Commit graph

2389 commits

Author SHA1 Message Date
Herman Slatman
a2c9b5cd7e
Allow IP identifiers in subject, including authorization enforcement
To support IPs in the subject using `step-cli`, this PR ensures that
Subject Common Names that can be parsed as an IP are also checked
to have been authorized before.

The PR for `step-cli` is here: github.com/smallstep/cli/pull/576.
2021-12-13 15:34:56 +01:00
Herman Slatman
fbd3fd2145
Merge pull request #625 from hslatman/hs/acme-revocation
ACME Certificate Revocation
2021-12-09 09:48:02 +01:00
Herman Slatman
00539d07c9
Add changelog entry for ACME revocation 2021-12-09 09:42:38 +01:00
Herman Slatman
3bc3957b06
Merge branch 'master' into hs/acme-revocation 2021-12-09 09:36:52 +01:00
Herman Slatman
0524122191
Remove authorization flow for different Account private keys
As discussed in https://github.com/smallstep/certificates/issues/767,
we opted for not including this authorization flow to prevent users
from getting OOMs. We can add the functionality back when the
underlying data store can provide access to a long list of
Authorizations more efficiently, for example when a callback is
implemented.
2021-12-08 16:28:14 +01:00
Carl Tashian
53ebd85327 Update star gif size 2021-12-07 10:17:48 -08:00
Carl Tashian
c0255b7caa Update star gif 2021-12-07 10:07:50 -08:00
Carl Tashian
accb0710a1 Star gif 2021-12-07 10:02:44 -08:00
Mariano Cano
94afec7e1f
Merge pull request #758 from smallstep/errors-forbidden
Forbidden errors and more
2021-12-06 16:01:19 -08:00
Mariano Cano
e0fee84694 Add comment about public key validator. 2021-12-03 15:24:42 -08:00
Mariano Cano
0cebde3db5 Change fallback message on RekeySSH. 2021-12-03 15:12:00 -08:00
Herman Slatman
004fc054d5
Fix PR comments 2021-12-03 15:06:28 +01:00
Mariano Cano
9fd147f3da Change error message. 2021-12-02 16:44:57 -08:00
Herman Slatman
47a8a3c463
Add test case for ACME Revoke to Authority 2021-12-02 17:11:36 +01:00
Herman Slatman
06bb97c91e
Add logic for Account authorizations and improve tests 2021-12-02 16:25:35 +01:00
Herman Slatman
bae1d256ee
Improve tests for JWK vs. KID revoke auth flow
The logic for both test cases is fairly similar, but with some
small differences. Made those clearer by means of some comments.
Also added some comments to the middleware logic that decided
whether to extract JWK or lookup by KID.
2021-12-02 10:59:56 +01:00
Herman Slatman
a7fbbc4748
Add tests for GetCertificateBySerial 2021-11-28 21:20:57 +01:00
Herman Slatman
4d01cf8135
Increase test code coverage 2021-11-28 20:30:36 +01:00
Herman Slatman
2d357da99b
Add tests for ACME revocation 2021-11-26 17:27:42 +01:00
Herman Slatman
ed295ca15d
Fix linting issue 2021-11-25 00:44:21 +01:00
Herman Slatman
c9cd876a7d
Merge branch 'master' into hs/acme-revocation 2021-11-25 00:40:56 +01:00
Mariano Cano
78acf35bf4
Merge pull request #753 from scattered-network/docker-compose-go-mod-updates
Docker Example Fix: Remove Step Build
2021-11-24 14:42:44 -08:00
Mariano Cano
d35848f7a9 Fix unit tests. 2021-11-24 11:43:24 -08:00
Mariano Cano
c3f98fd04d Change some bad requests to forbidded.
Change in the sign options bad requests to forbidded if is the
provisioner the one adding a restriction, e.g. list of dns names,
validity, ...
2021-11-24 11:32:35 -08:00
JJ
cbb0f40696 Revert "Update Go Modules: Fixes Docker Example"
This reverts commit 11a1297bf5.
2021-11-24 04:45:51 +00:00
JJ
3c5d1c9d3f Use smallstep/small-cli as base image, remove step cli build 2021-11-24 04:44:28 +00:00
Mariano Cano
ff04873a2a Change the default error type to forbidden in Sign.
The errors will also be propagated from sign options.
2021-11-23 18:58:16 -08:00
Mariano Cano
b9beab071d Fix unit tests. 2021-11-23 18:43:36 -08:00
Mariano Cano
507a272b4d Return always http errors in sign options. 2021-11-23 18:32:33 -08:00
Carl Tashian
d83ca96d2a Fixes #757 2021-11-23 18:12:31 -08:00
Mariano Cano
a33709ce8d Fix sign ssh options tests. 2021-11-23 18:06:18 -08:00
Mariano Cano
1da7ea6646 Return always http errors in sign ssh options. 2021-11-23 17:52:39 -08:00
Mariano Cano
031d4d7000 Return BadRequest when validating sign options. 2021-11-23 17:52:17 -08:00
Carl Tashian
a067b3acad Add a note about reload-or-try-restart in systemd 2021-11-23 17:23:24 -08:00
Mariano Cano
bb26799583 Modify errs.Wrap with forbidden errors. 2021-11-23 12:04:51 -08:00
Mariano Cano
b5db3f5706 Modify errs.ForbiddenErr to always return an error to the cli. 2021-11-23 11:52:55 -08:00
Mariano Cano
4f84cef0cf
Merge pull request #752 from smallstep/errors-bad-request
Bad request errors
2021-11-22 13:16:04 -08:00
Carl Tashian
d925bc6ba9 Fix systemd renewer to use sh 2021-11-22 11:03:05 -08:00
JJ
11a1297bf5 Update Go Modules: Fixes Docker Example
go.mod: update requirements to fix build errors in docker example
go.sum: hashes updated to match updated requirements
2021-11-20 17:17:21 -08:00
Herman Slatman
2d50c96d99
Merge branch 'master' into hs/acme-revocation 2021-11-19 17:00:18 +01:00
Mariano Cano
aa3fdf8fb9 Do not overwrite errors. 2021-11-18 19:03:43 -08:00
Mariano Cano
b6ebd118fc Update temporal solution for sending message to users 2021-11-18 18:47:55 -08:00
Mariano Cano
668d3ea6c7 Modify errs.Wrap() with bad request to send messages to users. 2021-11-18 18:44:58 -08:00
Mariano Cano
8c8db0d4b7 Modify errs.BadRequestErr() to always return an error to the client. 2021-11-18 18:17:36 -08:00
Mariano Cano
8ce807a6cb Modify errs.BadRequest() calls to always send an error to the client. 2021-11-18 15:12:44 -08:00
max furman
8d229b9a60 update commented template names to match reality 2021-11-17 21:42:53 -08:00
Mariano Cano
91878051c1
Merge pull request #741 from gdbelvin/ssh
Support CSR Requests from PKCS11
2021-11-17 16:07:23 -08:00
Mariano Cano
febb619882 Add some extra validation and print certificate objects
This commit also changes the following flags for consistency:
  - --crt-cert to --crt-cert-obj
  - --crt-key to --crt-key-obj
2021-11-17 15:48:52 -08:00
max furman
fca7de6696 changelog update for 0.18.0 2021-11-17 12:33:03 -08:00
Max
de2ce5cf9f
Merge pull request #692 from smallstep/max/context
Context management
2021-11-17 12:06:42 -08:00