Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,054 Commits
41 Branches
215 Tags
44 MiB
master
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
dependabot/go_modules/github.com/google/go-tpm-0.9.1
wire-acme-extensions
mariano/init-provisioners
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '72e2c4eb2e'
${ noResults }
Commit Graph

133 Commits (72e2c4eb2e7a943a59b8de401bf678ed6043e3da)

Author SHA1 Message Date
Mariano Cano 9e5762fe06 Allow the reuse of azure token if DisableTrustOnFirstUse is true 
Azure caches tokens for 24h and we cannot issue a new certificate
for the same instance in that period of time.

The meaning of this parameter is to allow the signing of multiple
certificate in one instance. This is possible in GCP, because we
get a new token, and is possible in AWS because we can generate
a new one. On Azure there was no other way to do it unless you
wait for 24h.

Fixes #656
 3 years ago
Mariano Cano d72fa953ac Remove debug statements. 3 years ago
Mariano Cano 3f07eb597a Implement revocation using linkedca. 3 years ago
Mariano Cano 0730a165fd Add collection of files and authority template. 3 years ago
Mariano Cano 71f8019243 Store x509 and ssh certificates on linkedca if enabled. 3 years ago
Herman Slatman 8f7e700f09
Merge branch 'master' into hs/acme-revocation 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
Herman Slatman 84e7d468f2
Improve handling of ACME revocation 3 years ago
max furman 7b5d6968a5 first commit 3 years ago
Mariano Cano 2cbaee9c1d Allow to use an alternative interface to store renewed certs. 
This can be useful to know if a certificate has been renewed and
link one certificate with the 'parent'.
 3 years ago
Mariano Cano e6833ecee3 Add extension of db.AuthDB to store the fullchain. 
Add a temporary solution to allow an extension of an db.AuthDB
interface that logs the fullchain of certificates instead of just
the leaf.
 3 years ago
Mariano Cano 0b8528ce6b Allow mTLS revocation without provisioner. 3 years ago
Mariano Cano bcf70206ac Add support for revocation using an extra provisioner in the RA. 3 years ago
Mariano Cano a6115e29c2 Add initial implementation of StepCAS. 
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
 3 years ago
Mariano Cano 3e0ab8fba7 Fix typo. 4 years ago
Mariano Cano d64427487d Add comment about the missing error check. 4 years ago
Mariano Cano e17ce39e3a Add support for Revoke using CAS. 4 years ago
Mariano Cano aad8f9e582 Pass issuer and signer to softCAS options. 
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
 4 years ago
Mariano Cano 1b1f73dec6 Early attempt to develop a CAS interface. 4 years ago
Mariano Cano cef0475e71 Make clear what's a template/unsigned certificate. 4 years ago
Mariano Cano c94a1c51be Merge branch 'master' into ssh-cert-templates 4 years ago
Mariano Cano ba918100d0 Use go.step.sm/crypto/jose 
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
 4 years ago
max furman 81875074e3 tie -> the in comment 4 years ago
max furman cb594ed2e0 go mod tidy and golang 1.15.0 cleanup ... 
- cs.NegotiatedProtocolIsMutual has been deprecated but we still build
in travis with 1.14 so for now we'll ignore this linting error
- string(int) was resolving to string of a single rune rather than
string of digits -> use fmt.Sprint
 4 years ago
Mariano Cano d30a95236d Use always go.step.sm/crypto 4 years ago
Mariano Cano 0a59efd853 Use new x509util to generate the CA certificate. 4 years ago
Mariano Cano 4943ae58d8 Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates. 4 years ago
Mariano Cano ce1eb0a01b Use new x509util for renew/rekey. 4 years ago
Mariano Cano c8d225a763 Use x509util from go.step.sm/crypto/x509util 4 years ago
Mariano Cano a7b65f1e1e Add authority.Sign test with custom templates. 4 years ago
Mariano Cano 6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 4 years ago
Mariano Cano ccc705cdcd Use alias x509legacy to cli x509util in tls.go. 4 years ago
Mariano Cano 8f0dd811af Allow to send errors from template to cli. 4 years ago
Mariano Cano 4795e371bd Add back the support for ca.json DN template. 4 years ago
Mariano Cano d1d9ae42d6 Use certificates x509util instead of cli for certificate signing. 4 years ago
max furman fd05f3249b A few last fixes and tests added for rekey/renew ... 
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
 4 years ago
Max ea9bc493b8
Merge pull request #307 from dharanikumar-s/master 
Add support for rekeying Fixes #292
 4 years ago
dharanikumar-s 57fb0c80cf Removed calculating SubjectKeyIdentifier on Rekey 4 years ago
dharanikumar-s dfda497929 Renamed RenewOrRekey to Rekey 4 years ago
dharanikumar-s fe73154a20 Corrected misspelling 4 years ago
dharanikumar-s 2479371c06 Added error check while marshalling public key 4 years ago
dharanikumar-s c8c3581e2f SubjectKeyIdentifier extention is calculated from public key passed to this function instead of copying from old certificate 4 years ago
dharanikumar-s 8f504483ce Added RenewOrRekey function based on @maraino suggestion. RenewOrReky is called from Renew. 4 years ago
dharanikumar-s 3813f57b1a Add support for rekeying Fixes #292 4 years ago
max furman d25e7f64c2 wip 4 years ago
max furman 3636ba3228 wip 4 years ago
max furman 1951669e13 wip 4 years ago
Mariano Cano bfe1f4952d Rename interface to CertificateEnforcer and add tests. 4 years ago
Mariano Cano 64f26c0f40 Enforce a duration for identity certificates. 4 years ago
Mariano Cano 05cc1437b7 Remove unnecessary parse of certificate. 4 years ago
Mariano Cano 43bd8113aa Remove unnecessary comments. 4 years ago
Mariano Cano 69a1b68283 Merge branch 'ssh' into kms 4 years ago
max furman b265877050 Simplify statuscoder error generators. 4 years ago
max furman c387b21808 Introduce generalized statusCoder errors and loads of ssh unit tests. 
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
 4 years ago
Mariano Cano c62526b39f Add wip support for kms. 5 years ago
Mariano Cano e67ccd9e3d Add fault tolerance against clock skew accross system on TLS certificates. 5 years ago
Mariano Cano 8eeb82d0ce Store renew certificate in the database. 5 years ago
Mariano Cano 0c3b9ebf45 Fix indentation. 5 years ago
max furman a9ea292bd4 sshpop provisioner + ssh renew | revoke | rekey first pass 5 years ago
Jozef Kralik bc6074f596 Change api of functions Authority.Sign, Authority.Renew 
Returns certificate chain instead of 2 members.

