Commit graph

1851 commits

Author SHA1 Message Date
Herman Slatman
d0a9cbc797
Change fmt to errors package for formatting errors 2021-05-07 00:22:06 +02:00
Herman Slatman
ff1b46c95d
Add configuration option for specifying the minimum public key length
Instead of using the defaultPublicKeyValidator a new validator called
publicKeyMinimumLengthValidator has been implemented that uses a
configurable minimum length for public keys in CSRs.

It's also an option to alter the defaultPublicKeyValidator to also
take a parameter, but that would touch quite some lines of code. This
might be a viable option after merging SCEP support.
2021-05-06 22:56:28 +02:00
Herman Slatman
c04f556dc2
Merge branch 'master' into hs/scep 2021-05-06 22:00:29 +02:00
Mariano Cano
5a6517ca5b
Merge pull request #561 from LecrisUT/master
Check admin privileges from group membership
2021-05-05 16:57:13 -07:00
Cristian Le
d7eec869c2 Fix the previous tests 2021-05-05 10:37:30 +09:00
Cristian Le
c2d30f7260 gofmt everything 2021-05-05 10:29:47 +09:00
Cristian Le
f38a72a62b Leftover from previous commit 2021-05-05 10:17:08 +09:00
Cristian Le
1d2445e1d8 Removed the variadic username
Could be useful later on, but for the current PR changes should be minimized
2021-05-05 10:12:38 +09:00
Cristian Le
9e00b82bdf Revert oidc_test.go
Moving the `preferred_username` to a separate PR
2021-05-05 08:49:03 +09:00
Cristian Le
cd67d64eec Merge remote-tracking branch 'origin/master' 2021-05-05 08:16:14 +09:00
Cristian Le
decf0fc8ce Revert using preferred_username
It might present a security issue if the users can change this value for themselves. Needs further investigation
2021-05-05 08:15:26 +09:00
Cristian Le
21732f213b Fix shadow issue in CI 2021-05-05 08:15:26 +09:00
Mariano Cano
08e5ec6ad1 Fix IsAdminGroup comment. 2021-05-05 08:15:26 +09:00
Mariano Cano
46c1dc80fb Use map[string]struct{} instead of map[string]bool 2021-05-05 08:15:26 +09:00
Mariano Cano
aafac179a5 Add test for oidc with preferred usernames. 2021-05-05 08:15:26 +09:00
Cristian Le
f730c0bec4 Sanitize usernames 2021-05-05 08:15:26 +09:00
Cristian Le
48666792c7 Draft: adding usernames to GetIdentityFunc 2021-05-05 08:15:26 +09:00
Cristian Le
79eec83f3e Rename and reformat to PreferredUsername 2021-05-05 08:15:26 +09:00
Cristian Le
09a21fef26 Implement #550
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
2021-05-05 08:15:26 +09:00
Cristian Le
bb1e051b27 Revert using preferred_username
It might present a security issue if the users can change this value for themselves. Needs further investigation
2021-05-05 08:12:17 +09:00
Max
1ee288f9fb
Merge pull request #565 from smallstep/max/load-init
Init config on load | Add wrapper for cli
2021-05-04 15:02:41 -07:00
max furman
8c709fe3c2 Init config on load | Add wrapper for cli 2021-05-04 14:45:11 -07:00
max furman
9a156d2210 Remove distribution doc. 2021-05-04 12:30:05 -07:00
max furman
bc4bf224e8 [action] Add needs-triage labeler 2021-05-04 11:30:20 -07:00
Cristian Le
e5b206c1de Fix shadow issue in CI 2021-05-04 13:47:17 +09:00
Carl Tashian
0295280c20 Merge branch 'master' of https://github.com/smallstep/certificates 2021-05-03 16:19:47 -07:00
Carl Tashian
25325b6970 Revert systemd renewer unit change that was incorrect
This reverts commit 75f24a103a.
2021-05-03 16:19:36 -07:00
Mariano Cano
484b30d0a1 Fix IsAdminGroup comment. 2021-04-29 18:47:17 -07:00
Mariano Cano
9cc410b308 Use map[string]struct{} instead of map[string]bool 2021-04-29 18:40:04 -07:00
Mariano Cano
c8eb771a8e Add test for oidc with preferred usernames. 2021-04-29 18:37:48 -07:00
Cristian Le
8b1ab30212 Sanitize usernames 2021-04-30 09:41:06 +09:00
Cristian Le
bf364f0a5f Draft: adding usernames to GetIdentityFunc 2021-04-30 09:14:28 +09:00
Cristian Le
861ef80e0d Rename and reformat to PreferredUsername 2021-04-30 08:44:41 +09:00
Mariano Cano
b9b1ac04d1
Merge pull request #562 from smallstep/renew-db-interface
Renew DB interface and Rekey
2021-04-29 16:28:46 -07:00
Mariano Cano
5846314f88 Add missing Rekey method to the ca.Client
Fixes #315
2021-04-29 16:06:45 -07:00
Mariano Cano
2cbaee9c1d Allow to use an alternative interface to store renewed certs.
This can be useful to know if a certificate has been renewed and
link one certificate with the 'parent'.
2021-04-29 15:55:22 -07:00
Herman Slatman
68d5f6d0d2
Merge branch 'master' into hs/scep 2021-04-29 22:18:00 +02:00
Cristian Le
55fbcfb3be Implement #550
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
2021-04-29 15:44:21 +09:00
Mariano Cano
582d6b161d
Merge pull request #531 from smallstep/tls-tunnel
Add experimental support for a TLS over TLS tunnel.
2021-04-26 18:51:33 -07:00
Mariano Cano
1328aa3e47 Fix review comments. 2021-04-26 18:45:46 -07:00
Mariano Cano
d3c6bcbcce
Merge pull request #553 from smallstep/store-chain
Add extension of db.AuthDB to store the fullchain
2021-04-26 14:37:05 -07:00
Mariano Cano
e6833ecee3 Add extension of db.AuthDB to store the fullchain.
Add a temporary solution to allow an extension of an db.AuthDB
interface that logs the fullchain of certificates instead of just
the leaf.
2021-04-26 12:28:51 -07:00
Mariano Cano
50b9aaec57 Add new identity tests. 2021-04-21 18:07:59 -07:00
Mariano Cano
e414d0c8ea Fix unit tests. 2021-04-21 16:20:53 -07:00
Mariano Cano
c5234e9c61 Refactor tls tunnel connections.
New method will use an identity-like file with the configuration
used to create the (m)TLS connection to the tunnel.
2021-04-21 16:20:53 -07:00
Mariano Cano
180b5c3e3c Fix typo. 2021-04-21 16:20:53 -07:00
Mariano Cano
e75a9409a5 Add experimental support for a TLS over TLS tunnel. 2021-04-21 16:20:53 -07:00
Carl Tashian
75f24a103a Sync cert renewer service with docs 2021-04-20 17:04:18 -07:00
Carl Tashian
e50c5bc4b1 Remove pronoun 2021-04-19 12:08:42 -07:00
Mariano Cano
3769a2760a
Merge pull request #543 from smallstep/no-nonce-on-get
Remove the creation on nonce on get acme directory
2021-04-16 13:20:06 -07:00