Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,010 Commits
40 Branches
214 Tags
91 MiB
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ab0d2503ae'
${ noResults }
Commit Graph

59 Commits (ab0d2503aeeec4468baf4dd0fdae3028c73a50c6)

Author SHA1 Message Date
max furman ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2 years ago
Mariano Cano 34c6c65671 Pass attestation information to the Sign method 
Attestation information might be useful in authorizing webhooks
 2 years ago
Mariano Cano 21427d5d65 Replace instead of prepend provisioner extension 
With non standard SANs this will generate the SAN and provisioner
extension in the same order.
 2 years ago
Herman Slatman 6e1f8dd7ab
Refactor policy engines into container 2 years ago
Herman Slatman 571b21abbc
Fix (most) PR comments 2 years ago
Herman Slatman 613c99f00f
Fix linting issues 2 years ago
Herman Slatman dc23fd23bf
Merge branch 'master' into herman/allow-deny-next 2 years ago
Mariano Cano 4690fa64ed Add public methods to retrieve the provisioner extensions. 2 years ago
Herman Slatman 7c541888ad
Refactor configuration of allow/deny on authority level 2 years ago
Herman Slatman 88c7b63c9d
Split SSH user and cert policy configuration and execution 2 years ago
Herman Slatman 066bf32086
Fix part of PR comments 2 years ago
Herman Slatman 6440870a80
Clean up, improve test cases and coverage 2 years ago
Herman Slatman 1e808b61e5
Merge logic for X509 and SSH policy 2 years ago
Herman Slatman 9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine 2 years ago
Mariano Cano c3f98fd04d Change some bad requests to forbidded. 
Change in the sign options bad requests to forbidded if is the
provisioner the one adding a restriction, e.g. list of dns names,
validity, ...
 3 years ago
Mariano Cano 507a272b4d Return always http errors in sign options. 3 years ago
Mariano Cano b6ebd118fc Update temporal solution for sending message to users 3 years ago
Mariano Cano acd0bac025 Remove extra and in comment. 3 years ago
Mariano Cano 1aadd63cef Use always badRequest on duration errors. 3 years ago
Mariano Cano 41fec1577d Report duration errors directly to the cli. 3 years ago
Herman Slatman d0a9cbc797
Change fmt to errors package for formatting errors 3 years ago
Herman Slatman ff1b46c95d
Add configuration option for specifying the minimum public key length 
Instead of using the defaultPublicKeyValidator a new validator called
publicKeyMinimumLengthValidator has been implemented that uses a
configurable minimum length for public keys in CSRs.

It's also an option to alter the defaultPublicKeyValidator to also
take a parameter, but that would touch quite some lines of code. This
might be a viable option after merging SCEP support.
 3 years ago
max furman 16665c97f0 Allow empty SAN in CSR for validation ... 
- The default template will always use the SANs from the token.
- If there are any SANs they must be validated against the token.
 3 years ago
max furman 46fc922afd Remove unused code; fix usage wrong word; add gap time for unit test 4 years ago
Mariano Cano c8d225a763 Use x509util from go.step.sm/crypto/x509util 4 years ago
Mariano Cano 6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 4 years ago
Mariano Cano 0c8376a7f6 Fix existing unit tests. 4 years ago
Mariano Cano 4795e371bd Add back the support for ca.json DN template. 4 years ago
Mariano Cano 95c3a41bf0 Rename UserData to TemplateData and fix unmarshaling. 4 years ago
Mariano Cano 9032018cf2 Convert x509util.WithOptions to new modifiers. 4 years ago
max furman accf1be7e9 wip 4 years ago
max furman 71d87b4e61 wip 4 years ago
max furman d25e7f64c2 wip 4 years ago
max furman 3636ba3228 wip 4 years ago
max furman 1951669e13 wip 4 years ago
max furman 7d5cf34ce5 Update profileLimitDuration validator ... 
- respect notBefore of the provisioner
- modify/fix the reported errors
 4 years ago
Oleksandr Kovalchuk 322200b7db
Implement modifier to set CommonName 
Implement modifier which sets CommonName to the certificate if
CommonName is empty and forceCN is set in the config. Replace previous
implementation introduced in 0218018cee
with new modifier.

Closes https://github.com/smallstep/certificates/issues/259
Ref: https://github.com/smallstep/certificates/pull/260#issuecomment-628961322
 4 years ago
Mariano Cano 13507efb35 Remove the requirement for CSR to have a common name. 
Fixes #226
 4 years ago
Mariano Cano bfe1f4952d Rename interface to CertificateEnforcer and add tests. 4 years ago
Mariano Cano 64f26c0f40 Enforce a duration for identity certificates. 4 years ago
max furman 397a181d10 Add backdate validation to sshCertValidityValidator. 4 years ago
max furman dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests. 
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
 4 years ago
Mariano Cano 93b65bee7c Add unit test for profileDefaultDuration. 4 years ago
Mariano Cano 84ff172093 Add support for backdate to SSH certificates. 4 years ago
Mariano Cano 5565d61bf3 Add fault tolerance against clock skew accross system on TLS certificates. 4 years ago
max furman d368791606 Add x5c provisioner capabilities 5 years ago
max furman 2b41faa9cf Enforce >= 2048 bit rsa keys at the provisioner layer 
* Fixes #94
* In the future this should be configurable by provisioner
 5 years ago
max furman 635c59ed24 Accept emails SANs 5 years ago
Mariano Cano 900ab9cc12 Allow custom common names in cloud identity provisioners. 5 years ago
Mariano Cano 00fed1c538 Add initial version of time duration support in sign requests. 5 years ago