12 18:24:58 -07:00
Mariano Cano
44f0d61354 Fix typo. 2021-10-12 15:41:41 -07:00
Mariano Cano
a2b03083c8 Fix gocritic warnings. 2021-10-12 15:28:08 -07:00
Mariano Cano
2aee71b4c0 Fix typo. 2021-10-12 15:18:17 -07:00
Mariano Cano
e15b5faf7d Merge branch 'master' into keyvault 2021-10-12 15:15:35 -07:00
Mariano Cano
5d0bd7d155 Fix grammar in comments. 2021-10-12 15:14:01 -07:00
max furman
5fc24c697c Fix a few more linter warnings and remove GOFLAGS from make lint 2021-10-08 15:26:01 -04:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Mariano Cano
f6e69bf826 Fix typo. 2021-10-07 17:37:47 -07:00
Mariano Cano
c638c282d8 Add omitempty to KMS options. 2021-10-07 17:30:28 -07:00
Mariano Cano
822a1e3bdb Add variable with the default implementation. 2021-10-07 17:23:56 -07:00
Mariano Cano
2240ebbadc Add NameValidator interface and implement it for azurekms. 2021-10-07 17:19:55 -07:00
Mariano Cano
abdb56065d Allow o specify an hsm using the uri. 2021-10-07 16:18:36 -07:00
Mariano Cano
f1ef3fb351 Add GetBool(s string) bool to URI type. 2021-10-07 15:48:11 -07:00
Mariano Cano
500b540406 Remove unused code. 2021-10-07 15:35:21 -07:00
Mariano Cano
2026787ce4 Add some extra coverage. 2021-10-07 15:01:11 -07:00
Mariano Cano
08c9902f29 Add new alias in the kms package. 2021-10-06 18:42:01 -07:00
Mariano Cano
505b1f3678 Add new test case with a version in the opaque string. 2021-10-06 18:41:31 -07:00
Mariano Cano
d2581489a3 Redefine uris and set proper type. 
URIs will now have the form:

  - azurekms:name=my-key;vault=my-vault
  - azurekms:name=my-key;vault=my-vault?version=my-version
 2021-10-06 18:39:12 -07:00
Mariano Cano
656099c4f0 Add type for azurekms. 2021-10-06 18:38:32 -07:00
Mariano Cano
56c3559e52 Add some extra coverage. 2021-10-05 20:41:55 -07:00
Mariano Cano
6389100325 Add unit tests for azurekms. 2021-10-05 20:35:52 -07:00
Mariano Cano
97d08a1b61 Fix typos. 2021-10-05 17:11:23 -07:00
Mariano Cano
392a18465f Add initial implementation of Azure Key Vault KMS. 
Fixes #462
 2021-10-05 17:06:17 -07:00
Mariano Cano
6d644880bd Allow to kms signers to define the SignatureAlgorithm 
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.

On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
 2021-09-08 17:48:50 -07:00
max furman
8ba9013f5d gofmt linting errors 2021-09-07 11:35:51 -07:00
max furman
8bec473f8e fix gofmt linting errors 2021-09-07 11:30:35 -07:00
Mariano Cano
abd78e2d2a Make kms uri compatible with Go 1.17. 
Go 1.17 introduces a change in the net/url package disallowing the
use of semicolon (;) in URL queries. We used url.ParseQuery to
decode the opaque string that is semicolon separated. This change
replaces the semicolon with ampersands before decoding it.
 2021-08-17 13:25:55 -07:00
Mariano Cano
a864f0134d Fix key version when SHA512WithRSA is used. 
There was a typo creating RSA keys with SHA256 digests instead of
SHA512
 2021-08-16 14:47:38 -07:00
Gary Belvin
22b471acf9 Extractable certs 2021-06-17 09:29:38 -04:00
Gary Belvin
be89459524 Set key export bit 2021-06-17 09:29:32 -04:00
Mariano Cano
c4d0c8a18e Fix credentials file parameter on awskms 2021-06-11 21:40:04 -07:00
Herman Slatman
877fc9ae8c
Add tests for CreateDecrypter 2021-05-07 15:32:07 +02:00
Herman Slatman
68d5f6d0d2
Merge branch 'master' into hs/scep 2021-04-29 22:18:00 +02:00
Mariano Cano
180b5c3e3c Fix typo. 2021-04-21 16:20:53 -07:00