Mariano Cano
f3f484cee2
Log errors using slog.Logger
...
This commit allows logging errors in a slog.Logger injected in the
context. This type of logger is not currently used directly in step-ca,
but this will change in the future.
5 months ago
verytrap
db92404342
chore: fix function names in comment
...
Signed-off-by: verytrap <wangqiuyue@outlook.com>
6 months ago
Mariano Cano
10f6a901ec
Let the CA determine the RA lifetime
...
When the RA mode with StepCAS is used, let the CA decide which lifetime
the RA should get instead of requiring always 24h.
This commit also fixes linter warnings.
Related to #1094
7 months ago
Herman Slatman
cf8a50157f
Add a basic e2e test for `X-Request-Id` reflection
8 months ago
Herman Slatman
041b486c55
Remove usages of `Sign` without context
8 months ago
Herman Slatman
2a8b80a3e1
Merge branch 'master' into herman/webhook-request-id
8 months ago
Herman Slatman
3dbb4aad3d
Change CRL unavailable case to HTTP 404
8 months ago
Herman Slatman
c76dad8a22
Improve tests for CRL HTTP handler
8 months ago
Herman Slatman
d1deb7f930
Add `Expires` header to CRL response
8 months ago
Mariano Cano
b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3
10 months ago
Max
9f84f7ce35
Allow for identity certificate signing (in sshSign) by skipping validators ( #1572 )
...
- skip urisValidator for identity certificate signing. Implemented
by building the validator with the context in a hacky way.
1 year ago
Mariano Cano
52baf52f84
Change scep password type to string
...
This commit changes the type of the decrypter key password to string to
be consistent with other passwords in the ca.json
1 year ago
Mariano Cano
33bdae4a34
Fix redacted tests
1 year ago
Mariano Cano
4d5fbfa439
Fix redacted types in SCEP provisioner
...
This commit uses the same types for the fields in the provisioner.SCEP
type and the "redacted" models.SCEP.
1 year ago
Herman Slatman
ffe079f31b
Merge branch 'master' into herman/scep-provisioner-decrypter
1 year ago
Herman Slatman
5fd70af2c8
Make API responses aware of the new SCEP decrypter properties
1 year ago
Herman Slatman
3ade92f8d5
Support both a decrypter key URI as well as PEM
1 year ago
Dominic Evans
231b5d8406
chore(deps): upgrade github.com/go-chi/chi to v5
...
Upgrade chi to the v5 module path to avoid deprecation warning about v4
and earlier on the old module path.
See https://github.com/go-chi/chi/blob/v4.1.3/go.mod#L1-L4
Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
1 year ago
Herman Slatman
4ef093dc4b
Fix broken tests relying on `Sign` in mocks
1 year ago
Herman Slatman
9e3807eaa3
Use `SignWithContext` in the critical paths
1 year ago
Herman Slatman
4e06bdbc51
Add `SignWithContext` method to authority and mocks
1 year ago
Herman Slatman
98d015b5c3
Fix linting issues
1 year ago
Herman Slatman
d9f56cdbdc
Merge branch 'master' into herman/scep-provisioner-decrypter
1 year ago
Herman Slatman
9d3b78ae49
Add `excludeIntermediate` to SCEP provisioner
1 year ago
Max
116ff8ed65
bump go.mod to go1.20 and associated linter fixes ( #1518 )
1 year ago
Herman Slatman
4186b2c2d0
Change JSON marshaling for SCEP provisioners
...
Instead of the old method that redacted sensitive information
by overriding the value of the property and changing it back
to the original, the API now uses a model specifically meant
for API responses. This prevents potential race conditions.
This may be iterated on a bit so that we don't need to rely
on the [provisioner.Interface] interface, which requires the
API model to implement unnecessary methods.
1 year ago
Herman Slatman
d754000a68
Fix SCEP provisioner API test
1 year ago
Herman Slatman
6985b4be62
Clean up the SCEP authority and provisioner
1 year ago
Herman Slatman
180162bd6a
Refactor SCEP provisioner and decrypter
1 year ago
Herman Slatman
0377fe559b
Add basic version of provisioner specific SCEP decrypter
1 year ago
Max
df13351586
Merge pull request #1381 from smallstep/max/go-1.19
...
Bump go.mod golang version to 1.19
1 year ago
max furman
8b256f0351
address linter warning for go 1.19
1 year ago
Herman Slatman
017c3273ef
Merge pull request #1374 from smallstep/herman/log-ssh-certificate
...
Log SSH certificates
1 year ago
Herman Slatman
f17bfdf57d
Reformat the SSH certificate logging output for read- and parsability
1 year ago
Herman Slatman
4c56877d97
Add SSH certificate logging to renew and rekey too
1 year ago
Panagiotis Siatras
2139121683
optimized render.JSON ( #929 )
...
* api/render: render JSON directly to the underlying writer
* also consider json.MarshalerError a panic
1 year ago
Herman Slatman
81140f859c
Fix `valid-from` and `valid-to` times
1 year ago
Herman Slatman
39e658b527
Add test for `LogSSHCertificate`
1 year ago
Herman Slatman
922f702da3
Add logging for SSH certificate issuance
1 year ago
Herman Slatman
f9ec62f46c
Merge branch 'master' into herman/improve-scep-marshaling
1 year ago
Panagiotis Siatras
d797941137
do not render CRLs in memory ( #1373 )
1 year ago
Herman Slatman
c365d8580e
Move provisioner marshaling logic to api package
2 years ago
Herman Slatman
b8c306ebfa
Refactor tests stylistically
2 years ago
Panagiotis Siatras
9197de3e96
api/log: removed dependency to certificates/logging
2 years ago
Panagiotis Siatras
b7f4881972
merged log tests
2 years ago
Herman Slatman
27bbc3682b
Improve error log test readability
2 years ago
Herman Slatman
362be72120
Fix `StackTracedError` logging
...
When running with `STEPDEBUG=1`, a response with a `StackTracedError`
would result in a nil pointer error. This commit fixes the check and
adds a test case.
2 years ago
Mariano Cano
c7f226bcec
Add support for renew when using stepcas
...
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.
The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.
Fixes #1021 for stepcas
2 years ago
Mariano Cano
59775fff0c
Merge branch 'master' into crl-support
2 years ago
max furman
66858a3870
No longer need to ignore context warnings when context in request
...
- after upgrade to golangci-lint 1.50.0
2 years ago