Commit graph

73 commits

Author SHA1 Message Date
Herman Slatman
f17bfdf57d
Reformat the SSH certificate logging output for read- and parsability 2023-05-08 13:46:20 +02:00
Herman Slatman
81140f859c
Fix valid-from and valid-to times 2023-05-04 16:15:03 +02:00
Herman Slatman
39e658b527
Add test for LogSSHCertificate 2023-05-04 15:52:49 +02:00
Herman Slatman
c365d8580e
Move provisioner marshaling logic to api package 2022-12-13 10:26:34 +01:00
Mariano Cano
c7f226bcec
Add support for renew when using stepcas
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.

The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.

Fixes #1021 for stepcas
2022-11-04 16:42:07 -07:00
Raal Goff
d2483f3a70 Merge branch 'master' into crl-support
# Conflicts:
#	authority/config/config.go
2022-09-08 09:45:04 +08:00
Mariano Cano
23b8f45b37 Address gosec warnings
Most if not all false positives
2022-08-18 17:46:20 -07:00
Raal Goff
9fa5f46213 add minor doco, Test_CRLGeneration(), fix some issues from merge 2022-07-13 08:56:47 +08:00
Raal Goff
60671b07d7 Merge branch 'master' into crl-support
# Conflicts:
#	api/api.go
#	authority/config/config.go
#	cas/softcas/softcas.go
#	db/db.go
2022-07-13 08:52:58 +08:00
Mariano Cano
43ddcf2efe Do not use deprecated AuthorizeSign 2022-05-04 17:35:34 -07:00
Mariano Cano
817af3d696 Fix unit tests on the api package 2022-04-27 10:38:53 -07:00
Raal Goff
49c41636cc implemented some requested changes 2022-04-06 08:31:40 +08:00
Andrew Reed
d5d70baba7
Add /roots.pem handler (#866)
* Add /roots.pem handler

* Review changes

* Remove no peer cert test case
2022-03-28 09:18:18 -05:00
Panagiotis Siatras
29092b9d8a
api: refactored to use the read package 2022-03-18 20:20:59 +02:00
Mariano Cano
616490a9c6 Refactor renew after expiry token authorization
This changes adds a new authority method that authorizes the
renew after expiry tokens.
2022-03-10 20:21:01 -08:00
Mariano Cano
afb5d36206 Allow to renew certificates using an x5c-like token. 2022-03-09 20:37:41 -08:00
Herman Slatman
5fe9909174
Refactor AdminAuthority interface 2021-12-22 15:30:40 +01:00
Herman Slatman
2215a05c28
Add tests for ACME EAB Admin
Refactored some of the existing bits for testing the Authority
API by creation of a new LinkedAuthority interface and changing
visibility of the MockAuthority to be usable by other packages.

At this time, not all of the functions of MockAuthority it usable
yet. Will refactor when needed or requested.
2021-12-08 15:19:38 +01:00
Mariano Cano
8c8db0d4b7 Modify errs.BadRequestErr() to always return an error to the client. 2021-11-18 18:17:36 -08:00
Mariano Cano
8ce807a6cb Modify errs.BadRequest() calls to always send an error to the client. 2021-11-18 15:12:44 -08:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
Mariano Cano
c1c986922b Show Ed25519 in the public-key log field. 2021-05-06 18:09:40 -07:00
max furman
f88f58440f add //nolint for new 1.16 deprecation warnings
- dsa
- pem.DecryptPEMBlock
2021-02-18 20:14:20 -08:00
Mariano Cano
ba918100d0 Use go.step.sm/crypto/jose
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
Mariano Cano
4943ae58d8 Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates. 2020-08-10 15:29:18 -07:00
Mariano Cano
e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 2020-08-10 11:26:51 -07:00
Mariano Cano
6c64fb3ed2 Rename provisioner options structs:
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
2020-07-22 18:24:45 -07:00
max furman
fd05f3249b A few last fixes and tests added for rekey/renew ...
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
2020-07-09 12:11:40 -07:00
dharanikumar-s
dfda497929 Renamed RenewOrRekey to Rekey 2020-07-08 11:47:59 +05:30
dharanikumar-s
a3b5211e0f gofmted the code 2020-07-05 22:40:36 +05:30
dharanikumar-s
954fda657b Added renewOrRekey to mockAuthority. Added Test_caHandler_Rekey 2020-07-05 22:05:00 +05:30
Mariano Cano
fa416336a8 Add context to tests. 2020-03-10 19:17:32 -07:00
max furman
1cb8bb3ae1 Simplify statuscoder error generators. 2020-01-28 13:29:40 -08:00
max furman
dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-28 13:29:40 -08:00
Mariano Cano
dedf6b17be Addapt tests to the api change. 2020-01-28 13:29:39 -08:00
Mariano Cano
b179ad3662 Fix api tests. 2020-01-28 13:29:39 -08:00
Mariano Cano
8bf3bf701e Add support for /ssh/bastion method. 2020-01-28 13:28:16 -08:00
Mariano Cano
0ae9bab21e Fix api tests. 2020-01-28 13:28:16 -08:00
Mariano Cano
d880a98295 Add tests for ssh api methods. 2020-01-28 13:28:16 -08:00
Mariano Cano
d08db4df23 Rename SSH methods. 2020-01-28 13:28:16 -08:00
Mariano Cano
91130b9c3f Add support for user data in templates. 2020-01-28 13:28:16 -08:00
Mariano Cano
a35988ff08 Add initial support for ssh config.
Related to smallstep/cli#170
2020-01-28 13:28:16 -08:00
Mariano Cano
961be1fbc7 Add endpoint to return the SSH public keys.
Related to smallstep/ca-component#195
2020-01-28 13:28:16 -08:00
Jozef Kralik
bc6074f596 Change api of functions Authority.Sign, Authority.Renew
Returns certificate chain instead of 2 members.

Implements #126
2019-10-09 22:23:00 +02:00
max furman
e3826dd1c3 Add ACME CA capabilities 2019-09-13 15:48:33 -07:00
max furman
61d52a8510 Small fixes associated with PR review
* additions and grammar edits to documentation
* clarification of error msgs
2019-09-08 21:05:36 -07:00
Mariano Cano
10e7b81b9f Merge branch 'master' into ssh-ca 2019-09-05 23:06:01 +02:00
max furman
2b41faa9cf Enforce >= 2048 bit rsa keys at the provisioner layer
* Fixes #94
* In the future this should be configurable by provisioner
2019-08-27 14:44:59 -07:00