Mariano Cano
ef92a3a6d7
Move cas options under authority.
2020-10-19 18:08:51 -07:00
Mariano Cano
7d1686dc53
Add option to specify the AWS IID certificates to use.
...
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.
Fixes #393
2020-10-13 17:51:24 -07:00
Mariano Cano
647b9b4541
Merge pull request #367 from smallstep/cas
...
Support for CAS Interface and CloudCAS
2020-10-05 18:09:01 -07:00
Mariano Cano
3e0ab8fba7
Fix typo.
2020-10-05 18:00:50 -07:00
Mariano Cano
d64427487d
Add comment about the missing error check.
2020-10-05 17:39:44 -07:00
Mariano Cano
072adc906e
Print root fingerprint for CloudCAS.
2020-09-22 13:23:48 -07:00
Mariano Cano
38fa780775
Add interface to get root certificate from CAS.
...
This change makes easier the configuration of cloudCAS as it does
not require to configure the root or intermediate certificate
in the ca.json. CloudCAS will get the root certificate using
the configured certificateAuthority.
2020-09-21 15:27:20 -07:00
Mariano Cano
4c8bf87dc1
Use new admin template for K8ssa and admin-OIDC provisioners.
...
This change replaces the .Insecure.CR template to one that sets
all the SANs, but uses key usages and extended key usages for
regular TLS certificates.
2020-09-21 12:49:16 -07:00
Mariano Cano
d79b4e709e
Create a hash of a token if a token id is empty.
2020-09-18 16:25:08 -07:00
Mariano Cano
60515d92c5
Remove unnecessary properties.
2020-09-16 13:31:26 -07:00
Mariano Cano
1550a21f68
Fix unit tests.
2020-09-15 18:14:21 -07:00
Mariano Cano
e17ce39e3a
Add support for Revoke using CAS.
2020-09-15 18:14:03 -07:00
Mariano Cano
bd8dd9da41
Do not read issuer and signer twice.
2020-09-10 19:13:17 -07:00
Mariano Cano
aad8f9e582
Pass issuer and signer to softCAS options.
...
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
2020-09-10 19:09:46 -07:00
Mariano Cano
1b1f73dec6
Early attempt to develop a CAS interface.
2020-09-08 19:26:32 -07:00
Mariano Cano
276e307a1d
Add extra tests for CustomSSHTemplateOptions
2020-09-08 15:43:39 -07:00
max furman
da9f0b09af
Ignore null
string for x509 and ssh templateData.
2020-09-08 13:59:22 -07:00
Mariano Cano
81c6e01269
Fix unit test.
2020-09-04 11:16:17 -07:00
max furman
ce9af5c20f
Standardize k8ssa check on issuer name
2020-08-31 20:56:00 -07:00
Mariano Cano
8ee246edda
Upgrade go.step.sm to v0.4.0
2020-08-31 12:30:54 -07:00
Mariano Cano
ce5e1b4934
Fix merge issue.
2020-08-28 14:44:43 -07:00
Mariano Cano
35bd3ec383
Merge pull request #329 from smallstep/ssh-cert-templates
...
SSH cert templates
2020-08-28 14:42:58 -07:00
Mariano Cano
cef0475e71
Make clear what's a template/unsigned certificate.
2020-08-28 14:33:26 -07:00
Mariano Cano
4d375a06f5
Make clearer what's an unsigned cert.
2020-08-28 14:29:18 -07:00
Mariano Cano
b7269b6579
Fix comment.
2020-08-28 14:22:13 -07:00
Mariano Cano
c94a1c51be
Merge branch 'master' into ssh-cert-templates
2020-08-24 15:08:28 -07:00
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
max furman
46fc922afd
Remove unused code; fix usage wrong word; add gap time for unit test
2020-08-20 18:48:17 -07:00
max furman
81875074e3
tie -> the in comment
2020-08-20 15:15:15 -07:00
max furman
cb594ed2e0
go mod tidy and golang 1.15.0 cleanup ...
...
- cs.NegotiatedProtocolIsMutual has been deprecated but we still build
in travis with 1.14 so for now we'll ignore this linting error
- string(int) was resolving to string of a single rune rather than
string of digits -> use fmt.Sprint
2020-08-17 13:48:37 -07:00
Mariano Cano
b900a7a2fc
Fix error message in tests.
2020-08-14 15:38:54 -07:00
Mariano Cano
d30a95236d
Use always go.step.sm/crypto
2020-08-14 15:33:50 -07:00
Mariano Cano
aaaa7e9b4e
Merge branch 'master' into cert-templates
2020-08-14 10:45:41 -07:00
Mariano Cano
3577d696c7
Use new x509util in tls_test.go
2020-08-10 18:14:32 -07:00
Mariano Cano
0a59efd853
Use new x509util to generate the CA certificate.
2020-08-10 16:09:22 -07:00
Mariano Cano
4943ae58d8
Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates.
2020-08-10 15:29:18 -07:00
Mariano Cano
e83e47a91e
Use sshutil and randutil from go.step.sm/crypto.
2020-08-10 11:26:51 -07:00
Mariano Cano
ce1eb0a01b
Use new x509util for renew/rekey.
2020-08-05 19:09:06 -07:00
Mariano Cano
f437b86a7b
Merge branch 'cert-templates' into ssh-cert-templates
2020-08-05 18:43:07 -07:00
Mariano Cano
c8d225a763
Use x509util from go.step.sm/crypto/x509util
2020-08-05 16:02:46 -07:00
Mariano Cano
37f84e9bb3
Add delay in test.
2020-08-03 19:01:15 -07:00
Mariano Cano
342cb713ee
Add test with custom templates.
2020-08-03 18:51:47 -07:00
Mariano Cano
8d89bbd62f
Remove unused code.
2020-08-03 18:39:02 -07:00
Mariano Cano
c4bbc81d9f
Fix authority tests.
2020-08-03 18:36:05 -07:00
Mariano Cano
413af88aad
Fix provisioning tests.
2020-08-03 18:10:29 -07:00
Mariano Cano
b66bdfabcd
Enforce an OIDC users to send all template variables.
2020-08-03 15:28:48 -07:00
Mariano Cano
9822305bb6
Use only the IID template on IID provisioners.
...
Use always sshutil.DefaultIIDCertificate and require at least one
principal on IID provisioners.
2020-08-03 15:11:42 -07:00
Mariano Cano
aa657cdb4b
Use SSHOptions inside provisioner options.
2020-07-30 18:44:52 -07:00
Mariano Cano
02379d494b
Add support for extensions and critical options on the identity
...
function.
2020-07-30 17:45:03 -07:00
Mariano Cano
8ff8d90f8c
On JWK and X5C validate the key id on the request.
2020-07-30 17:45:03 -07:00