Mariano Cano
c24d868d9d
Add tests for sign options.
6 years ago
Mariano Cano
5dfcbcf5dc
Add noop tests.
6 years ago
Mariano Cano
4ceb88fbae
Add tests for OIDC and complete some JWK tests.
6 years ago
Mariano Cano
dce3100cfb
Add missing time in validation.
6 years ago
Mariano Cano
fb279c89fb
Restore deleted methods.
6 years ago
Mariano Cano
955405d6aa
Add some comments added to master.
6 years ago
Mariano Cano
af9688c419
Fix some testing errors.
6 years ago
Mariano Cano
f17d2d9694
Remove debug statements.
6 years ago
Mariano Cano
67c79fd014
Add tests for default provisioner.
6 years ago
Mariano Cano
cf2dba3efb
Add tests for keyStore.
6 years ago
Mariano Cano
2a5430fee1
Complete tests for collection.
6 years ago
Mariano Cano
54d86ca1c1
testing work in progress.
6 years ago
Mariano Cano
9f7f871f25
Add noop provisioner and use it if a provisioner cannot been found from a cert.
6 years ago
Mariano Cano
47817ab212
Fix interface type.
6 years ago
Mariano Cano
cc8764c343
Initialize the list for backward compatibility.
6 years ago
Mariano Cano
c0ef6f8dc5
Add missing modifier and change return codes.
6 years ago
Mariano Cano
a97ea87caa
Move options to provisioner so we can set the duration of the cert.
6 years ago
Mariano Cano
507fd01062
Remove provisioner intermediate type.
6 years ago
Mariano Cano
1671ab2590
Fix some tests.
6 years ago
Mariano Cano
d92a7f2948
Rename provisioner to jwk.
6 years ago
Mariano Cano
a1782733fe
Rename files.
6 years ago
Mariano Cano
2d00cd0933
Validate audiences in the default provisioner.
6 years ago
Mariano Cano
33c1449360
Remove deprecated file.
6 years ago
Mariano Cano
57b705f6cf
Use provisioner sign options.
6 years ago
Mariano Cano
9d4034fbf6
Remove unused code.
6 years ago
Mariano Cano
6d395f3818
Add missing validy validator to oidc.
6 years ago
Mariano Cano
602a42813c
Re-enable replay protection for JWK provisioner.
6 years ago
Mariano Cano
ab1cca03d7
Use new provisioners in authorize methods.
6 years ago
Mariano Cano
54ed49f072
Rename package.
6 years ago
Mariano Cano
c776ca3bd6
Use provisioner.Collection to store and request the provisioners.
6 years ago
Mariano Cano
34833d4fd5
Add validators from the authority package.
6 years ago
Mariano Cano
0dee841a4f
Complete first version of provisioner implementations.
6 years ago
Mariano Cano
7eb6eb1d3e
Complete provisioner.Claims with methods from authority.
6 years ago
Mariano Cano
fb77397fc7
Add new options to locate or list provisioners.
6 years ago
Mariano Cano
34ff388828
Use new types in config.
6 years ago
Mariano Cano
62dab7b6b8
Rename interface method.
6 years ago
Mariano Cano
5a8f78d9d0
Add support to collection to load the encrypted keys.
6 years ago
Mariano Cano
dd0376657c
Move collection to a new file.
6 years ago
Mariano Cano
4b2b6ffe32
Create the provisioner type used to englobe all different provisioners.
6 years ago
Mariano Cano
bed3132028
Move provisioner to authority/provisioner package.
6 years ago
Mariano Cano
fc0b2ca5a6
Revert "Move provisioners to authority/provisioner package."
...
This reverts commit f88d622a67
.
6 years ago
Mariano Cano
f88d622a67
Move provisioners to authority/provisioner package.
6 years ago
Mariano Cano
a2a45f635b
Add initial implementation of an OIDC provisioner.
6 years ago
max furman
229e5908b7
Added test for different authority key id after renew
...
Also ran dep ensure.
6 years ago
Mariano Cano
d78febec7a
Fix extensions copy on renew
...
Fixes #36
6 years ago
max furman
7e43402575
bug fix: don't add common name to CSR validation claims in Sign
...
