Mariano Cano
c9e7af3722
Use only name constraints in GetTLSCertificate
2022-09-23 11:04:27 -07:00
Mariano Cano
2eba5326db
Remove policy validation on renew
2022-09-22 12:17:16 -07:00
Mariano Cano
d68c765e20
Add context to errors
2022-09-21 18:46:34 -07:00
Mariano Cano
72e2c4eb2e
Render proper policy and constrains errors
2022-09-21 18:35:18 -07:00
Mariano Cano
4b79405dac
Check constraints and policy for leaf certificates too
2022-09-21 15:54:28 -07:00
Mariano Cano
325d8bca4f
Merge branch 'master' into name-constraints
2022-09-21 13:29:44 -07:00
Mariano Cano
debe565e42
Validate constraints on Sign and Renew/Rekey
...
Fixes #1060
2022-09-20 18:52:47 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2022-09-20 16:35:41 -07:00
Mariano Cano
34c6c65671
Pass attestation information to the Sign method
...
Attestation information might be useful in authorizing webhooks
2022-09-16 12:37:41 -07:00
Mariano Cano
8bd0174251
Rename field to IsCAServerCert
2022-08-11 15:14:26 -07:00
Mariano Cano
5df1694250
Add endpoint id for the RA certificate
...
In a linked RA mode, send an endpoint id to group the server
certificates.
2022-08-11 14:47:11 -07:00
Mariano Cano
eb091aec54
Simplify field names for ProvisionerInfo
2022-08-10 17:44:14 -07:00
Mariano Cano
6b5d3dca95
Add provisioner name to RA info
2022-08-03 18:44:04 -07:00
Mariano Cano
f9df8ac05f
Remove unused interface
2022-08-03 12:03:49 -07:00
Mariano Cano
9408d0f24b
Send RA provisioner information to the CA
2022-08-02 19:28:49 -07:00
Mariano Cano
ce9a23a0f7
Fix SSH certificate revocation
2022-05-25 16:55:22 -07:00
Mariano Cano
c8d7ad7ab9
Fix store certificates methods with new interface
2022-05-18 18:33:22 -07:00
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container
2022-04-26 13:12:16 +02:00
Herman Slatman
76112c2da1
Improve error creation and testing for core policy engine
2022-04-26 01:47:07 +02:00
Herman Slatman
3fa96ebf13
Improve policy errors returned to client
2022-04-24 13:11:32 +02:00
Herman Slatman
ad2de16299
Merge branch 'master' into herman/allow-deny
2022-04-19 10:26:31 +02:00
Mariano Cano
fe9c3cf753
Merge branch 'master' into ahmet2mir-feat/vault
2022-04-18 15:35:26 -07:00
Herman Slatman
abcad679ff
Merge branch 'master' into herman/allow-deny
2022-04-18 21:54:55 +02:00
Mariano Cano
ea5f7f2acc
Fix SANs for step-ca certificate
...
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2022-04-12 13:57:55 -07:00
Mariano Cano
37b521ec6c
Merge branch 'master' into feat/vault
2022-04-11 14:57:45 -07:00
Herman Slatman
9797b3350e
Merge branch 'master' into herman/allow-deny
2022-04-08 16:01:56 +02:00
Mariano Cano
db337debcd
Load provisioner from the database instead of the extension.
2022-04-05 19:25:47 -07:00
Herman Slatman
571b21abbc
Fix (most) PR comments
2022-03-31 16:12:29 +02:00
Herman Slatman
b49307f326
Fix ACME order tests with mock ACME CA
2022-03-24 18:34:04 +01:00
Herman Slatman
9e0edc7b50
Add early authority policy evaluation to ACME order API
2022-03-24 14:55:40 +01:00
Herman Slatman
613c99f00f
Fix linting issues
2022-03-24 13:10:49 +01:00
Mariano Cano
9d027c17d0
Send current provisioner on PostCertificate
2022-03-21 19:24:05 -07:00
Herman Slatman
101ca6a2d3
Check admin subjects before changing policy
2022-03-21 15:53:59 +01:00
Herman Slatman
81b0c6c37c
Add API implementation for authority and provisioner policy
2022-03-15 15:56:04 +01:00
Herman Slatman
7c541888ad
Refactor configuration of allow/deny on authority level
2022-03-08 13:26:07 +01:00
Mariano Cano
c0525381eb
Merge branch 'master' into feat/vault
2022-02-16 18:19:23 -08:00
Herman Slatman
5cb23c6029
Merge pull request #804 from smallstep/herman/normalize-ipv6-dns-names
...
Normalize IPv6 hostname addresses
2022-02-09 11:25:24 +01:00
Herman Slatman
e887ccaa07
Ensure the CA TLS certificate represents IPv6 DNS names as IP in cert
...
If an IPv6 domain name (i.e. [::1]) is provided manually in the `ca.json`,
this commit will ensure that it's represented as an IP SAN in the TLS
certificate. Before this change, the IPv6 would become a DNS SAN.
2022-02-03 14:21:23 +01:00
Mariano Cano
300c19f8b9
Add a custom enforcer that can be used to modify a cert.
2022-02-02 14:36:58 -08:00
Ahmet DEMIR
68b980d689
feat(authority): avoid hardcoded cn in authority csr
2022-01-13 20:30:54 +01:00
Herman Slatman
50c3bce98d
Change if/if to if/else-if when checking the type of JSON error
2022-01-12 21:34:38 +01:00
Herman Slatman
a3cf6bac36
Add special handling for *json.UnmarshalTypeError
2022-01-12 11:15:39 +01:00
Herman Slatman
0475a4d26f
Refactor extraction of JSON template syntax errors
2022-01-12 10:41:36 +01:00
Herman Slatman
a5455d3572
Improve errors related to template execution failures (slightly)
2022-01-10 15:49:37 +01:00
Herman Slatman
3bc3957b06
Merge branch 'master' into hs/acme-revocation
2021-12-09 09:36:52 +01:00
Herman Slatman
47a8a3c463
Add test case for ACME Revoke to Authority
2021-12-02 17:11:36 +01:00
Herman Slatman
c9cd876a7d
Merge branch 'master' into hs/acme-revocation
2021-11-25 00:40:56 +01:00
Mariano Cano
ff04873a2a
Change the default error type to forbidden in Sign.
...
The errors will also be propagated from sign options.
2021-11-23 18:58:16 -08:00
Mariano Cano
668d3ea6c7
Modify errs.Wrap() with bad request to send messages to users.
2021-11-18 18:44:58 -08:00
Mariano Cano
8ce807a6cb
Modify errs.BadRequest() calls to always send an error to the client.
2021-11-18 15:12:44 -08:00