Mariano Cano
8c8db0d4b7
Modify errs.BadRequestErr() to always return an error to the client.
3 years ago
Mariano Cano
8ce807a6cb
Modify errs.BadRequest() calls to always send an error to the client.
3 years ago
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
3 years ago
max furman
933b40a02a
Introduce gocritic linter and address warnings
3 years ago
Mariano Cano
833d28cb6a
Clone the certificate in case we need to look at it later.
3 years ago
Mariano Cano
568fce201a
Enforce identity cert to match ssh cert on renewals.
3 years ago
Mariano Cano
4aa529605d
Merge pull request #641 from hillu/quote-serial
...
Log certificate's serial number as stringified decimal number
3 years ago
Herman Slatman
9210a6740b
Fix logging provisioner name as string
3 years ago
Hilko Bengen
edb01bc9f2
Log certificate's serial number as stringified decimal number
...
Using a JSON string fixes a common issue with JSON parsers that
deserialize all numbers to a 64-bit IEEE-754 floats. (Certificate
serial numbers are usually 128 bit values.)
This change is consistent with existing log entries for revocation
requests.
See also: #630 , #631
3 years ago
max furman
77fdfc9fa3
Merge branch 'master' into max/cert-mgr-crud
3 years ago
max furman
9fdef64709
Admin level API for provisioner mgmt v1
3 years ago
Mariano Cano
65dacc2795
Replace golint with revive
3 years ago
Herman Slatman
a191319da9
Improve SCEP API logic and error handling
3 years ago
Herman Slatman
bc2bb53009
Merge branch 'master' into hs/scep
3 years ago
max furman
4f3e5ef64d
wip
3 years ago
max furman
5d09d04d14
wip
3 years ago
max furman
7b5d6968a5
first commit
3 years ago
Mariano Cano
c1c986922b
Show Ed25519 in the public-key log field.
3 years ago
Herman Slatman
0487686f69
Merge branch 'master' into hs/scep
4 years ago
max furman
2e0e62bc4c
add WriteError method for acme api
4 years ago
max furman
fd447c5b54
Fix small nbf->naf bug in db.CreateOrder
...
- still needs unit test
4 years ago
max furman
1135ae04fc
[acme db interface] wip
4 years ago
Herman Slatman
2fc5a7f22e
Improve SCEP API logic and error handling
4 years ago
max furman
f88f58440f
add //nolint for new 1.16 deprecation warnings
...
- dsa
- pem.DecryptPEMBlock
4 years ago
Mariano Cano
c94a1c51be
Merge branch 'master' into ssh-cert-templates
4 years ago
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
4 years ago
Mariano Cano
aaaa7e9b4e
Merge branch 'master' into cert-templates
4 years ago
max furman
8e3481a8ef
[logger map] small optimization
...
Rather than doing two key writes and one lookup, just write once.
4 years ago
max furman
55bf5a4526
Add cert logging for acme/certificate api
4 years ago
Mariano Cano
4943ae58d8
Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates.
4 years ago
Mariano Cano
e83e47a91e
Use sshutil and randutil from go.step.sm/crypto.
4 years ago
Mariano Cano
3b19bb9796
Add TemplateData to SSHSignRequest.
...
Add some omitempty tags.
4 years ago
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
4 years ago
Mariano Cano
068bafe5a3
Add templateData to api sign request.
4 years ago
max furman
fd05f3249b
A few last fixes and tests added for rekey/renew ...
...
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
4 years ago
dharanikumar-s
dfda497929
Renamed RenewOrRekey to Rekey
4 years ago
dharanikumar-s
a3b5211e0f
gofmted the code
4 years ago
dharanikumar-s
954fda657b
Added renewOrRekey to mockAuthority. Added Test_caHandler_Rekey
4 years ago
dharanikumar-s
01a6469d25
Moved peer certificate check to the first line
4 years ago
dharanikumar-s
8f504483ce
Added RenewOrRekey function based on @maraino suggestion. RenewOrReky is called from Renew.
4 years ago
dharanikumar-s
3813f57b1a
Add support for rekeying Fixes #292
4 years ago
Mariano Cano
b0ff731d18
Add support for user provisioner certificates on OIDC provisioners.
...
OIDC provisioners create an SSH certificate with two principals. This
was avoiding the creationg of user provisioner certificates for those
provisioners.
Fixes smallstep/cli#268
5 years ago
David Cowden
eb42ea90db
ssh/api: Use host tags instead of groups
...
Tags are more flexible and what we use in the managed offering.
5 years ago
Mariano Cano
bfe1f4952d
Rename interface to CertificateEnforcer and add tests.
5 years ago
Mariano Cano
64f26c0f40
Enforce a duration for identity certificates.
5 years ago
Mariano Cano
fa416336a8
Add context to tests.
5 years ago
Mariano Cano
c49a9d5e33
Add context parameter to all SSH methods.
5 years ago
max furman
1cb8bb3ae1
Simplify statuscoder error generators.
5 years ago
max furman
dccbdf3a90
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
5 years ago
Mariano Cano
ed26e97487
Fix tests.
5 years ago