certificates

Author	SHA1	Message	Date
Herman Slatman	6e1f8dd7ab	Refactor policy engines into container	2022-04-26 13:12:16 +02:00
Herman Slatman	76112c2da1	Improve error creation and testing for core policy engine	2022-04-26 01:47:07 +02:00
Herman Slatman	3fa96ebf13	Improve policy errors returned to client	2022-04-24 13:11:32 +02:00
Herman Slatman	ad2de16299	Merge branch 'master' into herman/allow-deny	2022-04-19 10:26:31 +02:00
Mariano Cano	fe9c3cf753	Merge branch 'master' into ahmet2mir-feat/vault	2022-04-18 15:35:26 -07:00
Herman Slatman	abcad679ff	Merge branch 'master' into herman/allow-deny	2022-04-18 21:54:55 +02:00
Mariano Cano	ea5f7f2acc	Fix SANs for step-ca certificate Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>	2022-04-12 13:57:55 -07:00
Mariano Cano	37b521ec6c	Merge branch 'master' into feat/vault	2022-04-11 14:57:45 -07:00
Herman Slatman	9797b3350e	Merge branch 'master' into herman/allow-deny	2022-04-08 16:01:56 +02:00
Mariano Cano	db337debcd	Load provisioner from the database instead of the extension.	2022-04-05 19:25:47 -07:00
Herman Slatman	571b21abbc	Fix (most) PR comments	2022-03-31 16:12:29 +02:00
Herman Slatman	b49307f326	Fix ACME order tests with mock ACME CA	2022-03-24 18:34:04 +01:00
Herman Slatman	9e0edc7b50	Add early authority policy evaluation to ACME order API	2022-03-24 14:55:40 +01:00
Herman Slatman	613c99f00f	Fix linting issues	2022-03-24 13:10:49 +01:00
Mariano Cano	9d027c17d0	Send current provisioner on PostCertificate	2022-03-21 19:24:05 -07:00
Herman Slatman	101ca6a2d3	Check admin subjects before changing policy	2022-03-21 15:53:59 +01:00
Herman Slatman	81b0c6c37c	Add API implementation for authority and provisioner policy	2022-03-15 15:56:04 +01:00
Herman Slatman	7c541888ad	Refactor configuration of allow/deny on authority level	2022-03-08 13:26:07 +01:00
Mariano Cano	c0525381eb	Merge branch 'master' into feat/vault	2022-02-16 18:19:23 -08:00
Herman Slatman	5cb23c6029	Merge pull request #804 from smallstep/herman/normalize-ipv6-dns-names Normalize IPv6 hostname addresses	2022-02-09 11:25:24 +01:00
Herman Slatman	e887ccaa07	Ensure the CA TLS certificate represents IPv6 DNS names as IP in cert If an IPv6 domain name (i.e. [::1]) is provided manually in the `ca.json`, this commit will ensure that it's represented as an IP SAN in the TLS certificate. Before this change, the IPv6 would become a DNS SAN.	2022-02-03 14:21:23 +01:00
Mariano Cano	300c19f8b9	Add a custom enforcer that can be used to modify a cert.	2022-02-02 14:36:58 -08:00
Ahmet DEMIR	68b980d689	feat(authority): avoid hardcoded cn in authority csr	2022-01-13 20:30:54 +01:00
Herman Slatman	50c3bce98d	Change if/if to if/else-if when checking the type of JSON error	2022-01-12 21:34:38 +01:00
Herman Slatman	a3cf6bac36	Add special handling for *json.UnmarshalTypeError	2022-01-12 11:15:39 +01:00
Herman Slatman	0475a4d26f	Refactor extraction of JSON template syntax errors	2022-01-12 10:41:36 +01:00
Herman Slatman	a5455d3572	Improve errors related to template execution failures (slightly)	2022-01-10 15:49:37 +01:00
Herman Slatman	3bc3957b06	Merge branch 'master' into hs/acme-revocation	2021-12-09 09:36:52 +01:00
Herman Slatman	47a8a3c463	Add test case for ACME Revoke to Authority	2021-12-02 17:11:36 +01:00
Herman Slatman	c9cd876a7d	Merge branch 'master' into hs/acme-revocation	2021-11-25 00:40:56 +01:00
Mariano Cano	ff04873a2a	Change the default error type to forbidden in Sign. The errors will also be propagated from sign options.	2021-11-23 18:58:16 -08:00
Mariano Cano	668d3ea6c7	Modify errs.Wrap() with bad request to send messages to users.	2021-11-18 18:44:58 -08:00
Mariano Cano	8ce807a6cb	Modify errs.BadRequest() calls to always send an error to the client.	2021-11-18 15:12:44 -08:00
Herman Slatman	3151255a25	Merge branch 'master' into hs/acme-revocation	2021-10-30 15:41:29 +02:00
max furman	933b40a02a	Introduce gocritic linter and address warnings	2021-10-08 14:59:57 -04:00
Mariano Cano	42fde8ba28	Merge branch 'master' into linkedca	2021-08-25 15:56:50 -07:00
Mariano Cano	9e5762fe06	Allow the reuse of azure token if DisableTrustOnFirstUse is true Azure caches tokens for 24h and we cannot issue a new certificate for the same instance in that period of time. The meaning of this parameter is to allow the signing of multiple certificate in one instance. This is possible in GCP, because we get a new token, and is possible in AWS because we can generate a new one. On Azure there was no other way to do it unless you wait for 24h. Fixes #656	2021-08-11 11:50:54 -07:00
Mariano Cano	d72fa953ac	Remove debug statements.	2021-08-05 18:50:18 -07:00
Mariano Cano	3f07eb597a	Implement revocation using linkedca.	2021-08-05 18:45:50 -07:00
Mariano Cano	0730a165fd	Add collection of files and authority template.	2021-07-27 19:19:58 -07:00
Mariano Cano	71f8019243	Store x509 and ssh certificates on linkedca if enabled.	2021-07-20 18:16:24 -07:00
Herman Slatman	8f7e700f09	Merge branch 'master' into hs/acme-revocation	2021-07-09 11:22:25 +02:00
max furman	9fdef64709	Admin level API for provisioner mgmt v1	2021-07-02 19:05:17 -07:00
Herman Slatman	84e7d468f2	Improve handling of ACME revocation	2021-07-03 00:21:17 +02:00
max furman	7b5d6968a5	first commit	2021-05-19 15:20:16 -07:00
Mariano Cano	2cbaee9c1d	Allow to use an alternative interface to store renewed certs. This can be useful to know if a certificate has been renewed and link one certificate with the 'parent'.	2021-04-29 15:55:22 -07:00
Mariano Cano	e6833ecee3	Add extension of db.AuthDB to store the fullchain. Add a temporary solution to allow an extension of an db.AuthDB interface that logs the fullchain of certificates instead of just the leaf.	2021-04-26 12:28:51 -07:00
Mariano Cano	0b8528ce6b	Allow mTLS revocation without provisioner.	2021-03-22 13:37:31 -07:00
Mariano Cano	bcf70206ac	Add support for revocation using an extra provisioner in the RA.	2021-03-17 19:47:36 -07:00
Mariano Cano	a6115e29c2	Add initial implementation of StepCAS. StepCAS allows to configure step-ca as an RA using another step-ca as the main CA.	2021-03-17 19:33:35 -07:00

1 2 3

119 commits