Commit graph

1785 commits

Author SHA1 Message Date
Miclain Keffeler
21dc406382 Begins to fix issue 87 2020-12-23 22:46:21 -06:00
Miclain Keffeler
bfd13f1f72 Revert "Begins to fix issue 87"
This reverts commit e2ba4159c3.
2020-12-23 22:43:47 -06:00
Miclain Keffeler
393c43201f Merge branch 'smallstep-by-provisioner-appendedcert' of https://github.com/mkkeffeler/certificates into smallstep-by-provisioner-appendedcert 2020-12-23 22:41:36 -06:00
Miclain Keffeler
7545b4a625 leverage intermediate_ca.crt for appending certs. 2020-12-23 22:41:10 -06:00
Miclain Keffeler
e2ba4159c3 Begins to fix issue 87 2020-12-22 16:39:39 -06:00
Max
c255863816
Merge pull request #438 from smallstep/max/broken-validate-challenge-test
Fix broken ValidateChallenge test
2020-12-18 18:24:47 -05:00
max furman
265d49dbf8 Remove debug statement 2020-12-18 18:17:55 -05:00
max furman
1f9aa65d66 Add test case 2020-12-18 17:05:25 -05:00
max furman
20f8d950c4 Fix broken ValidateChallenge test 2020-12-18 11:18:42 -05:00
Mariano Cano
bae209741f
Merge pull request #436 from smallstep/upgrade-crypto
Upgrade crypto and validate token id
2020-12-17 15:12:32 -08:00
Mariano Cano
5017b7d21f Recalculate token id instead of validating it. 2020-12-17 14:52:34 -08:00
Mariano Cano
86c947babc Upgrade crypto and fix test. 2020-12-17 14:17:08 -08:00
Mariano Cano
0cf594a003 Validate payload ID.
Related to #435
2020-12-17 13:35:14 -08:00
Mariano Cano
d6ea8b13ab Upgrade crypto.
Related to #435
2020-12-17 13:34:50 -08:00
Mariano Cano
1feb4fcb26 Merge branch 'glance--sshagentkms' 2020-11-18 17:53:15 -08:00
Mariano Cano
ccc403cf89 Fix comments, and return an error instead of fatal. 2020-11-18 17:50:21 -08:00
Mariano Cano
7d9997618f Upgrade crypto to v0.7.1
Add basic constraints extensions if defined.
2020-11-18 16:57:24 -08:00
max furman
19a3cd10a1 [docs] provisioners fix attr dupe and give warning about stale docs 2020-11-18 16:57:24 -08:00
Mariano Cano
2c164f39cc Fix rebase. 2020-11-18 16:57:24 -08:00
Mariano Cano
317a6b6aca Fix mispell. 2020-11-18 16:57:24 -08:00
Mariano Cano
0fcf9f8bc4 Use test/bufconn instead of a real listener. 2020-11-18 16:57:24 -08:00
Mariano Cano
a0171c221e Add missing docs. 2020-11-18 16:57:24 -08:00
Mariano Cano
74111d4432 Enable default cas implementation. 2020-11-18 16:57:24 -08:00
Mariano Cano
dfdbf493ac Add some extra tests. 2020-11-18 16:57:24 -08:00
Mariano Cano
b4795fcd28 Complete tests for softCAS. 2020-11-18 16:57:24 -08:00
Mariano Cano
1c77538d48 Fix lint error. 2020-11-18 16:57:24 -08:00
Mariano Cano
a01c3defc0 Complete CloudCAS tests.
Upgrade cloud.google.com/go
2020-11-18 16:57:24 -08:00
Mariano Cano
fb1f37648f Add missing files, mocks created using mockgen. 2020-11-18 16:57:24 -08:00
Mariano Cano
2611fc04d4 Add initial tests for CreateCertificateAuthority. 2020-11-18 16:57:24 -08:00
Mariano Cano
062edcdfb4 Fix unexpected error. 2020-11-18 16:57:24 -08:00
Mariano Cano
9607eddd6a Remove unused code. 2020-11-18 16:57:24 -08:00
Mariano Cano
fcaaab94a4 Add method to create a CertificateAuthorityResponse. 2020-11-18 16:57:24 -08:00
Mariano Cano
a3f729fc28 Add support for local signing or cloudCAS intermediates. 2020-11-18 16:57:24 -08:00
Mariano Cano
fe7db340b0 Update go.step.sm/crypto dependency. 2020-11-18 16:57:24 -08:00
Mariano Cano
5deca85b14 Add initial support for step ca init with cloud cas.
Fixes smallstep/cli#363
2020-11-18 16:57:24 -08:00
Mariano Cano
921de7e07f Upgrade crypto to v0.7.1
Add basic constraints extensions if defined.
2020-11-17 11:43:12 -08:00
max furman
2799ef9626 [docs] provisioners fix attr dupe and give warning about stale docs 2020-11-16 12:30:41 -05:00
Anton Lundin
3e6137110b Add support for using ssh-agent as a KMS
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys
for issuing ssh certificates signed by a key managed by a ssh-agent. It
uses the golang.org/x/crypto package to get a native Go implementation
to talk to a ssh-agent.

This was primarly written to be able to use gpg-agent to provide the
keys stored in a YubiKeys openpgp interface, but can be used for other
setups like proxying a ssh-agent over network.

That way the signing key for ssh certificates can be kept in a
"sign-only" hsm.

This code was written for my employer Intinor AB, but for simplicity
sake gifted to me to contribute upstream.

Signed-off-by: Anton Lundin <glance@acc.umu.se>
2020-11-04 09:06:23 +01:00
Mariano Cano
98a5aa5916
Merge pull request #409 from smallstep/cloudcas-init
Add CreateCertificateAuthority
2020-11-03 16:28:50 -08:00
Mariano Cano
736a6fb64e Fix rebase. 2020-11-03 12:49:04 -08:00
Mariano Cano
a97fab4119 Fix mispell. 2020-11-03 12:48:48 -08:00
Mariano Cano
b057c6677a Use test/bufconn instead of a real listener. 2020-11-03 12:45:31 -08:00
Mariano Cano
4f9200cc47 Add missing docs. 2020-11-03 12:45:31 -08:00
Mariano Cano
41a46bbd75 Enable default cas implementation. 2020-11-03 12:45:31 -08:00
Mariano Cano
7020011842 Add some extra tests. 2020-11-03 12:45:31 -08:00
Mariano Cano
7aa8a8fe1e Complete tests for softCAS. 2020-11-03 12:45:31 -08:00
Mariano Cano
bb4f2aef2f Fix lint error. 2020-11-03 12:45:31 -08:00
Mariano Cano
b275758018 Complete CloudCAS tests.
Upgrade cloud.google.com/go
2020-11-03 12:45:31 -08:00
Mariano Cano
10c2ce3071 Add missing files, mocks created using mockgen. 2020-11-03 12:44:54 -08:00
Mariano Cano
b2ae112dd2 Add initial tests for CreateCertificateAuthority. 2020-11-03 12:44:54 -08:00