Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,087 Commits
40 Branches
214 Tags
90 MiB
master
wire-acme-extensions
mariano/init-provisioners
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.8.2
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7101fbb0ee'
${ noResults }
Commit Graph

44 Commits (7101fbb0ee939d24756695508845e78e41a1cb59)

Author SHA1 Message Date
Andrew Reed 7101fbb0ee
Provisioner webhooks (#1001) 2 years ago
Mariano Cano a1f54921d2 Rename internal field 2 years ago
Mariano Cano 9408d0f24b Send RA provisioner information to the CA 2 years ago
Mariano Cano e7d7eb1a94 Add provisioner as a signOption for SSH 2 years ago
Herman Slatman 5e9bce508d
Unexport GetPolicy() 2 years ago
Herman Slatman c40a4d2694
Contain policy engines inside provisioner Controller 2 years ago
Herman Slatman 9797b3350e
Merge branch 'master' into herman/allow-deny 2 years ago
Mariano Cano 5ab79f53be Fix linter errors 2 years ago
Herman Slatman dc23fd23bf
Merge branch 'master' into herman/allow-deny-next 2 years ago
Mariano Cano b401376829 Add current provisioner to AuthorizeSign SignOptions. 
The original provisioner cannot be retrieved from a certificate
if a linked ra is used.
 2 years ago
Mariano Cano ad8a813abe Fix linter errors 2 years ago
Mariano Cano 259e95947c Add support for the provisioner controller 
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
 2 years ago
Herman Slatman 7c541888ad
Refactor configuration of allow/deny on authority level 2 years ago
Herman Slatman c3c6f3da72
Merge branch 'master' into herman/allow-deny 2 years ago
Mariano Cano abe951d416 Fix name of the variable in comment. 2 years ago
Mariano Cano a0cf808393 Make the X5C leaf certificate available to the templates. 
X509 and SSH templates of the X5C provisioner will have now access
to the leaf certificate used to sign the token using the template
variable .AuthorizationCrt

Fixes #433
 2 years ago
Herman Slatman 88c7b63c9d
Split SSH user and cert policy configuration and execution 2 years ago
Herman Slatman 512b8d6730
Refactor instantiation of policy engines 
Instead of using the `base` struct, the x509 and SSH policy
engines are now added to each provisioner directly.
 2 years ago
Herman Slatman 9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine 2 years ago
Mariano Cano 668d3ea6c7 Modify errs.Wrap() with bad request to send messages to users. 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
max furman 638766c615 wip 3 years ago
Mariano Cano ba918100d0 Use go.step.sm/crypto/jose 
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
 4 years ago
Mariano Cano e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 4 years ago
Mariano Cano f437b86a7b Merge branch 'cert-templates' into ssh-cert-templates 4 years ago
Mariano Cano c8d225a763 Use x509util from go.step.sm/crypto/x509util 4 years ago
Mariano Cano aa657cdb4b Use SSHOptions inside provisioner options. 4 years ago
Mariano Cano 8ff8d90f8c On JWK and X5C validate the key id on the request. 4 years ago
Mariano Cano 8e7bf96769 Fix error prefix. 4 years ago
Mariano Cano c2dc76550c Add ssh certificate template to X5C provisioner. 4 years ago
Mariano Cano 6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 4 years ago
Mariano Cano 02c4f9817d Set full token payload instead of only the known properties. 4 years ago
Mariano Cano 04f5053a7a Add template support for x5c. 4 years ago
max furman 3636ba3228 wip 4 years ago
max furman 1951669e13 wip 4 years ago
max furman 7d5cf34ce5 Update profileLimitDuration validator ... 
- respect notBefore of the provisioner
- modify/fix the reported errors
 4 years ago
max furman 1cb8bb3ae1 Simplify statuscoder error generators. 4 years ago
max furman dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests. 
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
 4 years ago
Mariano Cano 84ff172093 Add support for backdate to SSH certificates. 4 years ago
max furman 414a94b210 Instrument getIdentity func for OIDC ssh provisioner 4 years ago
Mariano Cano 7db7b1ee4c Fix some provisioner tests 4 years ago
max furman 54e3cf7322 Add multiuse capability to k8ssa provisioners 4 years ago
max furman 29853ae016 sshpop provisioner + ssh renew | revoke | rekey first pass 4 years ago
max furman d368791606 Add x5c provisioner capabilities 5 years ago