smallstep-certificates

mirror of https://github.com/smallstep/certificates.git synced 2024-11-15 18:12:59 +00:00

Author	SHA1	Message	Date
Herman Slatman	3bc3957b06	Merge branch 'master' into hs/acme-revocation	2021-12-09 09:36:52 +01:00
Mariano Cano	e0fee84694	Add comment about public key validator.	2021-12-03 15:24:42 -08:00
Herman Slatman	a7fbbc4748	Add tests for GetCertificateBySerial	2021-11-28 21:20:57 +01:00
Herman Slatman	c9cd876a7d	Merge branch 'master' into hs/acme-revocation	2021-11-25 00:40:56 +01:00
Mariano Cano	c3f98fd04d	Change some bad requests to forbidded. Change in the sign options bad requests to forbidded if is the provisioner the one adding a restriction, e.g. list of dns names, validity, ...	2021-11-24 11:32:35 -08:00
Mariano Cano	b9beab071d	Fix unit tests.	2021-11-23 18:43:36 -08:00
Mariano Cano	507a272b4d	Return always http errors in sign options.	2021-11-23 18:32:33 -08:00
Mariano Cano	a33709ce8d	Fix sign ssh options tests.	2021-11-23 18:06:18 -08:00
Mariano Cano	1da7ea6646	Return always http errors in sign ssh options.	2021-11-23 17:52:39 -08:00
Herman Slatman	2d50c96d99	Merge branch 'master' into hs/acme-revocation	2021-11-19 17:00:18 +01:00
Mariano Cano	b6ebd118fc	Update temporal solution for sending message to users	2021-11-18 18:47:55 -08:00
Mariano Cano	668d3ea6c7	Modify errs.Wrap() with bad request to send messages to users.	2021-11-18 18:44:58 -08:00
Mariano Cano	8c8db0d4b7	Modify errs.BadRequestErr() to always return an error to the client.	2021-11-18 18:17:36 -08:00
Mariano Cano	8ce807a6cb	Modify errs.BadRequest() calls to always send an error to the client.	2021-11-18 15:12:44 -08:00
Mariano Cano	440616cffa	Merge pull request #750 from smallstep/duration-errors Report duration errors directly to the cli.	2021-11-17 12:06:31 -08:00
Mariano Cano	acd0bac025	Remove extra and in comment.	2021-11-17 12:03:29 -08:00
Mariano Cano	1aadd63cef	Use always badRequest on duration errors.	2021-11-17 12:00:54 -08:00
Mariano Cano	41fec1577d	Report duration errors directly to the cli.	2021-11-17 11:46:57 -08:00
Herman Slatman	e7a988b2cd	Pin golangci-lint to v1.43.0 and fix issues	2021-11-13 01:30:03 +01:00
Herman Slatman	3151255a25	Merge branch 'master' into hs/acme-revocation	2021-10-30 15:41:29 +02:00
max furman	933b40a02a	Introduce gocritic linter and address warnings	2021-10-08 14:59:57 -04:00
Mariano Cano	a50654b468	Check for admins in both emails and groups.	2021-09-23 15:49:28 -07:00
Mariano Cano	141c519171	Simplify check of principals in a case insensitive way Fixes #679	2021-09-08 16:00:33 -07:00
Fearghal O Floinn	7a94b0c157	Converts group and subgroup to lowercase for comparison. Fixes #679	2021-09-08 12:24:49 +01:00
Mariano Cano	f919535475	Add an extra way to distinguish Azure and Azure OIDC tokens. We used to distinguish these tokens using the azp claim, but this claim does not appear on new azure oidc tokens, at least on some configurations. This change will try to load by audience (client id) if the token contains an email, required for OIDC.	2021-08-30 16:37:29 -07:00
Mariano Cano	40e77f6e9a	Initialize required variables on GetIdentityToken Fixes smallstep/cli#465	2021-08-26 17:56:40 -07:00
Mariano Cano	42fde8ba28	Merge branch 'master' into linkedca	2021-08-25 15:56:50 -07:00
Mariano Cano	d4ae267add	Fix ErrAllowTokenReuse comment.	2021-08-11 14:59:26 -07:00
Mariano Cano	9e5762fe06	Allow the reuse of azure token if DisableTrustOnFirstUse is true Azure caches tokens for 24h and we cannot issue a new certificate for the same instance in that period of time. The meaning of this parameter is to allow the signing of multiple certificate in one instance. This is possible in GCP, because we get a new token, and is possible in AWS because we can generate a new one. On Azure there was no other way to do it unless you wait for 24h. Fixes #656	2021-08-11 11:50:54 -07:00
Mariano Cano	f7542a5bd9	Move check of ssh revocation from provisioner to the authority.	2021-07-21 15:22:57 -07:00
Herman Slatman	258efca0fa	Improve revocation authorization	2021-07-10 00:28:31 +02:00
max furman	77fdfc9fa3	Merge branch 'master' into max/cert-mgr-crud	2021-07-02 20:26:46 -07:00
max furman	9fdef64709	Admin level API for provisioner mgmt v1	2021-07-02 19:05:17 -07:00
Herman Slatman	a64974c179	Fix small typo in divisible	2021-05-26 16:15:26 -07:00
Herman Slatman	d46a4eaca4	Change fmt to errors package for formatting errors	2021-05-26 16:15:26 -07:00
Herman Slatman	2beea1aa89	Add configuration option for specifying the minimum public key length Instead of using the defaultPublicKeyValidator a new validator called publicKeyMinimumLengthValidator has been implemented that uses a configurable minimum length for public keys in CSRs. It's also an option to alter the defaultPublicKeyValidator to also take a parameter, but that would touch quite some lines of code. This might be a viable option after merging SCEP support.	2021-05-26 16:15:26 -07:00
Herman Slatman	4168449935	Fix typo	2021-05-26 16:15:26 -07:00
Herman Slatman	fa100a5138	Mask challenge password after it has been read	2021-05-26 16:15:26 -07:00
Herman Slatman	97b88c4d58	Address (most) PR comments	2021-05-26 16:12:57 -07:00
Herman Slatman	4fe7179b95	Add support for configuring capabilities (cacaps)	2021-05-26 16:08:24 -07:00
Herman Slatman	3b86550dbf	Add support for challenge password	2021-05-26 16:08:24 -07:00
Herman Slatman	da65f46d0f	Add AuthorizeSign method to SCEP authority	2021-05-26 16:04:21 -07:00
Herman Slatman	2a249d20de	Refactor initialization of SCEP authority	2021-05-26 16:04:19 -07:00
Herman Slatman	339039768c	Refactor SCEP authority initialization and clean some code	2021-05-26 16:00:08 -07:00
Herman Slatman	48c86716a0	Add rudimentary (and incomplete) support for SCEP	2021-05-26 15:58:04 -07:00
max furman	638766c615	wip	2021-05-19 18:23:20 -07:00
max furman	4f3e5ef64d	wip	2021-05-19 15:20:16 -07:00
max furman	5d09d04d14	wip	2021-05-19 15:20:16 -07:00
max furman	7b5d6968a5	first commit	2021-05-19 15:20:16 -07:00
Herman Slatman	a3ec890e71	Fix small typo in divisible	2021-05-07 00:31:34 +02:00

1 2 3 4 5 ...

360 Commits