alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
2807 commits 34 branches 199 tags 41 MiB
Commit graph

141 commits

Author SHA1 Message Date
Max
f8148071fb
Merge pull request #915 from smallstep/max/removing-beta 
exposing authority configuration for provisioner cli commands
 2022-05-19 22:53:59 -07:00
max furman
25b8d196d8 Couple changes in response to PR 
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
  admins when not using Admin API
 2022-05-11 17:04:43 -07:00
max furman
4cb74e7d8b fix linter warnings 2022-04-30 13:08:28 -07:00
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container 2022-04-26 13:12:16 +02:00
max furman
b91affdd34 exposing authority configuration for provisioner cli commands 2022-04-25 10:23:07 -07:00
Herman Slatman
3eecc4f7bb
Improve test coverage for reloadPolicyEngines 2022-04-19 17:10:13 +02:00
Herman Slatman
9797b3350e
Merge branch 'master' into herman/allow-deny 2022-04-08 16:01:56 +02:00
Mariano Cano
b7e11da480 Merge branch 'master' into feat/linkedra 2022-04-07 18:19:04 -07:00
Herman Slatman
034b7943fe
Merge branch 'master' into herman/allow-deny 2022-04-07 14:12:20 +02:00
Carl Tashian
150eee70df Updates based on Herman's feedback 2022-04-05 10:59:25 -07:00
Carl Tashian
43f2c655b9 More info on startup 2022-04-04 12:16:37 -07:00
Herman Slatman
96f4c49b0c
Improve how policy errors are returned and used 2022-04-04 13:58:16 +02:00
Herman Slatman
571b21abbc
Fix (most) PR comments 2022-03-31 16:12:29 +02:00
Carl Tashian
1ba1584c7a Formatted. 2022-03-30 16:08:10 -07:00
Carl Tashian
a13e58e340 Update GetAuthorityInfo -> GetInfo 2022-03-30 16:07:16 -07:00
Carl Tashian
90cb6315b1 Progress. 2022-03-30 16:05:26 -07:00
Carl Tashian
055e75f394 Progress? 2022-03-30 15:48:42 -07:00
Herman Slatman
0e052fe299
Add authority policy API 2022-03-30 14:21:39 +02:00
Mariano Cano
580a9c1476 Get linked RA configuration using the linked ca client. 2022-03-28 14:55:40 -07:00
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next 2022-03-24 12:36:12 +01:00
Carl Tashian
25cc9a1728
Update authority/authority.go 
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
 2022-03-22 07:38:09 -07:00
Carl Tashian
baf3c40fef Print some basic configuration info on startup 2022-03-21 16:55:09 -07:00
Herman Slatman
101ca6a2d3
Check admin subjects before changing policy 2022-03-21 15:53:59 +01:00
Herman Slatman
81b0c6c37c
Add API implementation for authority and provisioner policy 2022-03-15 15:56:04 +01:00
Mariano Cano
79349b4d7c Add options to use custom renewal methods. 2022-03-10 13:01:08 -08:00
Herman Slatman
7c541888ad
Refactor configuration of allow/deny on authority level 2022-03-08 13:26:07 +01:00
max furman
a79d4af19b change return value of generateProvisionerConfig to value 
- always used as value (rather than pointer)
 2022-02-28 11:04:40 -08:00
Mariano Cano
d384b534c7
Merge pull request #814 from smallstep/x509-enforcer 
Authority enforcer option
 2022-02-03 10:53:04 -08:00
Mariano Cano
300c19f8b9 Add a custom enforcer that can be used to modify a cert. 2022-02-02 14:36:58 -08:00
Herman Slatman
64680bb16d
Fix PR comments 2022-01-19 11:31:33 +01:00
Herman Slatman
3612eefc31
Cleanup 2022-01-18 15:54:18 +01:00
Herman Slatman
9c6580ccd2
Fix macOS SCEP client issues 
Fixes #746
 2022-01-14 10:48:23 +01:00
Herman Slatman
2d357da99b
Add tests for ACME revocation 2021-11-26 17:27:42 +01:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Mariano Cano
9fb6df3abb Fix ssh template variables when CA is injected using options. 2021-09-28 18:50:45 -07:00
Mariano Cano
aedd7fcc05 Be able to start a SSH host or SSH user only CA 
In previous versions if the host or user CA is not configured, the
start of step-ca was crashing. This allows to configure a user or
host only ssh ca.
 2021-09-28 15:07:09 -07:00
Mariano Cano
6729c79253 Add support for setting individual password for ssh and tls keys 
This change add the following flags:
 * --ssh-host-password-file
 * --ssh-user-password-file

Fixes #693
 2021-09-16 11:55:41 -07:00
Mariano Cano
492ff4b632 Ask for the first provisioner password if none is provided. 2021-08-10 17:30:33 -07:00
Mariano Cano
91a369f618 Automatically enable admin properly on linked cas. 2021-08-02 12:13:39 -07:00
Mariano Cano
26122a2cbf Enable admin automatically if a token is provided. 2021-08-02 11:48:37 -07:00
Mariano Cano
8fb5340dc9 Use a token at start time to configure linkedca. 
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
 2021-07-19 19:28:06 -07:00
Mariano Cano
dd9850ce4c Add working implementation of the linkedca. 
Replaces the authority adminDB with a new impmentation that users the
linkedca client to retrieve the data.

Note that this implementation still hardcodes the endpoint to localhost.
 2021-07-12 18:11:00 +02:00
max furman
1df21b9b6a Addressing comments in PR review 
- added a bit of validation to admin create and update
- using protojson where possible in admin api
- fixing a few instances of admin -> acme in errors
 2021-07-06 17:14:13 -07:00
max furman
77fdfc9fa3 Merge branch 'master' into max/cert-mgr-crud 2021-07-02 20:26:46 -07:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
Herman Slatman
13fe7a0121 Make serving SCEP endpoints optional 
Only when a SCEP provisioner is enabled, the SCEP endpoints
will now be available.

The SCEP endpoints will be served on an "insecure" server,
without TLS, only when an additional "insecureAddress" and a
SCEP provisioner are configured for the CA.
 2021-05-26 16:13:57 -07:00
Herman Slatman
97b88c4d58 Address (most) PR comments 2021-05-26 16:12:57 -07:00
Herman Slatman
be528da709 Make tests green 2021-05-26 16:10:22 -07:00
Herman Slatman
57a62964b1 Make tests not fail hard on ECDSA keys 
All tests for the Authority failed because the test data
contains ECDSA keys. ECDSA keys are no crypto.Decrypter,
resulting in a failure when instantiating the Authority.
 2021-05-26 16:10:22 -07:00
Herman Slatman
491c2b8d93 Improve initialization of SCEP authority 2021-05-26 16:10:21 -07:00