* added unit test for this case
6 years ago
max furman
3415a1fef8
move SplitSANs to cli
6 years ago
max furman
6937bfea7b
claims.SANS -> claims.SANs
6 years ago
max furman
93f39c64a0
backwards compat only when SANS empty
6 years ago
max furman
fe8c8614b2
SANS backwards compat when token missing sujbect SAN
6 years ago
max furman
e6e8443f3c
allow multiple identical SANs in cert
6 years ago
max furman
f0683c2e0a
Enable signing certificates with custom SANs
...
* validate against SANs in token. must be 1:1 equivalent.
6 years ago
Derrick Lyndon Pallas
7a5c4a1112
authority/provisioners: fix overflow on 32-bit systems
...
In Go, len returns signed ints, not unsigned ints; consequently, this code
comparison overflows on 32-bit systems, like ARM.
6 years ago
max furman
2c72ada610
remove dead code
6 years ago
max furman
6dc89f46d8
make Duration public
6 years ago
max furman
0615f7eb11
don't wrap time.Duration
6 years ago
max furman
4b742042ee
make Duration wrapper publicly accessible
6 years ago
Mariano Cano
e8ac3f4888
Add comment to differentiate GetRootCertificates and GetRoots.
6 years ago
Mariano Cano
6e620073f5
Rename method Empties to HasEmpties
6 years ago
max furman
cfbb2a6f41
method documentation grammar fix
6 years ago
Mariano Cano
518b597535
Remove mTLS client requirement in /roots and /federation
6 years ago
Mariano Cano
1763ede99d
Add tests for new methods.
6 years ago
Mariano Cano
d296cf95a9
Add mTLS request to get all the root CAs, not the federated ones.
6 years ago
Mariano Cano
98cc243a37
Add support for multiple roots.
6 years ago
Mariano Cano
722bcb7e7a
Add initial support for federated root certificates.
6 years ago
Mariano Cano
7e95fc0e45
Strip ports on audience check.
...
Services might have proxies behind them so we cannot rely on them.
Fixes #17
6 years ago
Mariano Cano
9b87e08faf
Do not require the port in the audience check.
...
Fixes #17
6 years ago
Mariano Cano
7da1d1adc2
Fix typo.
6 years ago
Mariano Cano
d6cad2a7f3
Add provisioner option to disable renewal.
...
Fixes smallstep/ca-component#108
6 years ago
max furman
c74fcd57a7
ca-component -> certificates
...
* fix redundant error check
* add README
6 years ago
Mariano Cano
428661f472
Use name instead of issuer in error message.
6 years ago
max furman
0d9dd2d14b
provisioner issuer -> name
6 years ago
Mariano Cano
ea0307239a
Fix dead code and add missing error check.
6 years ago
Mariano Cano
d574545d94
Format code with `gofmt -s`
6 years ago
max furman
7fa06643b2
change step provisioner OID and ASN1 representation
6 years ago
max furman
b457b15292
fix: omit empty claims in AuthConfig
6 years ago
max furman
ca6087145f
fix unit test
6 years ago
max furman
a4a461466b
withProvisionerOID and unit test
6 years ago
max furman
283dc42904
add unit tests for MatchOne (token audience) and Authority.New
6 years ago
Mariano Cano
0ccf775f2e
Add support for cursors in the api.
6 years ago
Mariano Cano
1de8eb4bfa
Fix provisioner package move.
6 years ago
Mariano Cano
1db177b80d
Add backend support for provisioners with cursors.
...
Fixes #83
6 years ago
max furman
d2872564b4
accidentally removed DisableIssuedAtCheck during merge
6 years ago
max furman
ee7db4006a
change sign + authorize authority api | add provisioners
...
* authorize returns []interface{}
- operators in this list can conform to any interface the user decides
- our implementation has a combination of certificate claim validators
and certificate template modifiers.
* provisioners can set and enforce tls cert options
6 years ago
Mariano Cano
1c1ac1b3fb
Add disableIssuedAt check functionality
...
Fixes #86
6 years ago
Mariano Cano
69da47a727
Set audience using the sign url.
6 years ago
max furman
0b5f6487e1
change provisioners api
...
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
6 years ago
max furman
f1dc00c810
add Provisioner config validation
6 years ago
max furman
0e904989d2
add unit tests for authority.Provisioners api
6 years ago
max furman
d773770a44
add authority.New unit tests
6 years ago
max furman
c284a2c0ab
first commit
6 years ago