Mariano Cano
8e6d7accf8
Do not add the CRL distribution points extension.
...
This extension is added by CloudCAS.
2020-09-21 17:09:46 -07:00
Mariano Cano
38fa780775
Add interface to get root certificate from CAS.
...
This change makes easier the configuration of cloudCAS as it does
not require to configure the root or intermediate certificate
in the ca.json. CloudCAS will get the root certificate using
the configured certificateAuthority.
2020-09-21 15:27:20 -07:00
Mariano Cano
fa099f2ae2
Change method name.
2020-09-21 15:11:25 -07:00
Mariano Cano
d0086fe9ba
Merge pull request #375 from smallstep/admin-templates
...
Use new admin template for K8ssa and admin-OIDC provisioners.
2020-09-21 13:58:09 -07:00
Mariano Cano
4c8bf87dc1
Use new admin template for K8ssa and admin-OIDC provisioners.
...
This change replaces the .Insecure.CR template to one that sets
all the SANs, but uses key usages and extended key usages for
regular TLS certificates.
2020-09-21 12:49:16 -07:00
Mariano Cano
309d9ddcc4
Merge pull request #374 from smallstep/missing-token-ids
...
Create a hash of a token if a token id is empty.
2020-09-21 10:02:58 -07:00
Mariano Cano
d79b4e709e
Create a hash of a token if a token id is empty.
2020-09-18 16:25:08 -07:00
Mariano Cano
656315bd61
Merge pull request #371 from smallstep/bundle-awskms-init
...
Add step-awskms-init to the binary releases.
2020-09-18 11:12:26 -07:00
Mariano Cano
c2fd6a8421
Add step-awskms-init to the binary releases.
...
Fixes 332
2020-09-18 11:01:54 -07:00
Mariano Cano
4f3b24af8f
Merge pull request #370 from smallstep/yubi-management-key
...
Make the YubiKey management key configurable.
2020-09-17 16:15:24 -07:00
Mariano Cano
f100b2d0e3
Make the YubiKey management key configurable.
...
With this change the default management key is not required as the
user is able to set its own.
Fixes #323
2020-09-17 16:07:32 -07:00
Mariano Cano
a332c40530
Merge branch 'master' into cas
2020-09-17 14:46:52 -07:00
Mariano Cano
87bbcee239
Update go.sum
2020-09-17 11:17:46 -07:00
Mariano Cano
9573b47efb
Merge pull request #369 from acipia/master
...
avoid using yubikey attestation cert
2020-09-17 11:15:49 -07:00
max furman
3e874a1e72
Fix RHEL/CentOS install docs
2020-09-16 20:53:58 -07:00
Mariano Cano
884a6f5dd0
Skip test on CI.
2020-09-16 14:03:26 -07:00
Mariano Cano
91aa1e87f1
Do not use go 1.15 methods.
2020-09-16 13:51:49 -07:00
Mariano Cano
60515d92c5
Remove unnecessary properties.
2020-09-16 13:31:26 -07:00
Pierre Laden
692f7692a2
fix #2 indentation
2020-09-16 22:26:53 +02:00
Pierre Laden
290d5ee979
fix gofmt complain
2020-09-16 22:15:42 +02:00
Pierre Laden
179e793f1a
- provide PINpolicy always to piv-go to avoid trying to use attestation cert, which we might not have
...
- bump piv-go version to 1.6.0
2020-09-16 21:59:48 +02:00
Mariano Cano
f2dd5c48cc
Fix linting errors.
2020-09-16 12:41:43 -07:00
Mariano Cano
8957e5e5a2
Add missing tests
2020-09-16 12:34:42 -07:00
Mariano Cano
e146b3fe16
Add Unit tests for softcas.
2020-09-15 19:37:02 -07:00
Mariano Cano
1550a21f68
Fix unit tests.
2020-09-15 18:14:21 -07:00
Mariano Cano
e17ce39e3a
Add support for Revoke using CAS.
2020-09-15 18:14:03 -07:00
Mariano Cano
144ffe73dd
Complete unit tests for Google CAS.
2020-09-15 17:23:11 -07:00
Mariano Cano
f7d066fca8
Fix key usages.
2020-09-15 15:19:59 -07:00
Mariano Cano
01e6495f43
Add most of cloudcas unit tests and minor fixes.
2020-09-14 19:13:40 -07:00
Mariano Cano
8eff4e77a8
Comment request structs.
2020-09-14 19:12:49 -07:00
Mariano Cano
bd8dd9da41
Do not read issuer and signer twice.
2020-09-10 19:13:17 -07:00
Mariano Cano
aad8f9e582
Pass issuer and signer to softCAS options.
...
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
2020-09-10 19:09:46 -07:00
Mariano Cano
c8d9cb0a1d
Complete cloudcas using CAS v1beta1.
2020-09-10 16:19:18 -07:00
Max
946aedca92
Merge pull request #368 from gucchisk/error_message
...
Fix error message of bad request
2020-09-10 08:04:37 -07:00
gucchisk
4ad6be2680
Fix error message of bad request
2020-09-10 23:45:44 +09:00
Mariano Cano
1b1f73dec6
Early attempt to develop a CAS interface.
2020-09-08 19:26:32 -07:00
Carl Tashian
b792f9144f
Merge pull request #364 from smallstep/docker-tweaks
...
Update Dockerfile.step-ca to match best practices
2020-09-08 18:11:21 -07:00
Mariano Cano
276e307a1d
Add extra tests for CustomSSHTemplateOptions
2020-09-08 15:43:39 -07:00
Mariano Cano
3fc9124559
Merge pull request #366 from smallstep/max/ignore-null
...
Ignore `null` string for x509 and ssh templateData.
2020-09-08 15:42:58 -07:00
max furman
da9f0b09af
Ignore null
string for x509 and ssh templateData.
2020-09-08 13:59:22 -07:00
Carl Tashian
3b31c6d2f5
Change HEALTHCHECK
to use step ca health
. Change shell CMD exec
to skip redundant /bin/sh -c
2020-09-08 09:44:35 -07:00
Mariano Cano
81c6e01269
Fix unit test.
2020-09-04 11:16:17 -07:00
Mariano Cano
3ac0ef2eaa
Update crypto to v0.6.0
2020-09-02 18:08:24 -07:00
Mariano Cano
50d09c183b
Fix example and use ClientCAs.
...
Server trust client certificates using ClientCAs instead of RootCAs.
2020-09-02 15:10:11 -07:00
Carl Tashian
6ffc438ed1
Update Dockerfile.step-ca to match best practices
...
- See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
- Added a .dockerignore file to reduce the build context size
- Added a HEALTHCHECK (curl the CA)
2020-09-02 11:41:47 -07:00
Max
54e43604ff
Merge pull request #363 from smallstep/max/k8ssa
...
Standardize k8ssa check on issuer name
2020-09-01 13:20:27 -07:00
Mariano Cano
f3b65e54ac
Update go.step.sm to v0.5.0
...
Solves the problem of enforcing the signature algorithm. This
causes issues if the intermediate key is not an ECDSA key.
2020-09-01 12:44:46 -07:00
max furman
ce9af5c20f
Standardize k8ssa check on issuer name
2020-08-31 20:56:00 -07:00
max furman
925edaede2
revert to skip_cleanup in travis
2020-08-31 14:28:31 -07:00
Mariano Cano
8ee246edda
Upgrade go.step.sm to v0.4.0
2020-08-31 12:30:54 -07:00