Mariano Cano
a017c0e3fb
Merge branch 'master' into AuthParams
4 months ago
max furman
99ce13a4ea
Fix linter warnings
5 months ago
Jeremy Doupe
03c3cf5790
fixed Scopes and AuthParams assignment
6 months ago
Jeremy Doupe
4879376138
add AuthParams and Scopes to linkedca OIDC structures
6 months ago
Mariano Cano
725a913f66
Allow custom SCEP key manager
...
This commit allows to inject a custom key manger for SCEP.
6 months ago
Mariano Cano
10f6a901ec
Let the CA determine the RA lifetime
...
When the RA mode with StepCAS is used, let the CA decide which lifetime
the RA should get instead of requiring always 24h.
This commit also fixes linter warnings.
Related to #1094
7 months ago
Mariano Cano
b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3
10 months ago
Mariano Cano
52baf52f84
Change scep password type to string
...
This commit changes the type of the decrypter key password to string to
be consistent with other passwords in the ca.json
1 year ago
Herman Slatman
4fd4227b73
Use shorter SCEP decrypter property names from linkedca
1 year ago
Herman Slatman
5fd70af2c8
Make API responses aware of the new SCEP decrypter properties
1 year ago
Herman Slatman
d9f56cdbdc
Merge branch 'master' into herman/scep-provisioner-decrypter
1 year ago
Herman Slatman
9d3b78ae49
Add `excludeIntermediate` to SCEP provisioner
1 year ago
Max
e22166c628
provisionerOptionsToLinkedCA missing template and templateData ( #1520 )
1 year ago
Herman Slatman
569a1be12c
Merge branch 'master' into herman/scep-provisioner-decrypter
1 year ago
Mariano Cano
c7c7decd5e
Add support for the disableSmallstepExtensions claim
...
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.
Fixes #620
1 year ago
Herman Slatman
567fc25404
Use the RSA decryption configuration for signing responses too
1 year ago
Herman Slatman
180162bd6a
Refactor SCEP provisioner and decrypter
1 year ago
Herman Slatman
0153ff4377
Remove superfluous `GetChallengePassword`
1 year ago
Herman Slatman
c169defc73
Merge pull request #1136 from smallstep/herman/ignore-empty-acme-meta
2 years ago
Herman Slatman
920c4f02c5
Add additional properties to provisioner converters
2 years ago
Mariano Cano
c7f226bcec
Add support for renew when using stepcas
...
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.
The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.
Fixes #1021 for stepcas
2 years ago
Mariano Cano
bd1938b0da
Add support for storing or sending attestation data to linkedca
2 years ago
Andrew Reed
7101fbb0ee
Provisioner webhooks ( #1001 )
2 years ago
Mariano Cano
906c5067b9
Include attestation roots on provisioner converters
2 years ago
max furman
f3d1863ec6
A few more linter errors
2 years ago
Mariano Cano
f0a24bd8ca
Add acme property to enable challenges
...
Fixes #1027
2 years ago
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2 years ago
Mariano Cano
bb0210e875
Fix typo in linkedca variable
2 years ago
Mariano Cano
66407139e5
Add methods to convert attestation formats
2 years ago
Mariano Cano
59c5219a07
Use a type for acme challenges
2 years ago
Mariano Cano
f1c63bc38d
Fix challenge mapping
2 years ago
Mariano Cano
bca311b05e
Add acme property to enable challenges
...
Fixes #1027
2 years ago
Max
f8148071fb
Merge pull request #915 from smallstep/max/removing-beta
...
exposing authority configuration for provisioner cli commands
2 years ago
Herman Slatman
c695b23e24
Fix check for admin not belonging to policy
2 years ago
max furman
25b8d196d8
Couple changes in response to PR
...
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
admins when not using Admin API
2 years ago
Herman Slatman
60d8b22d89
Change context retrievers to MustTFromContext
2 years ago
max furman
b91affdd34
exposing authority configuration for provisioner cli commands
3 years ago
Herman Slatman
a2cfbe3d54
Fix (part of) PR comments
3 years ago
Herman Slatman
abcad679ff
Merge branch 'master' into herman/allow-deny
3 years ago
Herman Slatman
d6be9450be
Merge branch 'master' into herman/allow-deny
3 years ago
Mariano Cano
d3b6bc3c75
Merge branch 'master' into fix/adminra
3 years ago
Mariano Cano
674dc3c844
Rename unreleased claim to allowRenewalAfterExpiry for consistency.
3 years ago
Mariano Cano
00cd0f5f21
Apply suggestions from code review
...
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
3 years ago
Mariano Cano
1d1e095447
Add tests for LoadProvisionerByCertificate.
3 years ago
Mariano Cano
dfdc9c06ed
Fix linter error importShadow
3 years ago
Mariano Cano
c55b27a2fc
Refactor admin token to use with RAs.
3 years ago
Mariano Cano
db337debcd
Load provisioner from the database instead of the extension.
3 years ago
Mariano Cano
df8ffb35af
Remove unnecessary database in provisioner config.
3 years ago
Herman Slatman
96f4c49b0c
Improve how policy errors are returned and used
3 years ago
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
3 years ago