Alan Christopher Thomas
8f08b47a9c
Rough wiring for basics of connecting to onboarding flow
2020-01-28 13:28:16 -08:00
Mariano Cano
961be1fbc7
Add endpoint to return the SSH public keys.
...
Related to smallstep/ca-component#195
2020-01-28 13:28:16 -08:00
Mariano Cano
a197158426
Add initial implementation of ssh config.
2020-01-28 13:28:16 -08:00
Mariano Cano
69a1b68283
Merge branch 'ssh' into kms
2020-01-27 15:41:14 -08:00
Max
f3f8ee4207
Merge pull request #161 from smallstep/unittests
...
Introduce generalized statusCoder errors and loads of ssh unit tests.
2020-01-24 16:16:00 -08:00
max furman
92c48949d7
Remove test that is no longer implemented by the method.
2020-01-24 13:47:15 -08:00
max furman
1e5763031b
Add backdate validation to sshCertValidityValidator.
2020-01-24 13:46:54 -08:00
Mariano Cano
f21f07689e
Fix a couple of race conditions in the renewal of certificates.
2020-01-24 13:46:54 -08:00
max furman
99e5bf4782
Remove all references to old apiError.
2020-01-24 13:46:41 -08:00
max furman
b265877050
Simplify statuscoder error generators.
2020-01-24 13:46:11 -08:00
max furman
c387b21808
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-22 17:25:23 -08:00
Mariano Cano
fa8116497c
Make Signer public and add contructor NewCloudKMS.
2020-01-21 19:09:21 -08:00
Mariano Cano
5d5ee68d88
Make GCP client public to facilitate extensibility.
2020-01-21 12:50:21 -08:00
Mariano Cano
dff498f17f
Add tests for cloudkms.
2020-01-15 19:32:26 -08:00
Mariano Cano
264179cda3
Add tests for kms and kms/apiv1 packages.
2020-01-15 17:56:50 -08:00
Mariano Cano
c250c6ad91
Add unit tests for softkms.
2020-01-15 17:30:17 -08:00
Mariano Cano
a773977a81
Fix interface change.
2020-01-15 17:29:34 -08:00
Mariano Cano
927a3b3a86
Return crypto.PublicKey on kms.GetPublicKey.
2020-01-15 17:27:21 -08:00
Mariano Cano
ec2046bba8
Add grpc dependency.
2020-01-14 18:51:05 -08:00
Mariano Cano
9021951f1a
Fix types.
2020-01-14 18:47:05 -08:00
Mariano Cano
a9c2db8f98
Add close method and fix types in softkms.
2020-01-14 18:46:18 -08:00
Mariano Cano
a3128a26bb
Add Close method to the key manager interface.
2020-01-14 18:46:01 -08:00
Mariano Cano
e60beeb7fc
Make cloudkms more robust.
...
* Automatically create key rings if needed.
* User CryptoKeyVersions if needed.
* Add support to close the client.
* Add new pareters to CreateKey responses to make things easier.
2020-01-14 18:43:39 -08:00
Mariano Cano
3f8de17a40
Cleanup types and add initial support for the options required for PKCS11.
2020-01-14 18:42:14 -08:00
Mariano Cano
9641ab33b8
Use crypto.Signer instead of ssh.Signer in SSH options.
2020-01-14 18:38:29 -08:00
Mariano Cano
e98d7832b9
Add options to read the roots and federated roots from a bundle.
2020-01-10 18:33:48 -08:00
Mariano Cano
44eccc6bd8
Merge branch 'ssh' into kms
2020-01-10 17:49:52 -08:00
Mariano Cano
3ce267cdd6
Upgrade smallste/cli
2020-01-10 17:21:47 -08:00
Mariano Cano
ab1807d6a0
Use release v1.19.1 of golangci-lint
...
See https://github.com/golangci/golangci-lint/issues/885
2020-01-10 17:19:56 -08:00
Mariano Cano
3cbf30b555
Upgrade golangci-lint to v1.22.2
2020-01-10 11:19:28 -08:00
Mariano Cano
085ae82163
Remove the use of custom x509 package.
...
Upgrade cli dependency.
2020-01-10 10:58:49 -08:00
Mariano Cano
995375013d
Update dependencies for kms support.
2020-01-09 18:43:35 -08:00
Mariano Cano
c62526b39f
Add wip support for kms.
2020-01-09 18:42:26 -08:00
Mariano Cano
d13754166a
Add support for cloudkms and softkms.
2020-01-09 18:41:13 -08:00
Mariano Cano
8a10c5032f
Merge pull request #150 from smallstep/backdate
...
Add backdate support to the x509 and SSH certificates.
2020-01-08 12:52:31 -08:00
Mariano Cano
77af30bfa3
Remove debug statement.
2020-01-08 11:46:33 -08:00
Mariano Cano
f46dc03111
Add tests of profileLimitDuration with backdate.
2020-01-06 14:34:59 -08:00
Mariano Cano
165a91858e
Add tests for backdate and sshDefaultDuration
2020-01-06 14:21:13 -08:00
Mariano Cano
7e33aeb8d3
Add unit test for profileDefaultDuration.
2020-01-06 12:19:00 -08:00
Mariano Cano
f06db4099e
Add backdate support on ssh rekey.
2020-01-03 18:30:17 -08:00
Mariano Cano
935d0d4542
Add support for backdate to SSH certificates.
2020-01-03 18:22:52 -08:00
Mariano Cano
64e0a2ca6f
Disable backdata on ca tests.
2020-01-03 18:16:45 -08:00
Mariano Cano
76c14560b0
Use errs package for HTTP errors.
2020-01-03 17:41:16 -08:00
Mariano Cano
50717b3ffa
Update assert package.
2020-01-03 13:27:45 -08:00
Mariano Cano
e67ccd9e3d
Add fault tolerance against clock skew accross system on TLS certificates.
2020-01-02 17:48:28 -08:00
max furman
967e86a48b
Simplify trimming *. prefix of domain in acme dns validation.
2019-12-20 13:32:44 -08:00
Max
37d33968f1
Merge pull request #146 from anxolerd/normalize-wildcard
...
Perform domain normalization for wildcard domains
2019-12-20 13:29:24 -08:00
Oleksandr Kovalchuk
ec8ff0bced
Add testcase which ensures we pass correct domain to lookupTxt
...
Make sure we do not pass domains with asterisk (wildcard) in the middle,
like _acme-challenge.*.example.com to lookupTxt function, but preprocess
domain and remove leading wildcard so we lookup for
_acme-challenge.example.com.
2019-12-20 22:54:41 +02:00
Oleksandr Kovalchuk
46832bb9b3
Remove superflurous Printf statement
...
The statement was used for debug purposes and should not be included in
the final build
2019-12-20 22:22:12 +02:00
Oleksandr Kovalchuk
a995cca418
Perform domain normalization for wildcard domains
...
Perform domain normalization for wildcard domains, so we do query
TXT records for _acme-challenge.example.domain instead of
_acme-challenge.*.example.domain when performing DNS-01 challenge. In
this way the behavior is consistent with letsencrypt and records queried
are in sync with the ones that are shown in certbot manual mode.
2019-12-20 19:17:53 +02:00