Mariano Cano
3f07eb597a
Implement revocation using linkedca.
2021-08-05 18:45:50 -07:00
Mariano Cano
81004ce1f9
Remove deprecated functions.
2021-08-05 17:36:18 -07:00
Mariano Cano
f643af7095
Update onboarding flow with new pki package.
2021-08-05 15:57:48 -07:00
Mariano Cano
79cf059447
Remove deprecated methods and write all pki files at once.
2021-08-05 15:57:13 -07:00
Mariano Cano
ad4dbd6764
Write all files on save.
2021-08-05 12:58:54 -07:00
Mariano Cano
50f7a0d0c0
Work in progress implementation of PKI with helm support
2021-08-04 20:15:26 -07:00
Mariano Cano
798b90c359
Move linkedca configuration to the main package.
2021-08-04 20:15:04 -07:00
Mariano Cano
de719eb6f0
Add an option to avoid password prompts on step cas
...
When we are using `step ca init` to create a stepcas RA we don't
have access to the password for verify the provisioner.
2021-08-04 16:16:35 -07:00
Mariano Cano
de292fbed6
Use branch version of linkedca.
2021-08-02 16:08:54 -07:00
Mariano Cano
721459210e
Make pki initialization more flexible.
2021-08-02 16:07:30 -07:00
Mariano Cano
384be6e205
Do not show provisioners if they are not required.
...
For deployment types like linked ca, the list of provisioners in
the ca.json are not required, so we should tag the json as omitempty.
2021-08-02 15:34:39 -07:00
Mariano Cano
b0e0f2b89d
Use linkedca GetAdmin and GetProvisioner.
2021-08-02 14:45:59 -07:00
Mariano Cano
91a369f618
Automatically enable admin properly on linked cas.
2021-08-02 12:13:39 -07:00
Mariano Cano
26122a2cbf
Enable admin automatically if a token is provided.
2021-08-02 11:48:37 -07:00
Mariano Cano
5344f42f21
Allow to use the environment variable STEP_CA_TOKEN
...
For helm charts we want to store the tokens in a secret and load
it from an environment variable.
2021-08-02 11:33:02 -07:00
Mariano Cano
2620c38aee
Add is converting provisioners to linkedca.
...
The ids are required to be able to link admins with provisioners.
2021-07-28 18:05:57 -07:00
Mariano Cano
e62d7988b8
Do not store password on exports.
2021-07-28 15:22:21 -07:00
Mariano Cano
ac363d7824
Add --password-file and --issuer-password-file flags to export.
2021-07-28 15:21:48 -07:00
Mariano Cano
4f27f4b002
Change default ciphersuites to newer names.
2021-07-28 13:56:05 -07:00
Mariano Cano
07f7316851
Add bastion to export.
2021-07-27 19:22:29 -07:00
Mariano Cano
0730a165fd
Add collection of files and authority template.
2021-07-27 19:19:58 -07:00
Mariano Cano
c7f8516142
Add to export all the information in the ca.json
2021-07-27 18:29:29 -07:00
Mariano Cano
887423ee6e
Update TLS cipher suites.
2021-07-27 18:29:10 -07:00
Mariano Cano
dc1ec18b52
Create a way to export ca configurations.
2021-07-26 19:01:56 -07:00
Mariano Cano
d0c1530f89
Remove replace of linkedca package.
2021-07-26 14:48:01 -07:00
Mariano Cano
3a00b6b396
Properly marshal a certificate when we send it to linkedca.
2021-07-26 14:31:42 -07:00
Mariano Cano
4ad82a2f76
Check linkedca for revocation.
2021-07-23 16:10:13 -07:00
Mariano Cano
f7542a5bd9
Move check of ssh revocation from provisioner to the authority.
2021-07-21 15:22:57 -07:00
Mariano Cano
71f8019243
Store x509 and ssh certificates on linkedca if enabled.
2021-07-20 18:16:24 -07:00
Mariano Cano
17eef81c91
Remove linkerd replace.
2021-07-20 14:55:07 -07:00
Mariano Cano
a72eab915b
Use linkedca v0.1.0
2021-07-20 12:59:59 -07:00
Mariano Cano
7c0faab73e
Remove now unused step-ca login.
2021-07-20 12:57:34 -07:00
Mariano Cano
8fb5340dc9
Use a token at start time to configure linkedca.
...
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
2021-07-19 19:28:06 -07:00
Mariano Cano
dd9850ce4c
Add working implementation of the linkedca.
...
Replaces the authority adminDB with a new impmentation that users the
linkedca client to retrieve the data.
Note that this implementation still hardcodes the endpoint to localhost.
2021-07-12 18:11:00 +02:00
Mariano Cano
49c1427d15
Use authorityId instead of authorityID.
...
In json or javascript world authorityId, userId, ... are more common
than authorityID, ...
2021-07-12 15:31:05 +02:00
Mariano Cano
f7e09af9df
Implement the login command.
...
The login commands creates a new certificate for the linked ca.
This certificate will be used to sync data with the linkedca
endpoint.
2021-07-12 15:28:13 +02:00
Max
b9743b36e1
Merge pull request #599 from smallstep/max/cert-mgr-crud
...
certificate manager
2021-07-08 16:29:30 -07:00
max furman
857a50434c
Merge branch 'master' into max/cert-mgr-crud
2021-07-08 16:25:52 -07:00
Max
517fab1b54
Merge pull request #602 from hslatman/hs/ip-verification
...
IP Identifier Validation [RFC8738]
2021-07-08 16:24:34 -07:00
max furman
681226a798
Merge branch 'master' into max/cert-mgr-crud
2021-07-08 16:21:09 -07:00
max furman
1df21b9b6a
Addressing comments in PR review
...
- added a bit of validation to admin create and update
- using protojson where possible in admin api
- fixing a few instances of admin -> acme in errors
2021-07-06 17:14:13 -07:00
Mariano Cano
bc14341387
Fix bootstrap command.
2021-07-06 16:35:00 +02:00
max furman
5679c9933d
Fixes from PR review
2021-07-03 12:08:30 -07:00
max furman
77fdfc9fa3
Merge branch 'master' into max/cert-mgr-crud
2021-07-02 20:26:46 -07:00
max furman
9fdef64709
Admin level API for provisioner mgmt v1
2021-07-02 19:05:17 -07:00
Herman Slatman
8e4a4ecc1f
Refactor tests for sans
2021-06-26 00:48:40 +02:00
Herman Slatman
87b72afa25
Fix IP equality check and add more tests
2021-06-26 00:13:44 +02:00
Herman Slatman
a6d33b7d06
Add tests for sans()
2021-06-25 17:21:22 +02:00
Herman Slatman
64c15fde7e
Add tests for canonicalize function
2021-06-25 14:07:40 +02:00
Herman Slatman
7843c90c4c
Merge branch 'master' of github.com:smallstep/certificates into hs/ip-verification
2021-06-25 13:30:41 +02:00