Commit graph

134 commits

Author SHA1 Message Date
Mariano Cano
05cc1437b7 Remove unnecessary parse of certificate. 2020-02-13 17:48:43 -08:00
Mariano Cano
43bd8113aa Remove unnecessary comments. 2020-02-11 14:46:18 -08:00
Mariano Cano
69a1b68283 Merge branch 'ssh' into kms 2020-01-27 15:41:14 -08:00
max furman
b265877050 Simplify statuscoder error generators. 2020-01-24 13:46:11 -08:00
max furman
c387b21808 Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-22 17:25:23 -08:00
Mariano Cano
c62526b39f Add wip support for kms. 2020-01-09 18:42:26 -08:00
Mariano Cano
e67ccd9e3d Add fault tolerance against clock skew accross system on TLS certificates. 2020-01-02 17:48:28 -08:00
Mariano Cano
8eeb82d0ce Store renew certificate in the database. 2019-12-10 13:10:45 -08:00
Mariano Cano
0c3b9ebf45 Fix indentation. 2019-11-13 11:18:05 -08:00
max furman
a9ea292bd4 sshpop provisioner + ssh renew | revoke | rekey first pass 2019-11-05 16:41:42 -08:00
Jozef Kralik
bc6074f596 Change api of functions Authority.Sign, Authority.Renew
Returns certificate chain instead of 2 members.

Implements #126
2019-10-09 22:23:00 +02:00
max furman
fe7973c060 wip 2019-09-19 13:17:45 -07:00
Mariano Cano
2127d09ef3 Rename context type to apiCtx.
It will conflict with the context package.
2019-07-29 11:56:14 -07:00
max furman
ab4d569f36 Add /revoke API with interface db backend 2019-04-10 13:50:35 -07:00
Mariano Cano
8c8547bf65 Remove unnecessary parse and improve tests. 2019-03-20 18:11:45 -07:00
Mariano Cano
a3e2b4a552 Move certificate check to the right place. 2019-03-20 17:36:45 -07:00
Mariano Cano
30a6889d1f Use standard x509 instead of step one. 2019-03-20 17:12:52 -07:00
Mariano Cano
7fd737cbb1 Fix lint warnings. 2019-03-11 18:47:57 -07:00
Mariano Cano
1f5ff5c899 Fix sign and renew tests. 2019-03-11 18:15:24 -07:00
Mariano Cano
c0ef6f8dc5 Add missing modifier and change return codes. 2019-03-07 16:03:38 -08:00
Mariano Cano
a97ea87caa Move options to provisioner so we can set the duration of the cert. 2019-03-07 15:14:18 -08:00
Mariano Cano
1671ab2590 Fix some tests. 2019-03-07 12:15:18 -08:00
Mariano Cano
57b705f6cf Use provisioner sign options. 2019-03-06 17:37:49 -08:00
Mariano Cano
d78febec7a Fix extensions copy on renew
Fixes #36
2019-02-14 16:44:36 -08:00
max furman
7e43402575 bug fix: don't add common name to CSR validation claims in Sign
* added unit test for this case
2019-02-06 16:26:25 -08:00
max furman
e6e8443f3c allow multiple identical SANs in cert 2019-01-31 11:20:21 -06:00
max furman
f0683c2e0a Enable signing certificates with custom SANs
* validate against SANs in token. must be 1:1 equivalent.
2019-01-30 18:21:03 -06:00
Mariano Cano
d6cad2a7f3 Add provisioner option to disable renewal.
Fixes smallstep/ca-component#108
2018-11-01 15:43:24 -07:00
Mariano Cano
d574545d94 Format code with gofmt -s 2018-10-26 15:01:02 -07:00
max furman
7fa06643b2 change step provisioner OID and ASN1 representation 2018-10-26 14:24:16 -07:00
max furman
a4a461466b withProvisionerOID and unit test 2018-10-25 23:49:23 -07:00
max furman
ee7db4006a change sign + authorize authority api | add provisioners
* authorize returns []interface{}
 - operators in this list can conform to any interface the user decides
 - our implementation has a combination of certificate claim validators
 and certificate template modifiers.
* provisioners can set and enforce tls cert options
2018-10-18 22:26:39 -07:00
max furman
0b5f6487e1 change provisioners api
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
2018-10-11 23:03:00 -07:00
max furman
c284a2c0ab first commit 2018-10-05 21:48:36 +00:00