Commit Graph

100 Commits (8a1c8b394a831cec7e9fbff20084479d9eec6ea8)

Author SHA1 Message Date
max furman f88f58440f add //nolint for new 1.16 deprecation warnings
- dsa
- pem.DecryptPEMBlock
3 years ago
Mariano Cano c94a1c51be Merge branch 'master' into ssh-cert-templates 4 years ago
Mariano Cano ba918100d0 Use go.step.sm/crypto/jose
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
4 years ago
Mariano Cano aaaa7e9b4e Merge branch 'master' into cert-templates 4 years ago
max furman 8e3481a8ef [logger map] small optimization
Rather than doing two key writes and one lookup, just write once.
4 years ago
max furman 55bf5a4526 Add cert logging for acme/certificate api 4 years ago
Mariano Cano 4943ae58d8 Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates. 4 years ago
Mariano Cano e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 4 years ago
Mariano Cano 3b19bb9796 Add TemplateData to SSHSignRequest.
Add some omitempty tags.
4 years ago
Mariano Cano 6c64fb3ed2 Rename provisioner options structs:
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
4 years ago
Mariano Cano 068bafe5a3 Add templateData to api sign request. 4 years ago
max furman fd05f3249b A few last fixes and tests added for rekey/renew ...
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
4 years ago
dharanikumar-s dfda497929 Renamed RenewOrRekey to Rekey 4 years ago
dharanikumar-s a3b5211e0f gofmted the code 4 years ago
dharanikumar-s 954fda657b Added renewOrRekey to mockAuthority. Added Test_caHandler_Rekey 4 years ago
dharanikumar-s 01a6469d25 Moved peer certificate check to the first line 4 years ago
dharanikumar-s 8f504483ce Added RenewOrRekey function based on @maraino suggestion. RenewOrReky is called from Renew. 4 years ago
dharanikumar-s 3813f57b1a Add support for rekeying Fixes #292 4 years ago
Mariano Cano b0ff731d18 Add support for user provisioner certificates on OIDC provisioners.
OIDC provisioners create an SSH certificate with two principals. This
was avoiding the creationg of user provisioner certificates for those
provisioners.

Fixes smallstep/cli#268
4 years ago
David Cowden eb42ea90db ssh/api: Use host tags instead of groups
Tags are more flexible and what we use in the managed offering.
4 years ago
Mariano Cano bfe1f4952d Rename interface to CertificateEnforcer and add tests. 4 years ago
Mariano Cano 64f26c0f40 Enforce a duration for identity certificates. 4 years ago
Mariano Cano fa416336a8 Add context to tests. 4 years ago
Mariano Cano c49a9d5e33 Add context parameter to all SSH methods. 4 years ago
max furman 1cb8bb3ae1 Simplify statuscoder error generators. 4 years ago
max furman dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
4 years ago
Mariano Cano ed26e97487 Fix tests. 4 years ago
Mariano Cano c1bd1561dd Renew identity certificate in /ssh/rekey and /ssh/renew 4 years ago
max furman b9f6aacb0f Move api errors to their own package and modify the typedef 4 years ago
Mariano Cano dedf6b17be Addapt tests to the api change. 4 years ago
max furman 3ac388612a Use x5cInsecure token for /ssh/check-host endpoint 4 years ago
Mariano Cano f0eb12372b Add missing unit tests for ssh. 4 years ago
Mariano Cano f6ffa2cc43 Check at the cert type instead of at the body. 4 years ago
Mariano Cano 5d7829b198 Replace /ssh/get-hosts to /ssh/hosts 4 years ago
Mariano Cano d8b3e05a3f Add error marshaling tests. 4 years ago
Mariano Cano 7b81bec8aa Use default duration for host certificates identity files. 4 years ago
Mariano Cano b179ad3662 Fix api tests. 4 years ago
Mariano Cano 3a16835cdd Make identity duration the same as the SSH cert. 4 years ago
Mariano Cano 4f08a7816f Fix extra write header. 4 years ago
max furman 656f35e522 Use an actual Hosts type when returning ssh hosts 4 years ago
Mariano Cano c60641701b Add version endpoint. 4 years ago
max furman f92bb06b6c change func def for getSSHHosts
* continue to return all hosts if injection method not specified
4 years ago
Mariano Cano 11c8639782 Add identity certificate in ssh response. 4 years ago
max furman d940ab7c20 Add getSSHHosts injection func 4 years ago
Mariano Cano 8bf3bf701e Add support for /ssh/bastion method. 4 years ago
max furman 54e3cf7322 Add multiuse capability to k8ssa provisioners 4 years ago
Mariano Cano 0ae9bab21e Fix api tests. 4 years ago
max furman 29853ae016 sshpop provisioner + ssh renew | revoke | rekey first pass 4 years ago
max furman 862d704f6b get-hosts fixes 4 years ago
max furman 5616386eed Add SSH getHosts api 4 years ago