certificates

Author	SHA1	Message	Date
Mariano Cano	6a1d0cb9f8	Add linkedca conversions.	2022-01-04 18:42:57 -08:00
Mariano Cano	de51c2edfb	More unit tests for nebula.	2022-01-04 18:16:41 -08:00
Mariano Cano	99845d38bb	Add some extra unit tests for nebula.	2022-01-04 12:06:44 -08:00
Mariano Cano	76794ce613	Use default SANs without sans in the token. Fix step claim condition in SSH	2022-01-04 12:05:58 -08:00
Mariano Cano	9ec0276887	Update certificate set with new api.	2022-01-03 18:54:01 -08:00
Mariano Cano	cb72796a2d	Fix decoding of certificate.	2021-12-29 16:07:05 -08:00
Mariano Cano	32390a2964	Add initial implementation of a nebula provisioner. A nebula provisioner will generate a X509 or SSH certificate with the identities in the nebula certificate embedded in the token. The token is signed with the private key of the nebula certificate.	2021-12-29 14:12:03 -08:00
Herman Slatman	3bc3957b06	Merge branch 'master' into hs/acme-revocation	2021-12-09 09:36:52 +01:00
Mariano Cano	e0fee84694	Add comment about public key validator.	2021-12-03 15:24:42 -08:00
Herman Slatman	47a8a3c463	Add test case for ACME Revoke to Authority	2021-12-02 17:11:36 +01:00
Herman Slatman	a7fbbc4748	Add tests for GetCertificateBySerial	2021-11-28 21:20:57 +01:00
Herman Slatman	2d357da99b	Add tests for ACME revocation	2021-11-26 17:27:42 +01:00
Herman Slatman	c9cd876a7d	Merge branch 'master' into hs/acme-revocation	2021-11-25 00:40:56 +01:00
Mariano Cano	d35848f7a9	Fix unit tests.	2021-11-24 11:43:24 -08:00
Mariano Cano	c3f98fd04d	Change some bad requests to forbidded. Change in the sign options bad requests to forbidded if is the provisioner the one adding a restriction, e.g. list of dns names, validity, ...	2021-11-24 11:32:35 -08:00
Mariano Cano	ff04873a2a	Change the default error type to forbidden in Sign. The errors will also be propagated from sign options.	2021-11-23 18:58:16 -08:00
Mariano Cano	b9beab071d	Fix unit tests.	2021-11-23 18:43:36 -08:00
Mariano Cano	507a272b4d	Return always http errors in sign options.	2021-11-23 18:32:33 -08:00
Mariano Cano	a33709ce8d	Fix sign ssh options tests.	2021-11-23 18:06:18 -08:00
Mariano Cano	1da7ea6646	Return always http errors in sign ssh options.	2021-11-23 17:52:39 -08:00
Mariano Cano	031d4d7000	Return BadRequest when validating sign options.	2021-11-23 17:52:17 -08:00
Mariano Cano	bb26799583	Modify errs.Wrap with forbidden errors.	2021-11-23 12:04:51 -08:00
Herman Slatman	2d50c96d99	Merge branch 'master' into hs/acme-revocation	2021-11-19 17:00:18 +01:00
Mariano Cano	b6ebd118fc	Update temporal solution for sending message to users	2021-11-18 18:47:55 -08:00
Mariano Cano	668d3ea6c7	Modify errs.Wrap() with bad request to send messages to users.	2021-11-18 18:44:58 -08:00
Mariano Cano	8c8db0d4b7	Modify errs.BadRequestErr() to always return an error to the client.	2021-11-18 18:17:36 -08:00
Mariano Cano	8ce807a6cb	Modify errs.BadRequest() calls to always send an error to the client.	2021-11-18 15:12:44 -08:00
Max	de2ce5cf9f	Merge pull request #692 from smallstep/max/context Context management	2021-11-17 12:06:42 -08:00
Mariano Cano	440616cffa	Merge pull request #750 from smallstep/duration-errors Report duration errors directly to the cli.	2021-11-17 12:06:31 -08:00
Mariano Cano	acd0bac025	Remove extra and in comment.	2021-11-17 12:03:29 -08:00
Mariano Cano	1aadd63cef	Use always badRequest on duration errors.	2021-11-17 12:00:54 -08:00
Mariano Cano	41fec1577d	Report duration errors directly to the cli.	2021-11-17 11:46:57 -08:00
max furman	7fac8c96c3	Merge branch 'master' into max/context	2021-11-17 11:40:01 -08:00
max furman	922d239171	Simplify conditional	2021-11-16 21:47:14 -08:00
max furman	a7d144996f	SSH backwards compat updates - use existence of new value in data map as boolean - add tests for backwards and forwards compatibility - fix old tests that used static dir locations	2021-11-16 21:47:14 -08:00
max furman	507be61e8c	Use a more distint map key to indicate template version - make the key a variable that can be reused on the CLI side.	2021-11-16 21:47:14 -08:00
max furman	f426c152a9	backwards compatibility for version of cli older than v0.18.0	2021-11-16 21:47:14 -08:00
max furman	ed4b56732e	updates after rebase to keep up with master	2021-11-16 21:47:14 -08:00
Herman Slatman	e7a988b2cd	Pin golangci-lint to v1.43.0 and fix issues	2021-11-13 01:30:03 +01:00
Herman Slatman	3151255a25	Merge branch 'master' into hs/acme-revocation	2021-10-30 15:41:29 +02:00
max furman	933b40a02a	Introduce gocritic linter and address warnings	2021-10-08 14:59:57 -04:00
Mariano Cano	9fb6df3abb	Fix ssh template variables when CA is injected using options.	2021-09-28 18:50:45 -07:00
Mariano Cano	aedd7fcc05	Be able to start a SSH host or SSH user only CA In previous versions if the host or user CA is not configured, the start of step-ca was crashing. This allows to configure a user or host only ssh ca.	2021-09-28 15:07:09 -07:00
Mariano Cano	a50654b468	Check for admins in both emails and groups.	2021-09-23 15:49:28 -07:00
max furman	2d5bfd3485	fix comment	2021-09-22 11:56:52 -07:00
Mariano Cano	6729c79253	Add support for setting individual password for ssh and tls keys This change add the following flags: * --ssh-host-password-file * --ssh-user-password-file Fixes #693	2021-09-16 11:55:41 -07:00
Mariano Cano	141c519171	Simplify check of principals in a case insensitive way Fixes #679	2021-09-08 16:00:33 -07:00
Fearghal O Floinn	7a94b0c157	Converts group and subgroup to lowercase for comparison. Fixes #679	2021-09-08 12:24:49 +01:00
Mariano Cano	f919535475	Add an extra way to distinguish Azure and Azure OIDC tokens. We used to distinguish these tokens using the azp claim, but this claim does not appear on new azure oidc tokens, at least on some configurations. This change will try to load by audience (client id) if the token contains an email, required for OIDC.	2021-08-30 16:37:29 -07:00
Mariano Cano	097a918da7	Fix tests when we create re-use a token with a new authority.	2021-08-30 16:36:18 -07:00

1 2 3 4 5 ...

726 commits