Mariano Cano
4c9dccd3f6
Allow multiple certificates in the root pem.
2019-02-04 10:29:52 -08:00
max furman
ab78534b08
add test for SAN backwards compatibility with CLI
...
* new provisioner tokens always contain the crt.Subject.CommonName
in the SANS attribute of the token claims. added tests that verifies
backwards compatibility still works in cases where the token does not
contain the subject as a SAN claim.
2019-02-01 12:24:21 -06:00
max furman
e6e8443f3c
allow multiple identical SANs in cert
2019-01-31 11:20:21 -06:00
max furman
f0683c2e0a
Enable signing certificates with custom SANs
...
* validate against SANs in token. must be 1:1 equivalent.
2019-01-30 18:21:03 -06:00
Mariano Cano
d394dd233a
Initiate default RootCAs/ClientCAs when no options are passed.
2019-01-23 14:33:16 -08:00
Mariano Cano
25eba1a96c
WIP on the safely rotate of root and federated certificates.
...
Fixes #23
2019-01-22 19:54:12 -08:00
Mariano Cano
bacbf85aa3
Add new bootstrap method that creates a listener.
2019-01-17 14:48:33 -08:00
Mariano Cano
984bf8d38c
Add missing file.
2019-01-16 19:06:21 -08:00
Mariano Cano
1cc5e94666
Add simple test for federation.
2019-01-16 19:03:41 -08:00
Mariano Cano
dbd1bf11f1
Rename variable.
2019-01-14 17:35:38 -08:00
Mariano Cano
7dc61bf233
Remove deprecated code
2019-01-11 19:13:06 -08:00
Mariano Cano
518b597535
Remove mTLS client requirement in /roots and /federation
2019-01-11 19:08:08 -08:00
Mariano Cano
9adc65febf
Add test for newTLSOptionCtx
2019-01-10 15:31:40 -08:00
Mariano Cano
6116523055
Fix random order in tests.
2019-01-10 10:57:06 -08:00
Mariano Cano
8510e25b3b
Add test with bootstrap server.
2019-01-09 18:48:15 -08:00
Mariano Cano
f99ae9da93
Add root rotation test.
2019-01-09 17:55:32 -08:00
Mariano Cano
af9e6488fc
Make the renew test shorter.
2019-01-09 17:35:00 -08:00
Mariano Cano
25ddbaedff
Allow to customize the minimal cert duration for tests.
2019-01-09 17:24:11 -08:00
Mariano Cano
10aaece1b0
Update root certificates on renew.
2019-01-09 13:20:28 -08:00
Mariano Cano
6d3e8ed93c
Add all root certificates by default on bootstrap methods.
2019-01-07 18:55:40 -08:00
Mariano Cano
d296cf95a9
Add mTLS request to get all the root CAs, not the federated ones.
2019-01-07 17:48:56 -08:00
Mariano Cano
98cc243a37
Add support for multiple roots.
2019-01-07 15:30:28 -08:00
Mariano Cano
722bcb7e7a
Add initial support for federated root certificates.
2019-01-04 17:51:32 -08:00
Mariano Cano
7e2f80ac30
Fix grammar error
2018-11-27 16:29:14 -08:00
max furman
c0107ab5b9
Fix ca renew documentation
2018-11-27 16:25:01 -08:00
Mariano Cano
f7a5be3942
Force the renew of the CA server.
2018-11-27 15:57:13 -08:00
Mariano Cano
b0a410066b
Add support for parsing endpoints without schema.
...
Fixes smallstep/ca-component#117
2018-11-26 18:29:45 -08:00
Mariano Cano
d872f09910
Use mTLS by default on SDK methods.
...
Add options to modify the tls.Config for different configurations.
Fixes #7
2018-11-21 13:31:09 -08:00
Mariano Cano
9c64dbda9a
Add helpers to add direct support for mTLS.
2018-11-07 16:07:35 -08:00
Mariano Cano
b23e3bec7f
Remove comment of removed arguments.
2018-11-06 17:45:41 -08:00
max furman
5f2d998584
change documentation for bootstrap Server|Client
...
* provide documentation for default and non-default invocation.
2018-11-06 17:39:00 -08:00
Mariano Cano
ba88c8c5cb
Add context to bootstrap methods.
2018-11-06 17:16:33 -08:00
Mariano Cano
7eb8aeb1f1
Add tests for bootstrap functions.
2018-11-05 12:22:10 -08:00
Mariano Cano
091506a994
Add bootstrap helpers that uses just a token.
2018-11-02 18:54:49 -07:00
max furman
c74fcd57a7
ca-component -> certificates
...
* fix redundant error check
* add README
2018-10-31 21:36:01 -07:00
max furman
0d9dd2d14b
provisioner issuer -> name
2018-10-29 18:00:30 -07:00
Mariano Cano
71a3587b76
Add client support for provisioner cursor and limit options.
...
Fixes #83
2018-10-26 11:35:15 -07:00
Mariano Cano
99cab73360
Remove unused import /provisioners/jwk-set-by-issuer
2018-10-25 18:55:18 -07:00
max furman
ee7db4006a
change sign + authorize authority api | add provisioners
...
* authorize returns []interface{}
- operators in this list can conform to any interface the user decides
- our implementation has a combination of certificate claim validators
and certificate template modifiers.
* provisioners can set and enforce tls cert options
2018-10-18 22:26:39 -07:00
Mariano Cano
d7c31c3133
Properly fill CSR DNSNames or IPAddresses
2018-10-24 19:49:16 -07:00
Mariano Cano
2b2598c695
Fix audience to fix ca tests.
2018-10-24 12:50:42 -07:00
Mariano Cano
511e1a9e23
Fix getting transport from root fingerprint.
2018-10-24 12:42:37 -07:00
max furman
0b5f6487e1
change provisioners api
...
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
2018-10-11 23:03:00 -07:00
Mariano Cano
7b6a3ea427
Add client methods for provisioning endpoints.
2018-10-09 14:54:29 -07:00
max furman
378166a3b2
add full stack tests for multiple provisioners api
...
* /provisioners and /provisioners/<key-id>/encrypted-key
2018-10-09 13:37:47 -07:00
max furman
d773770a44
add authority.New unit tests
2018-10-08 21:48:44 -07:00
max furman
c284a2c0ab
first commit
2018-10-05 21:48:36 +00:00