TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions
1967 commits 34 branches 199 tags 42 MiB
Commit graph

1967 commits

This branch
This branch
All branches
Author SHA1 Message Date
max furman
681226a798 Merge branch 'master' into max/cert-mgr-crud 2021-07-08 16:21:09 -07:00
max furman
1df21b9b6a Addressing comments in PR review 
- added a bit of validation to admin create and update
- using protojson where possible in admin api
- fixing a few instances of admin -> acme in errors
 2021-07-06 17:14:13 -07:00
Mariano Cano
bc14341387 Fix bootstrap command. 2021-07-06 16:35:00 +02:00
max furman
5679c9933d Fixes from PR review 2021-07-03 12:08:30 -07:00
max furman
77fdfc9fa3 Merge branch 'master' into max/cert-mgr-crud 2021-07-02 20:26:46 -07:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
max furman
6476eb45a7 Need RELEASE variable defined in make debian 2021-06-23 13:30:30 -07:00
Mariano Cano
856f08b1c5
Merge pull request #605 from smallstep/casv1 
Add support for Google CAS v1
 2021-06-23 00:58:10 -07:00
Mariano Cano
65dacc2795 Replace golint with revive 2021-06-23 09:53:26 +02:00
Mariano Cano
35e6cc275a Fix typos in comments. 2021-06-23 09:35:14 +02:00
Mariano Cano
a0633a6efb
Merge pull request #612 from gdbelvin/kmspin 
Allow reading pin from kms string
 2021-06-15 12:05:34 -07:00
Gary Belvin
1fb4406801 minimize diff 2021-06-15 18:19:42 +01:00
Gary Belvin
c6bb7aa199 Add back UI check, but don't read file 2021-06-15 18:18:29 +01:00
Gary Belvin
a63a1d6482 Don't double read from u.Pin() 2021-06-15 18:13:08 +01:00
Gary Belvin
063a09a521 Allow reading pin from kms string 2021-06-15 13:16:54 +01:00
Mariano Cano
c4d0c8a18e Fix credentials file parameter on awskms 2021-06-11 21:40:04 -07:00
Mariano Cano
16e0cffd8b Fix path for labeler. 2021-06-08 18:02:54 -07:00
Mariano Cano
dce1b290bd Remove debug statements. 2021-06-08 17:57:24 -07:00
Mariano Cano
2a97389f1b Upgrade dependencies. 2021-06-08 17:47:26 -07:00
Mariano Cano
ac3c754a6d Use known CA and add tier and gcs bucket options. 2021-06-08 17:43:52 -07:00
Mariano Cano
529eb4bae9 Rename CAPool to CaPool. 2021-06-07 19:20:23 -07:00
Mariano Cano
9db68db509 Add tests with cloudCAS EnableCertificateAuthority. 2021-06-07 19:17:30 -07:00
Mariano Cano
48bc4e549d Fix cloudcas tests. 2021-06-07 15:53:29 -07:00
Mariano Cano
072bd0dcf4 Add support for Google CAS v1 2021-06-03 19:31:19 -07:00
Mariano Cano
35ede74ea7
Merge pull request #596 from gdbelvin/name 
Allow configuration of PKCS11 subject name
 2021-06-01 10:32:37 -07:00
Mariano Cano
595f12505c
Merge branch 'master' into name 2021-06-01 10:29:40 -07:00
Mariano Cano
e17fc4346d
Merge pull request #597 from gdbelvin/path 
Configurable pkcs11-init output paths
 2021-06-01 09:58:40 -07:00
Gary Belvin
c264e8f580 Configurable pkcs11-init output paths 2021-06-01 17:46:00 +01:00
Gary Belvin
623e387fb0 Allow configuration of PKCS11 subject name 2021-06-01 17:35:36 +01:00
Herman Slatman
7e82bd6ef3 Add setup for Authority tests 2021-05-26 16:15:26 -07:00
Herman Slatman
74d8bdc298 Add tests for CreateDecrypter 2021-05-26 16:15:26 -07:00
Herman Slatman
a64974c179 Fix small typo in divisible 2021-05-26 16:15:26 -07:00
Herman Slatman
382b6f977c Improve error logging 2021-05-26 16:15:26 -07:00
Herman Slatman
d46a4eaca4 Change fmt to errors package for formatting errors 2021-05-26 16:15:26 -07:00
Herman Slatman
2beea1aa89 Add configuration option for specifying the minimum public key length 
Instead of using the defaultPublicKeyValidator a new validator called
publicKeyMinimumLengthValidator has been implemented that uses a
configurable minimum length for public keys in CSRs.

It's also an option to alter the defaultPublicKeyValidator to also
take a parameter, but that would touch quite some lines of code. This
might be a viable option after merging SCEP support.
 2021-05-26 16:15:26 -07:00
Herman Slatman
4168449935 Fix typo 2021-05-26 16:15:26 -07:00
Herman Slatman
fa100a5138 Mask challenge password after it has been read 2021-05-26 16:15:26 -07:00
Herman Slatman
66a67ed691 Update to v2.0.0 of github.com/micromdm/scep 2021-05-26 16:15:24 -07:00
Herman Slatman
03c472359c Add sync.WaitGroup for proper error handling in Run() 2021-05-26 16:14:57 -07:00
Herman Slatman
1cd0cb99f6 Add more template data 2021-05-26 16:13:58 -07:00
Herman Slatman
13fe7a0121 Make serving SCEP endpoints optional 
Only when a SCEP provisioner is enabled, the SCEP endpoints
will now be available.

The SCEP endpoints will be served on an "insecure" server,
without TLS, only when an additional "insecureAddress" and a
SCEP provisioner are configured for the CA.
 2021-05-26 16:13:57 -07:00
Herman Slatman
bcacd2f4da Fix typo 2021-05-26 16:13:38 -07:00
Herman Slatman
a0242ad6ce Add validation to SCEP Options 2021-05-26 16:13:38 -07:00
Herman Slatman
4cd45f6374 Remove superfluous call to StoreCertificate 2021-05-26 16:13:36 -07:00
Herman Slatman
97b88c4d58 Address (most) PR comments 2021-05-26 16:12:57 -07:00
Herman Slatman
be528da709 Make tests green 2021-05-26 16:10:22 -07:00
Herman Slatman
57a62964b1 Make tests not fail hard on ECDSA keys 
All tests for the Authority failed because the test data
contains ECDSA keys. ECDSA keys are no crypto.Decrypter,
resulting in a failure when instantiating the Authority.
 2021-05-26 16:10:22 -07:00
Herman Slatman
5a80bc3ced Make linter happy 2021-05-26 16:10:22 -07:00
Herman Slatman
dd4f548650 Fix certificateChain property 2021-05-26 16:10:22 -07:00
Herman Slatman
491c2b8d93 Improve initialization of SCEP authority 2021-05-26 16:10:21 -07:00