Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,248 Commits
41 Branches
214 Tags
91 MiB
master
mariano/signer
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c7f226bcec'
${ noResults }
Commit Graph

69 Commits (c7f226bcec732dda892d8755e1078559f7a0a69d)

Author SHA1 Message Date
Mariano Cano c7f226bcec
Add support for renew when using stepcas 
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.

The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.

Fixes #1021 for stepcas
 2 years ago
Raal Goff d2483f3a70 Merge branch 'master' into crl-support 
# Conflicts:
#	authority/config/config.go
 2 years ago
Mariano Cano 23b8f45b37 Address gosec warnings 
Most if not all false positives
 2 years ago
Raal Goff 9fa5f46213 add minor doco, Test_CRLGeneration(), fix some issues from merge 2 years ago
Raal Goff 60671b07d7 Merge branch 'master' into crl-support 
# Conflicts:
#	api/api.go
#	authority/config/config.go
#	cas/softcas/softcas.go
#	db/db.go
 2 years ago
Mariano Cano 43ddcf2efe Do not use deprecated AuthorizeSign 2 years ago
Mariano Cano 817af3d696 Fix unit tests on the api package 2 years ago
Raal Goff 49c41636cc implemented some requested changes 2 years ago
Andrew Reed d5d70baba7
Add /roots.pem handler (#866) 
* Add /roots.pem handler

* Review changes

* Remove no peer cert test case
 2 years ago
Panagiotis Siatras 29092b9d8a
api: refactored to use the read package 2 years ago
Mariano Cano 616490a9c6 Refactor renew after expiry token authorization 
This changes adds a new authority method that authorizes the
renew after expiry tokens.
 2 years ago
Mariano Cano afb5d36206 Allow to renew certificates using an x5c-like token. 2 years ago
Herman Slatman 5fe9909174
Refactor AdminAuthority interface 2 years ago
Herman Slatman 2215a05c28
Add tests for ACME EAB Admin 
Refactored some of the existing bits for testing the Authority
API by creation of a new LinkedAuthority interface and changing
visibility of the MockAuthority to be usable by other packages.

At this time, not all of the functions of MockAuthority it usable
yet. Will refactor when needed or requested.
 2 years ago
Mariano Cano 8c8db0d4b7 Modify errs.BadRequestErr() to always return an error to the client. 3 years ago
Mariano Cano 8ce807a6cb Modify errs.BadRequest() calls to always send an error to the client. 3 years ago
Herman Slatman e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
Mariano Cano c1c986922b Show Ed25519 in the public-key log field. 3 years ago
max furman f88f58440f add //nolint for new 1.16 deprecation warnings 
- dsa
- pem.DecryptPEMBlock
 3 years ago
Mariano Cano ba918100d0 Use go.step.sm/crypto/jose 
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
 4 years ago
Mariano Cano 4943ae58d8 Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates. 4 years ago
Mariano Cano e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 4 years ago
Mariano Cano 6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 4 years ago
max furman fd05f3249b A few last fixes and tests added for rekey/renew ... 
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
 4 years ago
dharanikumar-s dfda497929 Renamed RenewOrRekey to Rekey 4 years ago
dharanikumar-s a3b5211e0f gofmted the code 4 years ago
dharanikumar-s 954fda657b Added renewOrRekey to mockAuthority. Added Test_caHandler_Rekey 4 years ago
Mariano Cano fa416336a8 Add context to tests. 4 years ago
max furman 1cb8bb3ae1 Simplify statuscoder error generators. 4 years ago
max furman dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests. 
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
 4 years ago
Mariano Cano dedf6b17be Addapt tests to the api change. 4 years ago
Mariano Cano b179ad3662 Fix api tests. 4 years ago
Mariano Cano 8bf3bf701e Add support for /ssh/bastion method. 4 years ago
Mariano Cano 0ae9bab21e Fix api tests. 4 years ago
Mariano Cano d880a98295 Add tests for ssh api methods. 4 years ago
Mariano Cano d08db4df23 Rename SSH methods. 4 years ago
Mariano Cano 91130b9c3f Add support for user data in templates. 4 years ago
Mariano Cano a35988ff08 Add initial support for ssh config. 
Related to smallstep/cli#170
 4 years ago
Mariano Cano 961be1fbc7 Add endpoint to return the SSH public keys. 
Related to smallstep/ca-component#195
 4 years ago
Jozef Kralik bc6074f596 Change api of functions Authority.Sign, Authority.Renew 
Returns certificate chain instead of 2 members.

Implements #126
 5 years ago
max furman e3826dd1c3 Add ACME CA capabilities 5 years ago
max furman 61d52a8510 Small fixes associated with PR review 
* additions and grammar edits to documentation
* clarification of error msgs
 5 years ago
Mariano Cano 10e7b81b9f Merge branch 'master' into ssh-ca 5 years ago
max furman 2b41faa9cf Enforce >= 2048 bit rsa keys at the provisioner layer 
* Fixes #94
* In the future this should be configurable by provisioner
 5 years ago
Mariano Cano ca74bb1de5 Add ssh api tests. 5 years ago
Mariano Cano ba2ba54928 Adapt api package to new interfaces. 5 years ago
max furman ab4d569f36 Add /revoke API with interface db backend 5 years ago
Mariano Cano 64f2615864 Fix tests. 5 years ago