Commit graph

37 commits

Author SHA1 Message Date
Mariano Cano
e67ccd9e3d Add fault tolerance against clock skew accross system on TLS certificates. 2020-01-02 17:48:28 -08:00
Mariano Cano
6d6f496331 Allow no provisioners. 2019-12-16 11:22:24 -08:00
Mariano Cano
50152391a3 Add leeway in identity not before. 2019-12-09 16:55:25 -08:00
Mariano Cano
3fda081e42 Add identity certificate in ssh response. 2019-11-20 11:52:20 -08:00
Mariano Cano
2cb6bd880b Make audiences compatible with the old version. 2019-11-14 15:18:49 -08:00
Mariano Cano
69a7058ff0 Remove global check for number of k8sSA provisioners.
This was causing a bug in the reload of the ca.
2019-11-08 17:44:39 -08:00
max furman
a9ea292bd4 sshpop provisioner + ssh renew | revoke | rekey first pass 2019-11-05 16:41:42 -08:00
Mariano Cano
cf2b9301c0 Change default user duration to 16h. 2019-11-05 16:41:17 -08:00
Mariano Cano
e84489775b Add support for multiple ssh roots.
Fixes #125
2019-11-05 16:41:17 -08:00
Mariano Cano
7b8bb6deb4 Add initial support for ssh config.
Related to smallstep/cli#170
2019-11-05 16:41:17 -08:00
Mariano Cano
57a529cc1a Allow to enable the SSH CA per provisioner 2019-08-05 11:40:27 -07:00
Mariano Cano
e71072d389 Add experimental support for provisioning users. 2019-08-02 17:48:34 -07:00
Mariano Cano
004ea12212 Allow to use custom SSH user/host key files. 2019-08-01 15:04:56 -07:00
Mariano Cano
1c8f610ca9 Add initial implementation of an SSH CA using the JWK provisioner.
Fixes smallstep/ca-component#187
2019-07-23 18:46:43 -07:00
max furman
ff20d9f5af Fix composite literal uses unkeyed field 2019-04-10 13:50:35 -07:00
max furman
ab4d569f36 Add /revoke API with interface db backend 2019-04-10 13:50:35 -07:00
Mariano Cano
7378ed27ac Refactor claims so they can be totally omitted if only the parent is set. 2019-03-19 15:10:52 -07:00
Mariano Cano
507fd01062 Remove provisioner intermediate type. 2019-03-07 13:07:39 -08:00
Mariano Cano
2d00cd0933 Validate audiences in the default provisioner. 2019-03-06 18:32:56 -08:00
Mariano Cano
34ff388828 Use new types in config. 2019-03-06 14:49:25 -08:00
max furman
2c72ada610 remove dead code 2019-01-20 21:37:12 -08:00
max furman
6dc89f46d8 make Duration public 2019-01-20 21:33:14 -08:00
max furman
0615f7eb11 don't wrap time.Duration 2019-01-18 12:08:18 -08:00
max furman
4b742042ee make Duration wrapper publicly accessible 2019-01-18 10:39:12 -08:00
Mariano Cano
6e620073f5 Rename method Empties to HasEmpties 2019-01-14 18:11:55 -08:00
Mariano Cano
98cc243a37 Add support for multiple roots. 2019-01-07 15:30:28 -08:00
Mariano Cano
722bcb7e7a Add initial support for federated root certificates. 2019-01-04 17:51:32 -08:00
Mariano Cano
7e95fc0e45 Strip ports on audience check.
Services might have proxies behind them so we cannot rely on them.
Fixes #17
2018-12-21 15:27:22 -08:00
Mariano Cano
d6cad2a7f3 Add provisioner option to disable renewal.
Fixes smallstep/ca-component#108
2018-11-01 15:43:24 -07:00
max furman
c74fcd57a7 ca-component -> certificates
* fix redundant error check
* add README
2018-10-31 21:36:01 -07:00
max furman
b457b15292 fix: omit empty claims in AuthConfig 2018-10-26 10:51:40 -07:00
max furman
d2872564b4 accidentally removed DisableIssuedAtCheck during merge 2018-10-25 00:15:17 -07:00
max furman
ee7db4006a change sign + authorize authority api | add provisioners
* authorize returns []interface{}
 - operators in this list can conform to any interface the user decides
 - our implementation has a combination of certificate claim validators
 and certificate template modifiers.
* provisioners can set and enforce tls cert options
2018-10-18 22:26:39 -07:00
Mariano Cano
1c1ac1b3fb Add disableIssuedAt check functionality
Fixes #86
2018-10-24 18:59:48 -07:00
max furman
0b5f6487e1 change provisioners api
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
2018-10-11 23:03:00 -07:00
max furman
f1dc00c810 add Provisioner config validation 2018-10-08 23:25:18 -07:00
max furman
c284a2c0ab first commit 2018-10-05 21:48:36 +00:00