max furman
fe7973c060
wip
2019-09-19 13:17:45 -07:00
max furman
e3826dd1c3
Add ACME CA capabilities
2019-09-13 15:48:33 -07:00
Mariano Cano
10e7b81b9f
Merge branch 'master' into ssh-ca
2019-09-05 23:06:01 +02:00
max furman
635c59ed24
Accept emails SANs
2019-08-23 15:59:30 -07:00
Mariano Cano
1c8f610ca9
Add initial implementation of an SSH CA using the JWK provisioner.
...
Fixes smallstep/ca-component#187
2019-07-23 18:46:43 -07:00
Mariano Cano
44e85b51f2
Add some extra coverage.
2019-06-21 15:12:36 -07:00
Mariano Cano
aa63f8f32c
Add missing root certificate to test.
2019-06-21 14:52:06 -07:00
Mariano Cano
f9e2ea9bd6
Revert "Do not depend on config package."
...
This reverts commit cc1c6f2cb4
.
2019-06-18 14:44:19 -07:00
Mariano Cano
cc1c6f2cb4
Do not depend on config package.
...
Config package will panic if it cannot create the step path folder.
2019-06-18 13:16:23 -07:00
Mariano Cano
01b6aebbf7
Make provisioner more configurable.
...
The intention of this change is to make it usable from cert-manager.
2019-06-17 19:01:04 -07:00
Mariano Cano
e8498bf612
Add new WithDatabase to test reload.
2019-05-10 17:49:15 -07:00
Mariano Cano
120e2d0caf
Fix restart with simple DB.
2019-05-10 16:14:21 -07:00
Mariano Cano
3a1a4c5ea9
Do not allow reload with database configuration changes.
...
Fixes #smallstep/ca-component#170
2019-05-10 15:58:37 -07:00
Mariano Cano
b595c55f0a
Update CA properties on reload.
...
Fixes #71
2019-05-03 15:40:59 -07:00
max furman
c242602231
reload and shutdown trickery
...
* Only shutdown the database once.
* Be careful when reloading the CA. Depending on whether the DB has
already been shutdown, and error may be unrecoverable.
2019-04-25 13:25:41 -07:00
max furman
cbeca9383b
Update nosql integration
...
* shutdown and reload database on SIGHUP
2019-04-24 18:00:59 -07:00
Mariano Cano
c2c9798149
Fix review issues.
2019-04-12 14:59:55 -07:00
Mariano Cano
46b9b117e3
Add test for provisioner type.
2019-04-12 13:05:56 -07:00
Mariano Cano
13783301ce
Remove test for unnecessary method.
2019-04-12 11:22:49 -07:00
Mariano Cano
b4739c185d
Remove unnecessary method GetCertificateRenewer.
2019-04-12 11:10:56 -07:00
Mariano Cano
fa216ccaad
Use SetTransport method.
2019-04-12 11:06:38 -07:00
Mariano Cano
43c5831582
Merge branch 'master' into step-sds
2019-04-11 11:47:20 -07:00
max furman
ab4d569f36
Add /revoke API with interface db backend
2019-04-10 13:50:35 -07:00
Mariano Cano
888ef147fa
Expose a way to update the transport.
2019-04-03 19:37:12 -07:00
Mariano Cano
c42265972a
Add the autocert provisioner to the ca package.
2019-04-03 12:37:17 -07:00
Mariano Cano
7800f5960a
Add test for GetCertificateRenewer
2019-04-03 11:53:04 -07:00
Mariano Cano
8d2de64811
Add method to get a certificate renewer.
2019-04-03 11:08:09 -07:00
Mariano Cano
27b6ac0a58
Add INT and TERM signal handler.
2019-04-03 11:07:11 -07:00
Mariano Cano
64f2615864
Fix tests.
2019-03-25 12:35:21 -07:00
Mariano Cano
b07fe546fd
Fix types in tests.
2019-03-07 15:58:56 -08:00
Mariano Cano
5ce5a891f7
Add email SAN with email parameter in the JWK
2019-03-06 17:01:12 -08:00
Mariano Cano
262a9d0978
Merge pull request #27 from smallstep/mariano/renew-pool
...
SDK should update certificate pools safely
2019-02-06 16:56:38 -08:00
Mariano Cano
e0fff4d80b
Fix typo.
2019-02-06 16:52:44 -08:00
Mariano Cano
f1f6c548ad
Fix typo.
2019-02-06 16:48:20 -08:00
Mariano Cano
758d829355
Fix tests.
2019-02-05 20:27:29 -08:00
max furman
3415a1fef8
move SplitSANs to cli
2019-02-05 19:32:01 -08:00
Mariano Cano
975cb75fbd
Fix typo.
2019-02-05 17:33:16 -08:00
Mariano Cano
3c06d6f9bc
Fix comment.
2019-02-05 17:30:10 -08:00
Mariano Cano
e330ac547c
Fix comment.
2019-02-05 17:29:28 -08:00
Mariano Cano
cd934bbede
Remove println
2019-02-05 17:27:10 -08:00
max furman
6937bfea7b
claims.SANS -> claims.SANs
2019-02-04 20:22:02 -08:00
Mariano Cano
4c9dccd3f6
Allow multiple certificates in the root pem.
2019-02-04 10:29:52 -08:00
max furman
ab78534b08
add test for SAN backwards compatibility with CLI
...
* new provisioner tokens always contain the crt.Subject.CommonName
in the SANS attribute of the token claims. added tests that verifies
backwards compatibility still works in cases where the token does not
contain the subject as a SAN claim.
2019-02-01 12:24:21 -06:00
max furman
e6e8443f3c
allow multiple identical SANs in cert
2019-01-31 11:20:21 -06:00
max furman
f0683c2e0a
Enable signing certificates with custom SANs
...
* validate against SANs in token. must be 1:1 equivalent.
2019-01-30 18:21:03 -06:00
Mariano Cano
d394dd233a
Initiate default RootCAs/ClientCAs when no options are passed.
2019-01-23 14:33:16 -08:00
Mariano Cano
25eba1a96c
WIP on the safely rotate of root and federated certificates.
...
Fixes #23
2019-01-22 19:54:12 -08:00
Mariano Cano
bacbf85aa3
Add new bootstrap method that creates a listener.
2019-01-17 14:48:33 -08:00
Mariano Cano
984bf8d38c
Add missing file.
2019-01-16 19:06:21 -08:00
Mariano Cano
1cc5e94666
Add simple test for federation.
2019-01-16 19:03:41 -08:00