Commit Graph

88 Commits

Author SHA1 Message Date
max furman
fe7973c060 wip 2019-09-19 13:17:45 -07:00
max furman
e3826dd1c3 Add ACME CA capabilities 2019-09-13 15:48:33 -07:00
Mariano Cano
10e7b81b9f Merge branch 'master' into ssh-ca 2019-09-05 23:06:01 +02:00
max furman
635c59ed24 Accept emails SANs 2019-08-23 15:59:30 -07:00
Mariano Cano
1c8f610ca9 Add initial implementation of an SSH CA using the JWK provisioner.
Fixes smallstep/ca-component#187
2019-07-23 18:46:43 -07:00
Mariano Cano
44e85b51f2 Add some extra coverage. 2019-06-21 15:12:36 -07:00
Mariano Cano
aa63f8f32c Add missing root certificate to test. 2019-06-21 14:52:06 -07:00
Mariano Cano
f9e2ea9bd6 Revert "Do not depend on config package."
This reverts commit cc1c6f2cb4.
2019-06-18 14:44:19 -07:00
Mariano Cano
cc1c6f2cb4 Do not depend on config package.
Config package will panic if it cannot create the step path folder.
2019-06-18 13:16:23 -07:00
Mariano Cano
01b6aebbf7 Make provisioner more configurable.
The intention of this change is to make it usable from cert-manager.
2019-06-17 19:01:04 -07:00
Mariano Cano
e8498bf612 Add new WithDatabase to test reload. 2019-05-10 17:49:15 -07:00
Mariano Cano
120e2d0caf Fix restart with simple DB. 2019-05-10 16:14:21 -07:00
Mariano Cano
3a1a4c5ea9 Do not allow reload with database configuration changes.
Fixes #smallstep/ca-component#170
2019-05-10 15:58:37 -07:00
Mariano Cano
b595c55f0a Update CA properties on reload.
Fixes #71
2019-05-03 15:40:59 -07:00
max furman
c242602231 reload and shutdown trickery
* Only shutdown the database once.
* Be careful when reloading the CA. Depending on whether the DB has
already been shutdown, and error may be unrecoverable.
2019-04-25 13:25:41 -07:00
max furman
cbeca9383b Update nosql integration
* shutdown and reload database on SIGHUP
2019-04-24 18:00:59 -07:00
Mariano Cano
c2c9798149 Fix review issues. 2019-04-12 14:59:55 -07:00
Mariano Cano
46b9b117e3 Add test for provisioner type. 2019-04-12 13:05:56 -07:00
Mariano Cano
13783301ce Remove test for unnecessary method. 2019-04-12 11:22:49 -07:00
Mariano Cano
b4739c185d Remove unnecessary method GetCertificateRenewer. 2019-04-12 11:10:56 -07:00
Mariano Cano
fa216ccaad Use SetTransport method. 2019-04-12 11:06:38 -07:00
Mariano Cano
43c5831582 Merge branch 'master' into step-sds 2019-04-11 11:47:20 -07:00
max furman
ab4d569f36 Add /revoke API with interface db backend 2019-04-10 13:50:35 -07:00
Mariano Cano
888ef147fa Expose a way to update the transport. 2019-04-03 19:37:12 -07:00
Mariano Cano
c42265972a Add the autocert provisioner to the ca package. 2019-04-03 12:37:17 -07:00
Mariano Cano
7800f5960a Add test for GetCertificateRenewer 2019-04-03 11:53:04 -07:00
Mariano Cano
8d2de64811 Add method to get a certificate renewer. 2019-04-03 11:08:09 -07:00
Mariano Cano
27b6ac0a58 Add INT and TERM signal handler. 2019-04-03 11:07:11 -07:00
Mariano Cano
64f2615864 Fix tests. 2019-03-25 12:35:21 -07:00
Mariano Cano
b07fe546fd Fix types in tests. 2019-03-07 15:58:56 -08:00
Mariano Cano
5ce5a891f7 Add email SAN with email parameter in the JWK 2019-03-06 17:01:12 -08:00
Mariano Cano
262a9d0978
Merge pull request #27 from smallstep/mariano/renew-pool
SDK should update certificate pools safely
2019-02-06 16:56:38 -08:00
Mariano Cano
e0fff4d80b Fix typo. 2019-02-06 16:52:44 -08:00
Mariano Cano
f1f6c548ad Fix typo. 2019-02-06 16:48:20 -08:00
Mariano Cano
758d829355 Fix tests. 2019-02-05 20:27:29 -08:00
max furman
3415a1fef8 move SplitSANs to cli 2019-02-05 19:32:01 -08:00
Mariano Cano
975cb75fbd Fix typo. 2019-02-05 17:33:16 -08:00
Mariano Cano
3c06d6f9bc Fix comment. 2019-02-05 17:30:10 -08:00
Mariano Cano
e330ac547c Fix comment. 2019-02-05 17:29:28 -08:00
Mariano Cano
cd934bbede Remove println 2019-02-05 17:27:10 -08:00
max furman
6937bfea7b claims.SANS -> claims.SANs 2019-02-04 20:22:02 -08:00
Mariano Cano
4c9dccd3f6 Allow multiple certificates in the root pem. 2019-02-04 10:29:52 -08:00
max furman
ab78534b08 add test for SAN backwards compatibility with CLI
* new provisioner tokens always contain the crt.Subject.CommonName
in the SANS attribute of the token claims. added tests that verifies
backwards compatibility still works in cases where the token does not
contain the subject as a SAN claim.
2019-02-01 12:24:21 -06:00
max furman
e6e8443f3c allow multiple identical SANs in cert 2019-01-31 11:20:21 -06:00
max furman
f0683c2e0a Enable signing certificates with custom SANs
* validate against SANs in token. must be 1:1 equivalent.
2019-01-30 18:21:03 -06:00
Mariano Cano
d394dd233a Initiate default RootCAs/ClientCAs when no options are passed. 2019-01-23 14:33:16 -08:00
Mariano Cano
25eba1a96c WIP on the safely rotate of root and federated certificates.
Fixes #23
2019-01-22 19:54:12 -08:00
Mariano Cano
bacbf85aa3 Add new bootstrap method that creates a listener. 2019-01-17 14:48:33 -08:00
Mariano Cano
984bf8d38c Add missing file. 2019-01-16 19:06:21 -08:00
Mariano Cano
1cc5e94666 Add simple test for federation. 2019-01-16 19:03:41 -08:00