Mariano Cano
|
1671ab2590
|
Fix some tests.
|
2019-03-07 12:15:18 -08:00 |
|
Mariano Cano
|
d92a7f2948
|
Rename provisioner to jwk.
|
2019-03-06 18:36:35 -08:00 |
|
Mariano Cano
|
a1782733fe
|
Rename files.
|
2019-03-06 18:33:40 -08:00 |
|
Mariano Cano
|
2d00cd0933
|
Validate audiences in the default provisioner.
|
2019-03-06 18:32:56 -08:00 |
|
Mariano Cano
|
33c1449360
|
Remove deprecated file.
|
2019-03-06 17:42:17 -08:00 |
|
Mariano Cano
|
57b705f6cf
|
Use provisioner sign options.
|
2019-03-06 17:37:49 -08:00 |
|
Mariano Cano
|
9d4034fbf6
|
Remove unused code.
|
2019-03-06 17:37:08 -08:00 |
|
Mariano Cano
|
6d395f3818
|
Add missing validy validator to oidc.
|
2019-03-06 17:30:14 -08:00 |
|
Mariano Cano
|
602a42813c
|
Re-enable replay protection for JWK provisioner.
|
2019-03-06 17:00:45 -08:00 |
|
Mariano Cano
|
ab1cca03d7
|
Use new provisioners in authorize methods.
|
2019-03-06 15:04:28 -08:00 |
|
Mariano Cano
|
54ed49f072
|
Rename package.
|
2019-03-06 15:01:51 -08:00 |
|
Mariano Cano
|
c776ca3bd6
|
Use provisioner.Collection to store and request the provisioners.
|
2019-03-06 15:00:23 -08:00 |
|
Mariano Cano
|
34833d4fd5
|
Add validators from the authority package.
|
2019-03-06 14:58:46 -08:00 |
|
Mariano Cano
|
0dee841a4f
|
Complete first version of provisioner implementations.
|
2019-03-06 14:54:56 -08:00 |
|
Mariano Cano
|
7eb6eb1d3e
|
Complete provisioner.Claims with methods from authority.
|
2019-03-06 14:51:12 -08:00 |
|
Mariano Cano
|
fb77397fc7
|
Add new options to locate or list provisioners.
|
2019-03-06 14:50:13 -08:00 |
|
Mariano Cano
|
34ff388828
|
Use new types in config.
|
2019-03-06 14:49:25 -08:00 |
|
Mariano Cano
|
62dab7b6b8
|
Rename interface method.
|
2019-03-05 14:52:26 -08:00 |
|
Mariano Cano
|
5a8f78d9d0
|
Add support to collection to load the encrypted keys.
|
2019-03-05 14:45:57 -08:00 |
|
Mariano Cano
|
dd0376657c
|
Move collection to a new file.
|
2019-03-05 14:28:32 -08:00 |
|
Mariano Cano
|
4b2b6ffe32
|
Create the provisioner type used to englobe all different provisioners.
|
2019-03-05 12:42:49 -08:00 |
|
Mariano Cano
|
bed3132028
|
Move provisioner to authority/provisioner package.
|
2019-03-04 18:19:14 -08:00 |
|
Mariano Cano
|
fc0b2ca5a6
|
Revert "Move provisioners to authority/provisioner package."
This reverts commit f88d622a67 .
|
2019-03-04 18:17:35 -08:00 |
|
Mariano Cano
|
f88d622a67
|
Move provisioners to authority/provisioner package.
|
2019-03-04 18:10:19 -08:00 |
|
Mariano Cano
|
a2a45f635b
|
Add initial implementation of an OIDC provisioner.
|
2019-03-04 17:58:20 -08:00 |
|
max furman
|
229e5908b7
|
Added test for different authority key id after renew
Also ran dep ensure.
|
2019-02-14 19:17:42 -08:00 |
|
Mariano Cano
|
d78febec7a
|
Fix extensions copy on renew
Fixes #36
|
2019-02-14 16:44:36 -08:00 |
|
max furman
|
7e43402575
|
bug fix: don't add common name to CSR validation claims in Sign
* added unit test for this case
|
2019-02-06 16:26:25 -08:00 |
|
max furman
|
3415a1fef8
|
move SplitSANs to cli
|
2019-02-05 19:32:01 -08:00 |
|
max furman
|
6937bfea7b
|
claims.SANS -> claims.SANs
|
2019-02-04 20:22:02 -08:00 |
|
max furman
|
93f39c64a0
|
backwards compat only when SANS empty
|
2019-02-04 20:02:56 -08:00 |
|
max furman
|
fe8c8614b2
|
SANS backwards compat when token missing sujbect SAN
|
2019-02-01 12:18:10 -06:00 |
|
max furman
|
e6e8443f3c
|
allow multiple identical SANs in cert
|
2019-01-31 11:20:21 -06:00 |
|
max furman
|
f0683c2e0a
|
Enable signing certificates with custom SANs
* validate against SANs in token. must be 1:1 equivalent.
|
2019-01-30 18:21:03 -06:00 |
|
Derrick Lyndon Pallas
|
7a5c4a1112
|
authority/provisioners: fix overflow on 32-bit systems
In Go, len returns signed ints, not unsigned ints; consequently, this code
comparison overflows on 32-bit systems, like ARM.
|
2019-01-28 00:54:15 +00:00 |
|
max furman
|
2c72ada610
|
remove dead code
|
2019-01-20 21:37:12 -08:00 |
|
max furman
|
6dc89f46d8
|
make Duration public
|
2019-01-20 21:33:14 -08:00 |
|
max furman
|
0615f7eb11
|
don't wrap time.Duration
|
2019-01-18 12:08:18 -08:00 |
|
max furman
|
4b742042ee
|
make Duration wrapper publicly accessible
|
2019-01-18 10:39:12 -08:00 |
|
Mariano Cano
|
e8ac3f4888
|
Add comment to differentiate GetRootCertificates and GetRoots.
|
2019-01-14 18:11:55 -08:00 |
|
Mariano Cano
|
6e620073f5
|
Rename method Empties to HasEmpties
|
2019-01-14 18:11:55 -08:00 |
|
max furman
|
cfbb2a6f41
|
method documentation grammar fix
|
2019-01-14 17:55:01 -08:00 |
|
Mariano Cano
|
518b597535
|
Remove mTLS client requirement in /roots and /federation
|
2019-01-11 19:08:08 -08:00 |
|
Mariano Cano
|
1763ede99d
|
Add tests for new methods.
|
2019-01-10 13:19:51 -08:00 |
|
Mariano Cano
|
d296cf95a9
|
Add mTLS request to get all the root CAs, not the federated ones.
|
2019-01-07 17:48:56 -08:00 |
|
Mariano Cano
|
98cc243a37
|
Add support for multiple roots.
|
2019-01-07 15:30:28 -08:00 |
|
Mariano Cano
|
722bcb7e7a
|
Add initial support for federated root certificates.
|
2019-01-04 17:51:32 -08:00 |
|
Mariano Cano
|
7e95fc0e45
|
Strip ports on audience check.
Services might have proxies behind them so we cannot rely on them.
Fixes #17
|
2018-12-21 15:27:22 -08:00 |
|
Mariano Cano
|
9b87e08faf
|
Do not require the port in the audience check.
Fixes #17
|
2018-12-21 14:04:22 -08:00 |
|
Mariano Cano
|
7da1d1adc2
|
Fix typo.
|
2018-11-01 15:51:20 -07:00 |
|