Commit graph

53 commits

Author SHA1 Message Date
Raal Goff
8545adea92 change GenerateCertificateRevocationList to return DER, store DER in db instead of PEM, nicer PEM encoding of CRL, add Mock stubs 2021-11-02 13:26:07 +08:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
Mariano Cano
c1c986922b Show Ed25519 in the public-key log field. 2021-05-06 18:09:40 -07:00
max furman
f88f58440f add //nolint for new 1.16 deprecation warnings
- dsa
- pem.DecryptPEMBlock
2021-02-18 20:14:20 -08:00
Mariano Cano
ba918100d0 Use go.step.sm/crypto/jose
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
Mariano Cano
4943ae58d8 Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates. 2020-08-10 15:29:18 -07:00
Mariano Cano
e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 2020-08-10 11:26:51 -07:00
Mariano Cano
6c64fb3ed2 Rename provisioner options structs:
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
2020-07-22 18:24:45 -07:00
max furman
fd05f3249b A few last fixes and tests added for rekey/renew ...
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
2020-07-09 12:11:40 -07:00
dharanikumar-s
dfda497929 Renamed RenewOrRekey to Rekey 2020-07-08 11:47:59 +05:30
dharanikumar-s
a3b5211e0f gofmted the code 2020-07-05 22:40:36 +05:30
dharanikumar-s
954fda657b Added renewOrRekey to mockAuthority. Added Test_caHandler_Rekey 2020-07-05 22:05:00 +05:30
Mariano Cano
fa416336a8 Add context to tests. 2020-03-10 19:17:32 -07:00
max furman
1cb8bb3ae1 Simplify statuscoder error generators. 2020-01-28 13:29:40 -08:00
max furman
dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-28 13:29:40 -08:00
Mariano Cano
dedf6b17be Addapt tests to the api change. 2020-01-28 13:29:39 -08:00
Mariano Cano
b179ad3662 Fix api tests. 2020-01-28 13:29:39 -08:00
Mariano Cano
8bf3bf701e Add support for /ssh/bastion method. 2020-01-28 13:28:16 -08:00
Mariano Cano
0ae9bab21e Fix api tests. 2020-01-28 13:28:16 -08:00
Mariano Cano
d880a98295 Add tests for ssh api methods. 2020-01-28 13:28:16 -08:00
Mariano Cano
d08db4df23 Rename SSH methods. 2020-01-28 13:28:16 -08:00
Mariano Cano
91130b9c3f Add support for user data in templates. 2020-01-28 13:28:16 -08:00
Mariano Cano
a35988ff08 Add initial support for ssh config.
Related to smallstep/cli#170
2020-01-28 13:28:16 -08:00
Mariano Cano
961be1fbc7 Add endpoint to return the SSH public keys.
Related to smallstep/ca-component#195
2020-01-28 13:28:16 -08:00
Jozef Kralik
bc6074f596 Change api of functions Authority.Sign, Authority.Renew
Returns certificate chain instead of 2 members.

Implements #126
2019-10-09 22:23:00 +02:00
max furman
e3826dd1c3 Add ACME CA capabilities 2019-09-13 15:48:33 -07:00
max furman
61d52a8510 Small fixes associated with PR review
* additions and grammar edits to documentation
* clarification of error msgs
2019-09-08 21:05:36 -07:00
Mariano Cano
10e7b81b9f Merge branch 'master' into ssh-ca 2019-09-05 23:06:01 +02:00
max furman
2b41faa9cf Enforce >= 2048 bit rsa keys at the provisioner layer
* Fixes #94
* In the future this should be configurable by provisioner
2019-08-27 14:44:59 -07:00
Mariano Cano
ca74bb1de5 Add ssh api tests. 2019-08-05 16:06:05 -07:00
Mariano Cano
ba2ba54928 Adapt api package to new interfaces. 2019-07-29 12:52:13 -07:00
max furman
ab4d569f36 Add /revoke API with interface db backend 2019-04-10 13:50:35 -07:00
Mariano Cano
64f2615864 Fix tests. 2019-03-25 12:35:21 -07:00
Mariano Cano
a97ea87caa Move options to provisioner so we can set the duration of the cert. 2019-03-07 15:14:18 -08:00
Mariano Cano
aa8385b8ba Fix api tests. 2019-03-07 13:15:07 -08:00
Mariano Cano
bcaba4f72a Fix api tests. 2019-03-06 18:41:01 -08:00
Mariano Cano
adbc496b40 Improve tests 2019-02-20 12:18:13 -08:00
Mariano Cano
b974957868 Add certificate information to logs.
Fixes smallstep/ca-component#147
2019-02-19 19:48:18 -08:00
Mariano Cano
8252608ca2 Fix mock 2019-01-14 14:33:00 -08:00
Mariano Cano
518b597535 Remove mTLS client requirement in /roots and /federation 2019-01-11 19:08:08 -08:00
Mariano Cano
d296cf95a9 Add mTLS request to get all the root CAs, not the federated ones. 2019-01-07 17:48:56 -08:00
Mariano Cano
37149ed3ea Add method to get all the certs. 2019-01-04 16:51:37 -08:00
max furman
c74fcd57a7 ca-component -> certificates
* fix redundant error check
* add README
2018-10-31 21:36:01 -07:00
max furman
0d9dd2d14b provisioner issuer -> name 2018-10-29 18:00:30 -07:00
Mariano Cano
e54086662f Add tests with cursors. 2018-10-25 19:28:45 -07:00
Mariano Cano
99cab73360 Remove unused import /provisioners/jwk-set-by-issuer 2018-10-25 18:55:18 -07:00
Mariano Cano
0ccf775f2e Add support for cursors in the api. 2018-10-25 18:53:13 -07:00
max furman
ee7db4006a change sign + authorize authority api | add provisioners
* authorize returns []interface{}
 - operators in this list can conform to any interface the user decides
 - our implementation has a combination of certificate claim validators
 and certificate template modifiers.
* provisioners can set and enforce tls cert options
2018-10-18 22:26:39 -07:00
max furman
828798418c gofmt 2018-10-15 15:27:14 -07:00