TrueCloudLab/certificates
15
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions
2385 commits 34 branches 199 tags 42 MiB
Commit graph

79 commits

Author SHA1 Message Date
Ahmet DEMIR
b49ac2501b
feat: enhance options and fix revoke plus more tests 2022-01-27 11:14:19 +01:00
Ahmet DEMIR
8ef3abf6d9
fix: minus d on Ed 2022-01-26 11:29:21 +01:00
Ahmet DEMIR
d957a57e24
fix: apply mariano suggestions and fixes 
* use json.RawMessage to remote mapstructure in options
* use vault secretid structure to support multiple source aka string, file and env
* remove log prefix
* return raw cert on error on newline for cert and csr
* clean sans, commonName in createCertificate (bad copy/paste from StepCAS)
* verify authority fingerprint
* convert serial on revoke to bigint, bytes and vault dashed representation
 2022-01-20 10:16:47 +01:00
Ahmet DEMIR
16390694e1
feat(vault): adding hashicorp vault cas 2022-01-14 18:56:17 +01:00
Ahmet DEMIR
26d7b70957
feat(cas): add generic Config parameter to allow more flexible configuration on CAS 2022-01-13 20:31:37 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
Mariano Cano
e15b5faf7d Merge branch 'master' into keyvault 2021-10-12 15:15:35 -07:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Mariano Cano
52a18e0c2d Add key name to CreateCertificateAuthority 2021-10-07 14:19:39 -07:00
Mariano Cano
e4e799ca85 Fix typos in comment. 2021-09-09 12:45:29 -07:00
Mariano Cano
6d644880bd Allow to kms signers to define the SignatureAlgorithm 
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.

On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
 2021-09-08 17:48:50 -07:00
Mariano Cano
de719eb6f0 Add an option to avoid password prompts on step cas 
When we are using `step ca init` to create a stepcas RA we don't
have access to the password for verify the provisioner.
 2021-08-04 16:16:35 -07:00
max furman
77fdfc9fa3 Merge branch 'master' into max/cert-mgr-crud 2021-07-02 20:26:46 -07:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
Mariano Cano
35e6cc275a Fix typos in comments. 2021-06-23 09:35:14 +02:00
Mariano Cano
dce1b290bd Remove debug statements. 2021-06-08 17:57:24 -07:00
Mariano Cano
ac3c754a6d Use known CA and add tier and gcs bucket options. 2021-06-08 17:43:52 -07:00
Mariano Cano
529eb4bae9 Rename CAPool to CaPool. 2021-06-07 19:20:23 -07:00
Mariano Cano
9db68db509 Add tests with cloudCAS EnableCertificateAuthority. 2021-06-07 19:17:30 -07:00
Mariano Cano
48bc4e549d Fix cloudcas tests. 2021-06-07 15:53:29 -07:00
Mariano Cano
072bd0dcf4 Add support for Google CAS v1 2021-06-03 19:31:19 -07:00
Herman Slatman
491c2b8d93 Improve initialization of SCEP authority 2021-05-26 16:10:21 -07:00
Herman Slatman
2a249d20de Refactor initialization of SCEP authority 2021-05-26 16:04:19 -07:00
Herman Slatman
c5e4ea08b3
Merge branch 'master' into hs/scep 2021-03-26 15:22:41 +01:00
Mariano Cano
84018ec71b Clarify comment. 2021-03-25 11:07:58 -07:00
Mariano Cano
a9297100d8 Allow to configure the JWK using the encrypted key. 2021-03-24 19:05:56 -07:00
Mariano Cano
d9f93ccfde Fix typo. 2021-03-24 12:06:29 -07:00
Mariano Cano
edc7c4d90e Add support for password encrypted files 2021-03-23 17:54:42 -07:00
Mariano Cano
80542d6d9a Add JWK as an issuer for stepcas. 2021-03-23 16:14:49 -07:00
Mariano Cano
ce3e6bfdf6 Fix linting errors. 2021-03-22 13:45:20 -07:00
Mariano Cano
96de4e6ec8 Return a non-implemented error in stepcas.RenewCertificate. 2021-03-22 12:56:12 -07:00
Mariano Cano
348815f4f6 Fix error message. 2021-03-22 11:51:11 -07:00
Herman Slatman
583d60dc0d
Address (most) PR comments 2021-03-21 16:42:41 +01:00
Mariano Cano
e7a6c46e54 Fix linting errors. 2021-03-19 14:21:47 -07:00
Mariano Cano
08e75b614e Do not depend on Go 1.16. 2021-03-19 13:23:32 -07:00
Mariano Cano
6fd6270e7d Remove debug statements. 2021-03-19 13:21:14 -07:00
Mariano Cano
7958f6ebb5 Add support for lifetime. 2021-03-19 13:19:49 -07:00
Mariano Cano
ae4b8f58b8 Add support for emails, ips and uris. 2021-03-19 12:02:03 -07:00
Mariano Cano
dbb48ecf8d Add tests for stepcas. 2021-03-18 18:01:38 -07:00
Mariano Cano
bcf70206ac Add support for revocation using an extra provisioner in the RA. 2021-03-17 19:47:36 -07:00
Mariano Cano
a6115e29c2 Add initial implementation of StepCAS. 
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
 2021-03-17 19:33:35 -07:00
Herman Slatman
e1cab4966f
Improve initialization of SCEP authority 2021-03-12 15:49:39 +01:00
Herman Slatman
7ad90d10b3
Refactor initialization of SCEP authority 2021-02-26 00:32:21 +01:00
Miclain Keffeler
ffbfcfb1f2 format. 2020-12-28 18:46:21 -06:00
Miclain K Keffeler
7a1eb43bb1
Update options.go 2020-12-28 17:12:37 -06:00
Miclain K Keffeler
f3396bf964
Update softcas.go 2020-12-28 17:10:44 -06:00
Miclain Keffeler
7545b4a625 leverage intermediate_ca.crt for appending certs. 2020-12-23 22:41:10 -06:00
Mariano Cano
a97fab4119 Fix mispell. 2020-11-03 12:48:48 -08:00
Mariano Cano
b057c6677a Use test/bufconn instead of a real listener. 2020-11-03 12:45:31 -08:00
Mariano Cano
4f9200cc47 Add missing docs. 2020-11-03 12:45:31 -08:00