Mariano Cano
d64427487d
Add comment about the missing error check.
4 years ago
Mariano Cano
e17ce39e3a
Add support for Revoke using CAS.
4 years ago
Mariano Cano
aad8f9e582
Pass issuer and signer to softCAS options.
...
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
4 years ago
Mariano Cano
1b1f73dec6
Early attempt to develop a CAS interface.
4 years ago
Mariano Cano
cef0475e71
Make clear what's a template/unsigned certificate.
4 years ago
Mariano Cano
c94a1c51be
Merge branch 'master' into ssh-cert-templates
4 years ago
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
4 years ago
max furman
81875074e3
tie -> the in comment
4 years ago
max furman
cb594ed2e0
go mod tidy and golang 1.15.0 cleanup ...
...
- cs.NegotiatedProtocolIsMutual has been deprecated but we still build
in travis with 1.14 so for now we'll ignore this linting error
- string(int) was resolving to string of a single rune rather than
string of digits -> use fmt.Sprint
4 years ago
Mariano Cano
d30a95236d
Use always go.step.sm/crypto
4 years ago
Mariano Cano
0a59efd853
Use new x509util to generate the CA certificate.
4 years ago
Mariano Cano
4943ae58d8
Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates.
4 years ago
Mariano Cano
ce1eb0a01b
Use new x509util for renew/rekey.
4 years ago
Mariano Cano
c8d225a763
Use x509util from go.step.sm/crypto/x509util
4 years ago
Mariano Cano
a7b65f1e1e
Add authority.Sign test with custom templates.
4 years ago
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
4 years ago
Mariano Cano
ccc705cdcd
Use alias x509legacy to cli x509util in tls.go.
4 years ago
Mariano Cano
8f0dd811af
Allow to send errors from template to cli.
4 years ago
Mariano Cano
4795e371bd
Add back the support for ca.json DN template.
4 years ago
Mariano Cano
d1d9ae42d6
Use certificates x509util instead of cli for certificate signing.
4 years ago
max furman
fd05f3249b
A few last fixes and tests added for rekey/renew ...
...
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
4 years ago
Max
ea9bc493b8
Merge pull request #307 from dharanikumar-s/master
...
Add support for rekeying Fixes #292
4 years ago
dharanikumar-s
57fb0c80cf
Removed calculating SubjectKeyIdentifier on Rekey
4 years ago
dharanikumar-s
dfda497929
Renamed RenewOrRekey to Rekey
4 years ago
dharanikumar-s
fe73154a20
Corrected misspelling
4 years ago
dharanikumar-s
2479371c06
Added error check while marshalling public key
4 years ago
dharanikumar-s
c8c3581e2f
SubjectKeyIdentifier extention is calculated from public key passed to this function instead of copying from old certificate
4 years ago
dharanikumar-s
8f504483ce
Added RenewOrRekey function based on @maraino suggestion. RenewOrReky is called from Renew.
4 years ago
dharanikumar-s
3813f57b1a
Add support for rekeying Fixes #292
4 years ago
max furman
d25e7f64c2
wip
4 years ago
max furman
3636ba3228
wip
4 years ago
max furman
1951669e13
wip
4 years ago
Mariano Cano
bfe1f4952d
Rename interface to CertificateEnforcer and add tests.
5 years ago
Mariano Cano
64f26c0f40
Enforce a duration for identity certificates.
5 years ago
Mariano Cano
05cc1437b7
Remove unnecessary parse of certificate.
5 years ago
Mariano Cano
43bd8113aa
Remove unnecessary comments.
5 years ago
Mariano Cano
69a1b68283
Merge branch 'ssh' into kms
5 years ago
max furman
b265877050
Simplify statuscoder error generators.
5 years ago
max furman
c387b21808
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
5 years ago
Mariano Cano
c62526b39f
Add wip support for kms.
5 years ago
Mariano Cano
e67ccd9e3d
Add fault tolerance against clock skew accross system on TLS certificates.
5 years ago
Mariano Cano
8eeb82d0ce
Store renew certificate in the database.
5 years ago
Mariano Cano
0c3b9ebf45
Fix indentation.
5 years ago
max furman
a9ea292bd4
sshpop provisioner + ssh renew | revoke | rekey first pass
5 years ago
Jozef Kralik
bc6074f596
Change api of functions Authority.Sign, Authority.Renew
...
Returns certificate chain instead of 2 members.
Implements #126
5 years ago
max furman
fe7973c060
wip
5 years ago
Mariano Cano
2127d09ef3
Rename context type to apiCtx.
...
It will conflict with the context package.
5 years ago
max furman
ab4d569f36
Add /revoke API with interface db backend
6 years ago
Mariano Cano
8c8547bf65
Remove unnecessary parse and improve tests.
6 years ago
Mariano Cano
a3e2b4a552
Move certificate check to the right place.
6 years ago
Mariano Cano
30a6889d1f
Use standard x509 instead of step one.
6 years ago
Mariano Cano
7fd737cbb1
Fix lint warnings.
6 years ago
Mariano Cano
1f5ff5c899
Fix sign and renew tests.
6 years ago
Mariano Cano
c0ef6f8dc5
Add missing modifier and change return codes.
6 years ago
Mariano Cano
a97ea87caa
Move options to provisioner so we can set the duration of the cert.
6 years ago
Mariano Cano
1671ab2590
Fix some tests.
6 years ago
Mariano Cano
57b705f6cf
Use provisioner sign options.
6 years ago
Mariano Cano
d78febec7a
Fix extensions copy on renew
...
Fixes #36
6 years ago
max furman
7e43402575
bug fix: don't add common name to CSR validation claims in Sign
...
* added unit test for this case
6 years ago
max furman
e6e8443f3c
allow multiple identical SANs in cert
6 years ago
max furman
f0683c2e0a
Enable signing certificates with custom SANs
...
* validate against SANs in token. must be 1:1 equivalent.
6 years ago
Mariano Cano
d6cad2a7f3
Add provisioner option to disable renewal.
...
Fixes smallstep/ca-component#108
6 years ago
Mariano Cano
d574545d94
Format code with `gofmt -s`
6 years ago
max furman
7fa06643b2
change step provisioner OID and ASN1 representation
6 years ago
max furman
a4a461466b
withProvisionerOID and unit test
6 years ago
max furman
ee7db4006a
change sign + authorize authority api | add provisioners
...
* authorize returns []interface{}
- operators in this list can conform to any interface the user decides
- our implementation has a combination of certificate claim validators
and certificate template modifiers.
* provisioners can set and enforce tls cert options
6 years ago
max furman
0b5f6487e1
change provisioners api
...
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
6 years ago
max furman
c284a2c0ab
first commit
6 years ago