Implements #126
 5 years ago
max furman fe7973c060 wip 5 years ago
Mariano Cano 2127d09ef3 Rename context type to apiCtx. 
It will conflict with the context package.
 5 years ago
max furman ab4d569f36 Add /revoke API with interface db backend 5 years ago
Mariano Cano 8c8547bf65 Remove unnecessary parse and improve tests. 5 years ago
Mariano Cano a3e2b4a552 Move certificate check to the right place. 5 years ago
Mariano Cano 30a6889d1f Use standard x509 instead of step one. 5 years ago
Mariano Cano 7fd737cbb1 Fix lint warnings. 5 years ago
Mariano Cano 1f5ff5c899 Fix sign and renew tests. 5 years ago
Mariano Cano c0ef6f8dc5 Add missing modifier and change return codes. 5 years ago
Mariano Cano a97ea87caa Move options to provisioner so we can set the duration of the cert. 5 years ago
Mariano Cano 1671ab2590 Fix some tests. 5 years ago
Mariano Cano 57b705f6cf Use provisioner sign options. 5 years ago
Mariano Cano d78febec7a Fix extensions copy on renew 
Fixes #36
 5 years ago
max furman 7e43402575 bug fix: don't add common name to CSR validation claims in Sign 
* added unit test for this case
 5 years ago
max furman e6e8443f3c allow multiple identical SANs in cert 5 years ago
max furman f0683c2e0a Enable signing certificates with custom SANs 
* validate against SANs in token. must be 1:1 equivalent.
 5 years ago
Mariano Cano d6cad2a7f3 Add provisioner option to disable renewal. 
Fixes smallstep/ca-component#108
 6 years ago
Mariano Cano d574545d94 Format code with `gofmt -s` 6 years ago
max furman 7fa06643b2 change step provisioner OID and ASN1 representation 6 years ago
max furman a4a461466b withProvisionerOID and unit test 6 years ago
max furman ee7db4006a change sign + authorize authority api | add provisioners 
* authorize returns []interface{}
 - operators in this list can conform to any interface the user decides
 - our implementation has a combination of certificate claim validators
 and certificate template modifiers.
* provisioners can set and enforce tls cert options
 6 years ago
max furman 0b5f6487e1 change provisioners api 
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
 6 years ago
max furman c284a2c0ab first commit 6 years ago