Commit graph

1533 commits

Author SHA1 Message Date
Mariano Cano
4c8bf87dc1 Use new admin template for K8ssa and admin-OIDC provisioners.
This change replaces the .Insecure.CR template to one that sets
all the SANs, but uses key usages and extended key usages for
regular TLS certificates.
2020-09-21 12:49:16 -07:00
Mariano Cano
309d9ddcc4
Merge pull request #374 from smallstep/missing-token-ids
Create a hash of a token if a token id is empty.
2020-09-21 10:02:58 -07:00
Mariano Cano
d79b4e709e Create a hash of a token if a token id is empty. 2020-09-18 16:25:08 -07:00
Mariano Cano
656315bd61
Merge pull request #371 from smallstep/bundle-awskms-init
Add step-awskms-init to the binary releases.
2020-09-18 11:12:26 -07:00
Mariano Cano
c2fd6a8421 Add step-awskms-init to the binary releases.
Fixes 332
2020-09-18 11:01:54 -07:00
Mariano Cano
4f3b24af8f
Merge pull request #370 from smallstep/yubi-management-key
Make the YubiKey management key configurable.
2020-09-17 16:15:24 -07:00
Mariano Cano
f100b2d0e3 Make the YubiKey management key configurable.
With this change the default management key is not required as the
user is able to set its own.

Fixes #323
2020-09-17 16:07:32 -07:00
Mariano Cano
a332c40530 Merge branch 'master' into cas 2020-09-17 14:46:52 -07:00
Mariano Cano
87bbcee239 Update go.sum 2020-09-17 11:17:46 -07:00
Mariano Cano
9573b47efb
Merge pull request #369 from acipia/master
avoid using yubikey attestation cert
2020-09-17 11:15:49 -07:00
max furman
3e874a1e72 Fix RHEL/CentOS install docs 2020-09-16 20:53:58 -07:00
Mariano Cano
884a6f5dd0 Skip test on CI. 2020-09-16 14:03:26 -07:00
Mariano Cano
91aa1e87f1 Do not use go 1.15 methods. 2020-09-16 13:51:49 -07:00
Mariano Cano
60515d92c5 Remove unnecessary properties. 2020-09-16 13:31:26 -07:00
Pierre Laden
692f7692a2 fix #2 indentation 2020-09-16 22:26:53 +02:00
Pierre Laden
290d5ee979 fix gofmt complain 2020-09-16 22:15:42 +02:00
Pierre Laden
179e793f1a - provide PINpolicy always to piv-go to avoid trying to use attestation cert, which we might not have
- bump piv-go version to 1.6.0
2020-09-16 21:59:48 +02:00
Mariano Cano
f2dd5c48cc Fix linting errors. 2020-09-16 12:41:43 -07:00
Mariano Cano
8957e5e5a2 Add missing tests 2020-09-16 12:34:42 -07:00
Mariano Cano
e146b3fe16 Add Unit tests for softcas. 2020-09-15 19:37:02 -07:00
Mariano Cano
1550a21f68 Fix unit tests. 2020-09-15 18:14:21 -07:00
Mariano Cano
e17ce39e3a Add support for Revoke using CAS. 2020-09-15 18:14:03 -07:00
Mariano Cano
144ffe73dd Complete unit tests for Google CAS. 2020-09-15 17:23:11 -07:00
Mariano Cano
f7d066fca8 Fix key usages. 2020-09-15 15:19:59 -07:00
Mariano Cano
01e6495f43 Add most of cloudcas unit tests and minor fixes. 2020-09-14 19:13:40 -07:00
Mariano Cano
8eff4e77a8 Comment request structs. 2020-09-14 19:12:49 -07:00
Mariano Cano
bd8dd9da41 Do not read issuer and signer twice. 2020-09-10 19:13:17 -07:00
Mariano Cano
aad8f9e582 Pass issuer and signer to softCAS options.
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
2020-09-10 19:09:46 -07:00
Mariano Cano
c8d9cb0a1d Complete cloudcas using CAS v1beta1. 2020-09-10 16:19:18 -07:00
Max
946aedca92
Merge pull request #368 from gucchisk/error_message
Fix error message of bad request
2020-09-10 08:04:37 -07:00
gucchisk
4ad6be2680 Fix error message of bad request 2020-09-10 23:45:44 +09:00
Mariano Cano
1b1f73dec6 Early attempt to develop a CAS interface. 2020-09-08 19:26:32 -07:00
Carl Tashian
b792f9144f
Merge pull request #364 from smallstep/docker-tweaks
Update Dockerfile.step-ca to match best practices
2020-09-08 18:11:21 -07:00
Mariano Cano
276e307a1d Add extra tests for CustomSSHTemplateOptions 2020-09-08 15:43:39 -07:00
Mariano Cano
3fc9124559
Merge pull request #366 from smallstep/max/ignore-null
Ignore `null` string for x509 and ssh templateData.
2020-09-08 15:42:58 -07:00
max furman
da9f0b09af Ignore null string for x509 and ssh templateData. 2020-09-08 13:59:22 -07:00
Carl Tashian
3b31c6d2f5 Change HEALTHCHECK to use step ca health. Change shell CMD exec to skip redundant /bin/sh -c 2020-09-08 09:44:35 -07:00
Mariano Cano
81c6e01269 Fix unit test. 2020-09-04 11:16:17 -07:00
Mariano Cano
3ac0ef2eaa Update crypto to v0.6.0 2020-09-02 18:08:24 -07:00
Mariano Cano
50d09c183b Fix example and use ClientCAs.
Server trust client certificates using ClientCAs instead of RootCAs.
2020-09-02 15:10:11 -07:00
Carl Tashian
6ffc438ed1 Update Dockerfile.step-ca to match best practices
- See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
- Added a .dockerignore file to reduce the build context size
- Added a HEALTHCHECK (curl the CA)
2020-09-02 11:41:47 -07:00
Max
54e43604ff
Merge pull request #363 from smallstep/max/k8ssa
Standardize k8ssa check on issuer name
2020-09-01 13:20:27 -07:00
Mariano Cano
f3b65e54ac Update go.step.sm to v0.5.0
Solves the problem of enforcing the signature algorithm. This
causes issues if the intermediate key is not an ECDSA key.
2020-09-01 12:44:46 -07:00
max furman
ce9af5c20f Standardize k8ssa check on issuer name 2020-08-31 20:56:00 -07:00
max furman
925edaede2 revert to skip_cleanup in travis 2020-08-31 14:28:31 -07:00
Mariano Cano
8ee246edda Upgrade go.step.sm to v0.4.0 2020-08-31 12:30:54 -07:00
Mariano Cano
ce5e1b4934 Fix merge issue. 2020-08-28 14:44:43 -07:00
Mariano Cano
35bd3ec383
Merge pull request #329 from smallstep/ssh-cert-templates
SSH cert templates
2020-08-28 14:42:58 -07:00
Mariano Cano
cef0475e71 Make clear what's a template/unsigned certificate. 2020-08-28 14:33:26 -07:00
Mariano Cano
4d375a06f5 Make clearer what's an unsigned cert. 2020-08-28 14:29:18 -07:00