Commit Graph

33 Commits

Author SHA1 Message Date
Mariano Cano
ddd5057f63
Allow root and federated root bundles
This commit changes the parsing of root and federated roots to support
a bundle of certificates, this makes easier to configure a root rotation
when using helm charts, just appending the old root.
2022-11-08 17:06:22 -08:00
Mariano Cano
8942422973 Add GetID() and add authority to initial context 2022-05-10 16:51:09 -07:00
Herman Slatman
3612eefc31
Cleanup 2022-01-18 15:54:18 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
Mariano Cano
097a918da7 Fix tests when we create re-use a token with a new authority. 2021-08-30 16:36:18 -07:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
Herman Slatman
7e82bd6ef3 Add setup for Authority tests 2021-05-26 16:15:26 -07:00
Mariano Cano
fbd2208044 Close key manager for safe reloads when a cgo module is used. 2021-02-01 17:14:44 -08:00
Mariano Cano
60515d92c5 Remove unnecessary properties. 2020-09-16 13:31:26 -07:00
Mariano Cano
ba918100d0 Use go.step.sm/crypto/jose
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
Mariano Cano
b900a7a2fc Fix error message in tests. 2020-08-14 15:38:54 -07:00
Mariano Cano
d30a95236d Use always go.step.sm/crypto 2020-08-14 15:33:50 -07:00
Mariano Cano
6c64fb3ed2 Rename provisioner options structs:
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
2020-07-22 18:24:45 -07:00
Mariano Cano
4e544344f9 Initialize the required config fields on embedded authorities.
This change is to make easier the use of embedded authorities. It
can be difficult for third parties to know what fields are required.
The new init methods will define the minimum usable configuration.
2020-05-06 13:00:42 -07:00
Mariano Cano
b5eab009b2 Rename method to NewEmbedded 2020-05-05 17:46:22 -07:00
Mariano Cano
824374bde0 Create a method to initialize the authority without a config file.
When the CA is embedded in a third party product like Caddy, the
config needed to use placeholders to be valid. This change adds
a new method `NewEmbeddedAuthority` that allows to create an
authority with the given options, the minimum options are a root
and intermediate certificate, and the intermediate key.

Fixes #218
2020-05-04 18:52:18 -07:00
Mariano Cano
4eaeede77d Fix unit tests. 2020-02-11 14:05:37 -08:00
max furman
c387b21808 Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-22 17:25:23 -08:00
max furman
d3e74a0d2e switch from metalinter to golangci-lint 2019-08-27 16:39:48 -07:00
Mariano Cano
9f39cb5f2a Add test. 2019-05-10 16:53:35 -07:00
max furman
ab4d569f36 Add /revoke API with interface db backend 2019-04-10 13:50:35 -07:00
Mariano Cano
23e6de57a2 Address comments in code review. 2019-03-13 11:26:18 -07:00
Mariano Cano
54d86ca1c1 testing work in progress. 2019-03-07 19:30:17 -08:00
Mariano Cano
1671ab2590 Fix some tests. 2019-03-07 12:15:18 -08:00
Mariano Cano
98cc243a37 Add support for multiple roots. 2019-01-07 15:30:28 -08:00
Mariano Cano
7e95fc0e45 Strip ports on audience check.
Services might have proxies behind them so we cannot rely on them.
Fixes #17
2018-12-21 15:27:22 -08:00
Mariano Cano
d6cad2a7f3 Add provisioner option to disable renewal.
Fixes smallstep/ca-component#108
2018-11-01 15:43:24 -07:00
max furman
0d9dd2d14b provisioner issuer -> name 2018-10-29 18:00:30 -07:00
max furman
283dc42904 add unit tests for MatchOne (token audience) and Authority.New 2018-10-25 15:17:22 -07:00
max furman
ee7db4006a change sign + authorize authority api | add provisioners
* authorize returns []interface{}
 - operators in this list can conform to any interface the user decides
 - our implementation has a combination of certificate claim validators
 and certificate template modifiers.
* provisioners can set and enforce tls cert options
2018-10-18 22:26:39 -07:00
max furman
0b5f6487e1 change provisioners api
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
2018-10-11 23:03:00 -07:00
max furman
d773770a44 add authority.New unit tests 2018-10-08 21:48:44 -07:00
max furman
c284a2c0ab first commit 2018-10-05 21:48:36 +00:00