Commit graph

73 commits

Author SHA1 Message Date
Mariano Cano
1671ab2590 Fix some tests. 2019-03-07 12:15:18 -08:00
Mariano Cano
d92a7f2948 Rename provisioner to jwk. 2019-03-06 18:36:35 -08:00
Mariano Cano
a1782733fe Rename files. 2019-03-06 18:33:40 -08:00
Mariano Cano
2d00cd0933 Validate audiences in the default provisioner. 2019-03-06 18:32:56 -08:00
Mariano Cano
33c1449360 Remove deprecated file. 2019-03-06 17:42:17 -08:00
Mariano Cano
57b705f6cf Use provisioner sign options. 2019-03-06 17:37:49 -08:00
Mariano Cano
9d4034fbf6 Remove unused code. 2019-03-06 17:37:08 -08:00
Mariano Cano
6d395f3818 Add missing validy validator to oidc. 2019-03-06 17:30:14 -08:00
Mariano Cano
602a42813c Re-enable replay protection for JWK provisioner. 2019-03-06 17:00:45 -08:00
Mariano Cano
ab1cca03d7 Use new provisioners in authorize methods. 2019-03-06 15:04:28 -08:00
Mariano Cano
54ed49f072 Rename package. 2019-03-06 15:01:51 -08:00
Mariano Cano
c776ca3bd6 Use provisioner.Collection to store and request the provisioners. 2019-03-06 15:00:23 -08:00
Mariano Cano
34833d4fd5 Add validators from the authority package. 2019-03-06 14:58:46 -08:00
Mariano Cano
0dee841a4f Complete first version of provisioner implementations. 2019-03-06 14:54:56 -08:00
Mariano Cano
7eb6eb1d3e Complete provisioner.Claims with methods from authority. 2019-03-06 14:51:12 -08:00
Mariano Cano
fb77397fc7 Add new options to locate or list provisioners. 2019-03-06 14:50:13 -08:00
Mariano Cano
34ff388828 Use new types in config. 2019-03-06 14:49:25 -08:00
Mariano Cano
62dab7b6b8 Rename interface method. 2019-03-05 14:52:26 -08:00
Mariano Cano
5a8f78d9d0 Add support to collection to load the encrypted keys. 2019-03-05 14:45:57 -08:00
Mariano Cano
dd0376657c Move collection to a new file. 2019-03-05 14:28:32 -08:00
Mariano Cano
4b2b6ffe32 Create the provisioner type used to englobe all different provisioners. 2019-03-05 12:42:49 -08:00
Mariano Cano
bed3132028 Move provisioner to authority/provisioner package. 2019-03-04 18:19:14 -08:00
Mariano Cano
fc0b2ca5a6 Revert "Move provisioners to authority/provisioner package."
This reverts commit f88d622a67.
2019-03-04 18:17:35 -08:00
Mariano Cano
f88d622a67 Move provisioners to authority/provisioner package. 2019-03-04 18:10:19 -08:00
Mariano Cano
a2a45f635b Add initial implementation of an OIDC provisioner. 2019-03-04 17:58:20 -08:00
max furman
229e5908b7 Added test for different authority key id after renew
Also ran dep ensure.
2019-02-14 19:17:42 -08:00
Mariano Cano
d78febec7a Fix extensions copy on renew
Fixes #36
2019-02-14 16:44:36 -08:00
max furman
7e43402575 bug fix: don't add common name to CSR validation claims in Sign
* added unit test for this case
2019-02-06 16:26:25 -08:00
max furman
3415a1fef8 move SplitSANs to cli 2019-02-05 19:32:01 -08:00
max furman
6937bfea7b claims.SANS -> claims.SANs 2019-02-04 20:22:02 -08:00
max furman
93f39c64a0 backwards compat only when SANS empty 2019-02-04 20:02:56 -08:00
max furman
fe8c8614b2 SANS backwards compat when token missing sujbect SAN 2019-02-01 12:18:10 -06:00
max furman
e6e8443f3c allow multiple identical SANs in cert 2019-01-31 11:20:21 -06:00
max furman
f0683c2e0a Enable signing certificates with custom SANs
* validate against SANs in token. must be 1:1 equivalent.
2019-01-30 18:21:03 -06:00
Derrick Lyndon Pallas
7a5c4a1112 authority/provisioners: fix overflow on 32-bit systems
In Go, len returns signed ints, not unsigned ints; consequently, this code
comparison overflows on 32-bit systems, like ARM.
2019-01-28 00:54:15 +00:00
max furman
2c72ada610 remove dead code 2019-01-20 21:37:12 -08:00
max furman
6dc89f46d8 make Duration public 2019-01-20 21:33:14 -08:00
max furman
0615f7eb11 don't wrap time.Duration 2019-01-18 12:08:18 -08:00
max furman
4b742042ee make Duration wrapper publicly accessible 2019-01-18 10:39:12 -08:00
Mariano Cano
e8ac3f4888 Add comment to differentiate GetRootCertificates and GetRoots. 2019-01-14 18:11:55 -08:00
Mariano Cano
6e620073f5 Rename method Empties to HasEmpties 2019-01-14 18:11:55 -08:00
max furman
cfbb2a6f41 method documentation grammar fix 2019-01-14 17:55:01 -08:00
Mariano Cano
518b597535 Remove mTLS client requirement in /roots and /federation 2019-01-11 19:08:08 -08:00
Mariano Cano
1763ede99d Add tests for new methods. 2019-01-10 13:19:51 -08:00
Mariano Cano
d296cf95a9 Add mTLS request to get all the root CAs, not the federated ones. 2019-01-07 17:48:56 -08:00
Mariano Cano
98cc243a37 Add support for multiple roots. 2019-01-07 15:30:28 -08:00
Mariano Cano
722bcb7e7a Add initial support for federated root certificates. 2019-01-04 17:51:32 -08:00
Mariano Cano
7e95fc0e45 Strip ports on audience check.
Services might have proxies behind them so we cannot rely on them.
Fixes #17
2018-12-21 15:27:22 -08:00
Mariano Cano
9b87e08faf Do not require the port in the audience check.
Fixes #17
2018-12-21 14:04:22 -08:00
Mariano Cano
7da1d1adc2 Fix typo. 2018-11-01 15:51:20 -07:00