TrueCloudLab/certificates
16
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions
1480 commits 34 branches 199 tags 42 MiB
Commit graph

1480 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mariano Cano
ce1eb0a01b Use new x509util for renew/rekey. 2020-08-05 19:09:06 -07:00
Mariano Cano
f437b86a7b Merge branch 'cert-templates' into ssh-cert-templates 2020-08-05 18:43:07 -07:00
Mariano Cano
c8d225a763 Use x509util from go.step.sm/crypto/x509util 2020-08-05 16:02:46 -07:00
Max
0eab3727bf
Merge pull request #336 from smallstep/max/docker 
introduce docker-buildx
 2020-08-04 11:21:53 -07:00
max furman
476bca3717 Add make docker-dev building and testing locally. 2020-08-03 20:45:51 -07:00
Mariano Cano
37f84e9bb3 Add delay in test. 2020-08-03 19:01:15 -07:00
Mariano Cano
342cb713ee Add test with custom templates. 2020-08-03 18:51:47 -07:00
Mariano Cano
8d89bbd62f Remove unused code. 2020-08-03 18:39:02 -07:00
Mariano Cano
c4bbc81d9f Fix authority tests. 2020-08-03 18:36:05 -07:00
Mariano Cano
413af88aad Fix provisioning tests. 2020-08-03 18:10:29 -07:00
Mariano Cano
b66bdfabcd Enforce an OIDC users to send all template variables. 2020-08-03 15:28:48 -07:00
Mariano Cano
9822305bb6 Use only the IID template on IID provisioners. 
Use always sshutil.DefaultIIDCertificate and require at least one
principal on IID provisioners.
 2020-08-03 15:11:42 -07:00
Max
7b9ddf1d09
Merge pull request #337 from smallstep/max/debName 
Convert '-' to '~' in deb package name
 2020-08-03 11:17:13 -07:00
max furman
652377dbf6 Convert '-' to '~' in deb package name 2020-08-03 09:23:29 -07:00
max furman
9e9808fe3d introduce docker-buildx 2020-08-02 13:40:49 -07:00
Max
e55ad2ad52
Merge pull request #335 from smallstep/max/sshpop 
Add SSHPOP default provisioner if SSH enabled during init
 2020-07-31 11:07:48 -07:00
max furman
3fb116f1b4 Add SSHPOP default provisioner if SSH enabled during init 2020-07-31 11:05:26 -07:00
Mariano Cano
53eea843bc Fix newExtension comment. 2020-07-31 11:03:47 -07:00
Mariano Cano
7c3c16b7be Fix UnmarshalJSON comment. 2020-07-31 11:00:17 -07:00
Mariano Cano
f1773489fc Fix comment. 2020-07-31 10:45:59 -07:00
Mariano Cano
aa657cdb4b Use SSHOptions inside provisioner options. 2020-07-30 18:44:52 -07:00
Mariano Cano
d82bdc1a00 Fix tests with criticalOptions. 2020-07-30 18:04:39 -07:00
Mariano Cano
02379d494b Add support for extensions and critical options on the identity 
function.
 2020-07-30 17:45:03 -07:00
Mariano Cano
8ff8d90f8c On JWK and X5C validate the key id on the request. 2020-07-30 17:45:03 -07:00
Mariano Cano
3b19bb9796 Add TemplateData to SSHSignRequest. 
Add some omitempty tags.
 2020-07-30 17:45:03 -07:00
Mariano Cano
a78f7e8913 Add template support on k8ssa provisioner. 2020-07-30 17:45:03 -07:00
Mariano Cano
6c36ceb158 Add initial template support for iid provisisioners. 2020-07-30 17:45:03 -07:00
Mariano Cano
8e7bf96769 Fix error prefix. 2020-07-30 17:45:03 -07:00
Mariano Cano
e0dce54338 Add missing argument. 2020-07-30 17:45:03 -07:00
Mariano Cano
c1fc45c872 Simplify SSH modifiers with options. 
It also changes the behavior of the request options to modify only
the validity of the certificate.
 2020-07-30 17:45:03 -07:00
Mariano Cano
df1f7e5a2e Use CertificateRequest type as input for ssh NewCertificate. 
SSH does not have a real concept of ssh certificate request, but
we are using the type to encapsulate the parameters coming in the
request.
 2020-07-30 17:45:03 -07:00
Mariano Cano
ad28f0f59a Move variable where it is used. 2020-07-30 17:45:03 -07:00
Mariano Cano
715eb4eacc Add initial support for ssh templates on OIDC. 2020-07-30 17:45:03 -07:00
Mariano Cano
c2dc76550c Add ssh certificate template to X5C provisioner. 2020-07-30 17:45:03 -07:00
Mariano Cano
380a0d6daf Add ssh certificate templates to JWK provisioner. 2020-07-30 17:45:03 -07:00
Mariano Cano
f75a12e10a Add omitempty tag option. 2020-07-30 17:45:03 -07:00
Mariano Cano
d7e590908e Use sshutil for ssh renewing and rekeying. 2020-07-30 17:45:02 -07:00
Mariano Cano
b66d123572 Use sshutil for SSH certificate signing. 2020-07-30 17:45:02 -07:00
Mariano Cano
570ede45e7 Do not enforce number of principals or extensions. 2020-07-30 17:45:02 -07:00
Mariano Cano
631f1612a1 Add TemplateData to SignSSHOptions. 2020-07-30 17:45:02 -07:00
Mariano Cano
fdd0eb6773 Create method CertTypeFromString(s string). 2020-07-30 17:45:02 -07:00
Mariano Cano
c6746425a3 Add methods to initialize ssh templates in provisioners. 2020-07-30 17:45:02 -07:00
Mariano Cano
af3eeb870e Add package to generate ssh certificate for templates. 2020-07-30 17:45:02 -07:00
Mariano Cano
3e80f41c19 Change provisioner options to have X509 as a field. 2020-07-30 17:44:22 -07:00
max furman
3f844c5e23 Update the way SubjectKeyId is calculated, and more ... 
- swith lint to first in line for `make all`
- update tests to conform with new subjectkeyid
 2020-07-28 12:00:07 -07:00
Mariano Cano
a7b65f1e1e Add authority.Sign test with custom templates. 2020-07-22 19:18:45 -07:00
David Cowden
86efe7aff0 aws: use http.NoBody instead of nil 
It's a little more descriptive.
 2020-07-22 18:39:46 -07:00
David Cowden
2b121efc8f aws: test constructor with empty IDMS string array 2020-07-22 18:33:44 -07:00
Mariano Cano
6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 2020-07-22 18:24:45 -07:00
David Cowden
dc39eef721 aws: test badIDMS functional path 
The existing test only covers the constructor logic. Also test the live
code path that is executed when a bad IDMS version is supplied.
 2020-07-22 17:40:26 -07:00