Commit graph

330 commits

Author SHA1 Message Date
Herman Slatman
f81d49d963
Add first working version of External Account Binding 2021-07-17 17:35:44 +02:00
max furman
77fdfc9fa3 Merge branch 'master' into max/cert-mgr-crud 2021-07-02 20:26:46 -07:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
Herman Slatman
a64974c179 Fix small typo in divisible 2021-05-26 16:15:26 -07:00
Herman Slatman
d46a4eaca4 Change fmt to errors package for formatting errors 2021-05-26 16:15:26 -07:00
Herman Slatman
2beea1aa89 Add configuration option for specifying the minimum public key length
Instead of using the defaultPublicKeyValidator a new validator called
publicKeyMinimumLengthValidator has been implemented that uses a
configurable minimum length for public keys in CSRs.

It's also an option to alter the defaultPublicKeyValidator to also
take a parameter, but that would touch quite some lines of code. This
might be a viable option after merging SCEP support.
2021-05-26 16:15:26 -07:00
Herman Slatman
4168449935 Fix typo 2021-05-26 16:15:26 -07:00
Herman Slatman
fa100a5138 Mask challenge password after it has been read 2021-05-26 16:15:26 -07:00
Herman Slatman
97b88c4d58 Address (most) PR comments 2021-05-26 16:12:57 -07:00
Herman Slatman
4fe7179b95 Add support for configuring capabilities (cacaps) 2021-05-26 16:08:24 -07:00
Herman Slatman
3b86550dbf Add support for challenge password 2021-05-26 16:08:24 -07:00
Herman Slatman
da65f46d0f Add AuthorizeSign method to SCEP authority 2021-05-26 16:04:21 -07:00
Herman Slatman
2a249d20de Refactor initialization of SCEP authority 2021-05-26 16:04:19 -07:00
Herman Slatman
339039768c Refactor SCEP authority initialization and clean some code 2021-05-26 16:00:08 -07:00
Herman Slatman
48c86716a0 Add rudimentary (and incomplete) support for SCEP 2021-05-26 15:58:04 -07:00
max furman
638766c615 wip 2021-05-19 18:23:20 -07:00
max furman
4f3e5ef64d wip 2021-05-19 15:20:16 -07:00
max furman
5d09d04d14 wip 2021-05-19 15:20:16 -07:00
max furman
7b5d6968a5 first commit 2021-05-19 15:20:16 -07:00
Herman Slatman
a3ec890e71
Fix small typo in divisible 2021-05-07 00:31:34 +02:00
Herman Slatman
d0a9cbc797
Change fmt to errors package for formatting errors 2021-05-07 00:22:06 +02:00
Herman Slatman
ff1b46c95d
Add configuration option for specifying the minimum public key length
Instead of using the defaultPublicKeyValidator a new validator called
publicKeyMinimumLengthValidator has been implemented that uses a
configurable minimum length for public keys in CSRs.

It's also an option to alter the defaultPublicKeyValidator to also
take a parameter, but that would touch quite some lines of code. This
might be a viable option after merging SCEP support.
2021-05-06 22:56:28 +02:00
Herman Slatman
c04f556dc2
Merge branch 'master' into hs/scep 2021-05-06 22:00:29 +02:00
Cristian Le
d7eec869c2 Fix the previous tests 2021-05-05 10:37:30 +09:00
Cristian Le
c2d30f7260 gofmt everything 2021-05-05 10:29:47 +09:00
Cristian Le
f38a72a62b Leftover from previous commit 2021-05-05 10:17:08 +09:00
Cristian Le
1d2445e1d8 Removed the variadic username
Could be useful later on, but for the current PR changes should be minimized
2021-05-05 10:12:38 +09:00
Cristian Le
9e00b82bdf Revert oidc_test.go
Moving the `preferred_username` to a separate PR
2021-05-05 08:49:03 +09:00
Cristian Le
decf0fc8ce Revert using preferred_username
It might present a security issue if the users can change this value for themselves. Needs further investigation
2021-05-05 08:15:26 +09:00
Cristian Le
21732f213b Fix shadow issue in CI 2021-05-05 08:15:26 +09:00
Mariano Cano
08e5ec6ad1 Fix IsAdminGroup comment. 2021-05-05 08:15:26 +09:00
Mariano Cano
46c1dc80fb Use map[string]struct{} instead of map[string]bool 2021-05-05 08:15:26 +09:00
Mariano Cano
aafac179a5 Add test for oidc with preferred usernames. 2021-05-05 08:15:26 +09:00
Cristian Le
f730c0bec4 Sanitize usernames 2021-05-05 08:15:26 +09:00
Cristian Le
48666792c7 Draft: adding usernames to GetIdentityFunc 2021-05-05 08:15:26 +09:00
Cristian Le
79eec83f3e Rename and reformat to PreferredUsername 2021-05-05 08:15:26 +09:00
Cristian Le
09a21fef26 Implement #550
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
2021-05-05 08:15:26 +09:00
Herman Slatman
2336936b5c
Fix typo 2021-04-16 15:49:33 +02:00
Herman Slatman
9787728fbd
Mask challenge password after it has been read 2021-04-16 14:09:34 +02:00
Herman Slatman
0487686f69
Merge branch 'master' into hs/scep 2021-04-16 13:25:01 +02:00
max furman
2ae43ef2dc [acme db interface] wip errors 2021-03-25 12:05:46 -07:00
Herman Slatman
583d60dc0d
Address (most) PR comments 2021-03-21 16:42:41 +01:00
Herman Slatman
2536a08dc2
Add support for configuring capabilities (cacaps) 2021-03-07 00:50:00 +01:00
Herman Slatman
e4d7ea8fa0
Add support for challenge password 2021-03-07 00:30:37 +01:00
Herman Slatman
311c9d767b
Add AuthorizeSign method to SCEP authority 2021-02-26 14:00:47 +01:00
Herman Slatman
7ad90d10b3
Refactor initialization of SCEP authority 2021-02-26 00:32:21 +01:00
Herman Slatman
713b571d7a
Refactor SCEP authority initialization and clean some code 2021-02-12 17:02:39 +01:00
Herman Slatman
ffdd58ea3c
Add rudimentary (and incomplete) support for SCEP 2021-02-12 12:03:08 +01:00
max furman
16665c97f0 Allow empty SAN in CSR for validation ...
- The default template will always use the SANs from the token.
- If there are any SANs they must be validated against the token.
2021-01-14 15:26:46 -06:00
Mariano Cano
5017b7d21f Recalculate token id instead of validating it. 2020-12-17 14:52:34 -08:00