Commit graph

277 commits

Author SHA1 Message Date
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next 2022-03-24 12:36:12 +01:00
Mariano Cano
ad8a813abe Fix linter errors 2022-03-21 16:53:57 -07:00
Panagiotis Siatras
e6b2359273
ca: fixed import statement order 2022-03-18 20:21:01 +02:00
Panagiotis Siatras
9ba33bab4e
ca: refactored to use the read package 2022-03-18 20:21:00 +02:00
Mariano Cano
915911efb6 Disable http loggers in test.
They hide the test that fail on tests in the CI.
2022-03-15 12:26:00 -07:00
Mariano Cano
ead742ca0f Fix unit test 2022-03-15 12:13:01 -07:00
Herman Slatman
81b0c6c37c
Add API implementation for authority and provisioner policy 2022-03-15 15:56:04 +01:00
Mariano Cano
6dcde8a743 Fix typo 2022-03-11 15:22:53 -08:00
Mariano Cano
a4dd586a81 Add method to get the CA url from the client. 2022-03-11 15:13:39 -08:00
Mariano Cano
616490a9c6 Refactor renew after expiry token authorization
This changes adds a new authority method that authorizes the
renew after expiry tokens.
2022-03-10 20:21:01 -08:00
Mariano Cano
41ea67ce10 Attempt to fix a bootstrap tests 2022-03-10 13:01:31 -08:00
Herman Slatman
4ebf43c011
Merge pull request #820 from smallstep/herman/acme-api
Refactor ACME Admin API
2022-02-10 13:11:44 +01:00
Herman Slatman
5cb23c6029
Merge pull request #804 from smallstep/herman/normalize-ipv6-dns-names
Normalize IPv6 hostname addresses
2022-02-09 11:25:24 +01:00
Herman Slatman
d00729df0b
Refactor ACME Admin API 2022-02-08 13:26:30 +01:00
Chris Crook
11637b5793 Add descriptive provisioner JWK decryption error messages
Wrap other errors in decryption process with more helpful messaging.  This should help users troubleshoot misconfiguration more easily.

Fixes #816
2022-02-04 17:53:58 -05:00
Herman Slatman
bfa2245abb
Merge branch 'master' into herman/normalize-ipv6-dns-names 2022-02-03 17:24:08 +01:00
Herman Slatman
c7c5c3c94e
Merge branch 'master' into herman/scep-macos-renewal-fixes 2022-01-31 13:20:16 +01:00
Herman Slatman
fd9845e9c7
Add cursor and limit to ACME EAB DB interface 2022-01-24 14:03:56 +01:00
Herman Slatman
716b946e7a
Normalize IPv6 hostname addresses 2022-01-19 17:14:45 +01:00
Herman Slatman
64680bb16d
Fix PR comments 2022-01-19 11:31:33 +01:00
Herman Slatman
3612eefc31
Cleanup 2022-01-18 15:54:18 +01:00
Herman Slatman
9c6580ccd2
Fix macOS SCEP client issues
Fixes #746
2022-01-14 10:48:23 +01:00
Herman Slatman
30859d3c83
Remove server-side paging logic for ExternalAccountKeys 2022-01-06 14:09:35 +01:00
Herman Slatman
6929e31fe0
Merge branch 'master' into hs/acme-eab 2022-01-04 16:41:36 +01:00
Herman Slatman
22ff90f655
Merge branch 'master' into hs/acme-eab 2021-12-22 12:54:41 +01:00
Herman Slatman
07addd0cac
Fix linting issue 2021-12-22 11:58:00 +01:00
Herman Slatman
a68208a3ba
Set Step CLI User-Agent when performing ACME requests 2021-12-22 11:54:01 +01:00
Mariano Cano
2c63abcf52 fix grammar 2021-12-15 12:16:21 -08:00
Mariano Cano
7c4e6dcc96 Remove duplicated code in bootstrap methods 2021-12-15 11:24:46 -08:00
Mariano Cano
64c19d4264 Fix subject in test, use ip 2021-12-14 15:27:18 -08:00
Mariano Cano
b0b2e77b0e Avoid doing unauthenticated requests on the SDK
When step-ca runs with mTLS required on some endpoints, the SDK
used in autocert will fail to start because the identity certificate
is missing. This certificate is only required to retrieve all roots,
in most cases there's only one, and the SDK has access to it.
2021-12-14 14:42:38 -08:00
Herman Slatman
d799359917
Merge branch 'master' into hs/acme-eab 2021-12-09 13:58:40 +01:00
Herman Slatman
3bc3957b06
Merge branch 'master' into hs/acme-revocation 2021-12-09 09:36:52 +01:00
Herman Slatman
d0c23973cc
Merge branch 'master' into hs/acme-eab 2021-12-06 13:01:23 +01:00
Herman Slatman
2d357da99b
Add tests for ACME revocation 2021-11-26 17:27:42 +01:00
Mariano Cano
d35848f7a9 Fix unit tests. 2021-11-24 11:43:24 -08:00
Mariano Cano
b9beab071d Fix unit tests. 2021-11-23 18:43:36 -08:00
Mariano Cano
8c8db0d4b7 Modify errs.BadRequestErr() to always return an error to the client. 2021-11-18 18:17:36 -08:00
Mariano Cano
8ce807a6cb Modify errs.BadRequest() calls to always send an error to the client. 2021-11-18 15:12:44 -08:00
max furman
7fac8c96c3 Merge branch 'master' into max/context 2021-11-17 11:40:01 -08:00
max furman
a7d144996f SSH backwards compat updates
- use existence of new value in data map as boolean
- add tests for backwards and forwards compatibility
- fix old tests that used static dir locations
2021-11-16 21:47:14 -08:00
max furman
d777fc23c2 Add ca.WithInsecure and use methods for file names 2021-11-16 21:47:14 -08:00
max furman
e5951fd84c Use methods in the step package
* rather than variables set at execution time, which may not match the
actual current context
2021-11-16 21:47:14 -08:00
max furman
7eeebca529 Enable step path contexts in identity and pki paths 2021-11-16 21:47:14 -08:00
max furman
10db335f13 mv pkg config -> step 2021-11-16 21:47:14 -08:00
max furman
741ac64c61 change name of package cli-utils/config to cli-utils/step 2021-11-16 21:47:14 -08:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
Herman Slatman
bcd1240a0e
Merge branch 'master' into hs/acme-eab 2021-10-16 13:32:13 +02:00
Mariano Cano
36b622bfc2 Use Golang's default keep-alive.
Since Go 1.13 a net.Listen keep-alive is enabled by default if
the protocol and OS supports it. The new one is 15s to match
the net.Dial default one. Previously http.Server ListenAndServe
and ListenAndServeTLS used to add a wrapper with 3m that we
replicated.

See https://github.com/golang/go/issues/31510
2021-10-15 14:12:43 -07:00
Herman Slatman
dd4b4b0435
Fix remaining gocritic remarks 2021-10-11 23:34:23 +02:00