TrueCloudLab/certificates

Author	SHA1	Message	Date
Herman Slatman	6e1f8dd7ab	Refactor policy engines into container	2022-04-26 13:12:16 +02:00
Herman Slatman	571b21abbc	Fix (most) PR comments	2022-03-31 16:12:29 +02:00
Herman Slatman	613c99f00f	Fix linting issues	2022-03-24 13:10:49 +01:00
Herman Slatman	dc23fd23bf	Merge branch 'master' into herman/allow-deny-next	2022-03-24 12:36:12 +01:00
Mariano Cano	4690fa64ed	Add public methods to retrieve the provisioner extensions.	2022-03-11 14:59:42 -08:00
Herman Slatman	7c541888ad	Refactor configuration of allow/deny on authority level	2022-03-08 13:26:07 +01:00
Herman Slatman	88c7b63c9d	Split SSH user and cert policy configuration and execution	2022-02-01 15:18:39 +01:00
Herman Slatman	066bf32086	Fix part of PR comments	2022-01-25 15:00:07 +01:00
Herman Slatman	6440870a80	Clean up, improve test cases and coverage	2022-01-18 14:39:21 +01:00
Herman Slatman	1e808b61e5	Merge logic for X509 and SSH policy	2022-01-17 23:36:13 +01:00
Herman Slatman	9539729bd9	Add initial implementation of x509 and SSH allow/deny policy engine	2022-01-03 12:25:24 +01:00
Mariano Cano	c3f98fd04d	Change some bad requests to forbidded. Change in the sign options bad requests to forbidded if is the provisioner the one adding a restriction, e.g. list of dns names, validity, ...	2021-11-24 11:32:35 -08:00
Mariano Cano	507a272b4d	Return always http errors in sign options.	2021-11-23 18:32:33 -08:00
Mariano Cano	b6ebd118fc	Update temporal solution for sending message to users	2021-11-18 18:47:55 -08:00
Mariano Cano	acd0bac025	Remove extra and in comment.	2021-11-17 12:03:29 -08:00
Mariano Cano	1aadd63cef	Use always badRequest on duration errors.	2021-11-17 12:00:54 -08:00
Mariano Cano	41fec1577d	Report duration errors directly to the cli.	2021-11-17 11:46:57 -08:00
Herman Slatman	d0a9cbc797	Change fmt to errors package for formatting errors	2021-05-07 00:22:06 +02:00
Herman Slatman	ff1b46c95d	Add configuration option for specifying the minimum public key length Instead of using the defaultPublicKeyValidator a new validator called publicKeyMinimumLengthValidator has been implemented that uses a configurable minimum length for public keys in CSRs. It's also an option to alter the defaultPublicKeyValidator to also take a parameter, but that would touch quite some lines of code. This might be a viable option after merging SCEP support.	2021-05-06 22:56:28 +02:00
max furman	16665c97f0	Allow empty SAN in CSR for validation ... - The default template will always use the SANs from the token. - If there are any SANs they must be validated against the token.	2021-01-14 15:26:46 -06:00
max furman	46fc922afd	Remove unused code; fix usage wrong word; add gap time for unit test	2020-08-20 18:48:17 -07:00
Mariano Cano	c8d225a763	Use x509util from go.step.sm/crypto/x509util	2020-08-05 16:02:46 -07:00
Mariano Cano	6c64fb3ed2	Rename provisioner options structs: * provisioner.ProvisionerOptions => provisioner.Options * provisioner.Options => provisioner.SignOptions * provisioner.SSHOptions => provisioner.SingSSHOptions	2020-07-22 18:24:45 -07:00
Mariano Cano	0c8376a7f6	Fix existing unit tests.	2020-07-21 14:21:54 -07:00
Mariano Cano	4795e371bd	Add back the support for ca.json DN template.	2020-07-21 14:18:05 -07:00
Mariano Cano	95c3a41bf0	Rename UserData to TemplateData and fix unmarshaling.	2020-07-21 14:18:04 -07:00
Mariano Cano	9032018cf2	Convert x509util.WithOptions to new modifiers.	2020-07-21 14:18:04 -07:00
max furman	accf1be7e9	wip	2020-06-25 14:02:24 -07:00
max furman	71d87b4e61	wip	2020-06-24 23:25:15 -07:00
max furman	d25e7f64c2	wip	2020-06-24 09:58:40 -07:00
max furman	3636ba3228	wip	2020-06-23 17:13:39 -07:00
max furman	1951669e13	wip	2020-06-23 11:10:45 -07:00
max furman	7d5cf34ce5	Update profileLimitDuration validator ... - respect notBefore of the provisioner - modify/fix the reported errors	2020-06-16 12:16:43 -07:00
Oleksandr Kovalchuk	322200b7db	Implement modifier to set CommonName Implement modifier which sets CommonName to the certificate if CommonName is empty and forceCN is set in the config. Replace previous implementation introduced in `0218018cee` with new modifier. Closes https://github.com/smallstep/certificates/issues/259 Ref: https://github.com/smallstep/certificates/pull/260#issuecomment-628961322	2020-05-17 20:23:13 +03:00
Mariano Cano	13507efb35	Remove the requirement for CSR to have a common name. Fixes #226	2020-04-20 10:43:33 -07:00
Mariano Cano	bfe1f4952d	Rename interface to CertificateEnforcer and add tests.	2020-03-31 11:41:36 -07:00
Mariano Cano	64f26c0f40	Enforce a duration for identity certificates.	2020-03-30 17:33:04 -07:00
max furman	397a181d10	Add backdate validation to sshCertValidityValidator.	2020-01-28 13:29:40 -08:00
max furman	dccbdf3a90	Introduce generalized statusCoder errors and loads of ssh unit tests. * StatusCoder api errors that have friendly user messages. * Unit tests for SSH sign/renew/rekey/revoke across all provisioners.	2020-01-28 13:29:40 -08:00
Mariano Cano	93b65bee7c	Add unit test for profileDefaultDuration.	2020-01-28 13:29:39 -08:00
Mariano Cano	84ff172093	Add support for backdate to SSH certificates.	2020-01-28 13:29:39 -08:00
Mariano Cano	5565d61bf3	Add fault tolerance against clock skew accross system on TLS certificates.	2020-01-28 13:29:39 -08:00
max furman	d368791606	Add x5c provisioner capabilities	2019-10-14 14:51:37 -07:00
max furman	2b41faa9cf	Enforce >= 2048 bit rsa keys at the provisioner layer * Fixes #94 * In the future this should be configurable by provisioner	2019-08-27 14:44:59 -07:00
max furman	635c59ed24	Accept emails SANs	2019-08-23 15:59:30 -07:00
Mariano Cano	900ab9cc12	Allow custom common names in cloud identity provisioners.	2019-07-15 15:52:36 -07:00
Mariano Cano	00fed1c538	Add initial version of time duration support in sign requests.	2019-03-22 18:55:28 -07:00
Mariano Cano	7fd737cbb1	Fix lint warnings.	2019-03-11 18:47:57 -07:00
Mariano Cano	c24d868d9d	Add tests for sign options.	2019-03-11 13:25:19 -07:00
Mariano Cano	955405d6aa	Add some comments added to master.	2019-03-08 18:09:35 -08:00

1 2

56 commits