Max
d34f0f6a97
Fix linter warnings ( #1634 )
10 months ago
Max
67a41dca83
Remove db datasource from error msg to prevent leaking of secrets ( #1528 )
1 year ago
Mariano Cano
c7f226bcec
Add support for renew when using stepcas
...
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.
The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.
Fixes #1021 for stepcas
2 years ago
Mariano Cano
f066ac3d40
Remove buggy logic on GetRevokedCertificates()
2 years ago
Mariano Cano
8200d19894
Improve CRL implementation
...
This commit adds some changes to PR #731 , some of them are:
- Add distribution point to the CRL
- Properly stop the goroutine that generates the CRLs
- CRL config validation
- Remove expired certificates from the CRL
- Require enable set to true to generate a CRL
This last point is the principal change in behaviour from the previous
implementation. The CRL will not be generated if it's not enabled, and
if it is enabled it will always be regenerated at some point, not only
if there is a revocation.
2 years ago
Raal Goff
f7df865687
refactor crl config, add some tests
2 years ago
Raal Goff
40baf73dff
remove incorrect check on revoked certificate dates, add mutex lock for generating CRLs,
2 years ago
Raal Goff
9fa5f46213
add minor doco, Test_CRLGeneration(), fix some issues from merge
2 years ago
Raal Goff
60671b07d7
Merge branch 'master' into crl-support
...
# Conflicts:
# api/api.go
# authority/config/config.go
# cas/softcas/softcas.go
# db/db.go
2 years ago
Mariano Cano
26dd97e718
Merge branch 'master' into context-authority
2 years ago
Mariano Cano
20b2c6a201
Extract cert storer methods from AuthDB
...
To be able to extend the AuthDB with methods that also extend the
provisioner we need to either create a new method or to split the
interface. This change splits the interface so we can have a cleaner
implementation.
2 years ago
Mariano Cano
0446e82320
Add context methods for the authority database
2 years ago
Mariano Cano
3694ba30dc
Store certificate and provisioner in one transaction.
3 years ago
Mariano Cano
1d1e095447
Add tests for LoadProvisionerByCertificate.
3 years ago
Raal Goff
c8b38c0e13
implemented requested changes
3 years ago
Mariano Cano
7d6116c3d0
Add GetCertificateData and refactor x509_certs_data.
3 years ago
Mariano Cano
41c6ded85e
Store in the db the provisioner that granted a cert.
3 years ago
Raal Goff
773741eda8
Merge remote-tracking branch 'origin/crl-support' into crl-support
...
# Conflicts:
# api/api_test.go
# authority/tls.go
3 years ago
Raal Goff
53dbe2309b
implemented some requested changes
3 years ago
Raal Goff
d417ce3232
implement changes from review
3 years ago
Raal Goff
7d024cc4cb
change GenerateCertificateRevocationList to return DER, store DER in db instead of PEM, nicer PEM encoding of CRL, add Mock stubs
3 years ago
Raal Goff
e8fdb703c9
initial support for CRL
3 years ago
Raal Goff
8520c861d5
implemented some requested changes
3 years ago
Herman Slatman
47a8a3c463
Add test case for ACME Revoke to Authority
3 years ago
Raal Goff
222b52db13
implement changes from review
3 years ago
Raal Goff
8545adea92
change GenerateCertificateRevocationList to return DER, store DER in db instead of PEM, nicer PEM encoding of CRL, add Mock stubs
3 years ago
Raal Goff
56926b9012
initial support for CRL
3 years ago
Mariano Cano
8381e9bd17
Fix typos.
4 years ago
Mariano Cano
e17ce39e3a
Add support for Revoke using CAS.
4 years ago
max furman
d51f254ee4
ValueLogLoadingMode -> FileLoading Mode badger
5 years ago
max furman
0573c00bd3
Simultaneous support for Badger V1+V2 and ...
...
* valueLogLoadingMode config for low RAM badger environments
5 years ago
max furman
dccbdf3a90
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
5 years ago
max furman
db1b7a7f8f
extraneous new line
5 years ago
max furman
29853ae016
sshpop provisioner + ssh renew | revoke | rekey first pass
5 years ago
max furman
862d704f6b
get-hosts fixes
5 years ago
max furman
5616386eed
Add SSH getHosts api
5 years ago
Mariano Cano
37f17213bb
Add initial support for check-host endpoint.
5 years ago
max furman
83a8139543
dep update nosql
...
* Fixes #112
5 years ago
max furman
e3826dd1c3
Add ACME CA capabilities
5 years ago
max furman
599fc1058c
loadOrStore -> cmpAndSwap
5 years ago
max furman
81db527f12
NoopDB -> SimpleDB
5 years ago
max furman
b73fe8c157
Add used OTT to DB during authToken step
5 years ago
max furman
46c7592f34
db: Omit empty optional fields from JSON
6 years ago
max furman
c242602231
reload and shutdown trickery
...
* Only shutdown the database once.
* Be careful when reloading the CA. Depending on whether the DB has
already been shutdown, and error may be unrecoverable.
6 years ago
max furman
cbeca9383b
Update nosql integration
...
* shutdown and reload database on SIGHUP
6 years ago
max furman
ab4d569f36
Add /revoke API with interface db backend
6 years ago