Commit graph

1688 commits

Author SHA1 Message Date
Mariano Cano
072adc906e Print root fingerprint for CloudCAS. 2020-09-22 13:23:48 -07:00
Mariano Cano
8e6d7accf8 Do not add the CRL distribution points extension.
This extension is added by CloudCAS.
2020-09-21 17:09:46 -07:00
Mariano Cano
38fa780775 Add interface to get root certificate from CAS.
This change makes easier the configuration of cloudCAS as it does
not require to configure the root or intermediate certificate
in the ca.json. CloudCAS will get the root certificate using
the configured certificateAuthority.
2020-09-21 15:27:20 -07:00
Mariano Cano
fa099f2ae2 Change method name. 2020-09-21 15:11:25 -07:00
Mariano Cano
d0086fe9ba
Merge pull request #375 from smallstep/admin-templates
Use new admin template for K8ssa and admin-OIDC provisioners.
2020-09-21 13:58:09 -07:00
Mariano Cano
4c8bf87dc1 Use new admin template for K8ssa and admin-OIDC provisioners.
This change replaces the .Insecure.CR template to one that sets
all the SANs, but uses key usages and extended key usages for
regular TLS certificates.
2020-09-21 12:49:16 -07:00
Mariano Cano
309d9ddcc4
Merge pull request #374 from smallstep/missing-token-ids
Create a hash of a token if a token id is empty.
2020-09-21 10:02:58 -07:00
Mariano Cano
d79b4e709e Create a hash of a token if a token id is empty. 2020-09-18 16:25:08 -07:00
Mariano Cano
656315bd61
Merge pull request #371 from smallstep/bundle-awskms-init
Add step-awskms-init to the binary releases.
2020-09-18 11:12:26 -07:00
Mariano Cano
c2fd6a8421 Add step-awskms-init to the binary releases.
Fixes 332
2020-09-18 11:01:54 -07:00
Mariano Cano
4f3b24af8f
Merge pull request #370 from smallstep/yubi-management-key
Make the YubiKey management key configurable.
2020-09-17 16:15:24 -07:00
Mariano Cano
f100b2d0e3 Make the YubiKey management key configurable.
With this change the default management key is not required as the
user is able to set its own.

Fixes #323
2020-09-17 16:07:32 -07:00
Mariano Cano
a332c40530 Merge branch 'master' into cas 2020-09-17 14:46:52 -07:00
Mariano Cano
87bbcee239 Update go.sum 2020-09-17 11:17:46 -07:00
Mariano Cano
9573b47efb
Merge pull request #369 from acipia/master
avoid using yubikey attestation cert
2020-09-17 11:15:49 -07:00
max furman
3e874a1e72 Fix RHEL/CentOS install docs 2020-09-16 20:53:58 -07:00
Mariano Cano
884a6f5dd0 Skip test on CI. 2020-09-16 14:03:26 -07:00
Mariano Cano
91aa1e87f1 Do not use go 1.15 methods. 2020-09-16 13:51:49 -07:00
Mariano Cano
60515d92c5 Remove unnecessary properties. 2020-09-16 13:31:26 -07:00
Pierre Laden
692f7692a2 fix #2 indentation 2020-09-16 22:26:53 +02:00
Pierre Laden
290d5ee979 fix gofmt complain 2020-09-16 22:15:42 +02:00
Pierre Laden
179e793f1a - provide PINpolicy always to piv-go to avoid trying to use attestation cert, which we might not have
- bump piv-go version to 1.6.0
2020-09-16 21:59:48 +02:00
Mariano Cano
f2dd5c48cc Fix linting errors. 2020-09-16 12:41:43 -07:00
Mariano Cano
8957e5e5a2 Add missing tests 2020-09-16 12:34:42 -07:00
Mariano Cano
e146b3fe16 Add Unit tests for softcas. 2020-09-15 19:37:02 -07:00
Mariano Cano
1550a21f68 Fix unit tests. 2020-09-15 18:14:21 -07:00
Mariano Cano
e17ce39e3a Add support for Revoke using CAS. 2020-09-15 18:14:03 -07:00
Mariano Cano
144ffe73dd Complete unit tests for Google CAS. 2020-09-15 17:23:11 -07:00
Mariano Cano
f7d066fca8 Fix key usages. 2020-09-15 15:19:59 -07:00
Mariano Cano
01e6495f43 Add most of cloudcas unit tests and minor fixes. 2020-09-14 19:13:40 -07:00
Mariano Cano
8eff4e77a8 Comment request structs. 2020-09-14 19:12:49 -07:00
Mariano Cano
bd8dd9da41 Do not read issuer and signer twice. 2020-09-10 19:13:17 -07:00
Mariano Cano
aad8f9e582 Pass issuer and signer to softCAS options.
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
2020-09-10 19:09:46 -07:00
Mariano Cano
c8d9cb0a1d Complete cloudcas using CAS v1beta1. 2020-09-10 16:19:18 -07:00
Max
946aedca92
Merge pull request #368 from gucchisk/error_message
Fix error message of bad request
2020-09-10 08:04:37 -07:00
gucchisk
4ad6be2680 Fix error message of bad request 2020-09-10 23:45:44 +09:00
Mariano Cano
1b1f73dec6 Early attempt to develop a CAS interface. 2020-09-08 19:26:32 -07:00
Carl Tashian
b792f9144f
Merge pull request #364 from smallstep/docker-tweaks
Update Dockerfile.step-ca to match best practices
2020-09-08 18:11:21 -07:00
Mariano Cano
276e307a1d Add extra tests for CustomSSHTemplateOptions 2020-09-08 15:43:39 -07:00
Mariano Cano
3fc9124559
Merge pull request #366 from smallstep/max/ignore-null
Ignore `null` string for x509 and ssh templateData.
2020-09-08 15:42:58 -07:00
max furman
da9f0b09af Ignore null string for x509 and ssh templateData. 2020-09-08 13:59:22 -07:00
Carl Tashian
3b31c6d2f5 Change HEALTHCHECK to use step ca health. Change shell CMD exec to skip redundant /bin/sh -c 2020-09-08 09:44:35 -07:00
Mariano Cano
81c6e01269 Fix unit test. 2020-09-04 11:16:17 -07:00
Mariano Cano
3ac0ef2eaa Update crypto to v0.6.0 2020-09-02 18:08:24 -07:00
Mariano Cano
50d09c183b Fix example and use ClientCAs.
Server trust client certificates using ClientCAs instead of RootCAs.
2020-09-02 15:10:11 -07:00
Carl Tashian
6ffc438ed1 Update Dockerfile.step-ca to match best practices
- See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
- Added a .dockerignore file to reduce the build context size
- Added a HEALTHCHECK (curl the CA)
2020-09-02 11:41:47 -07:00
Max
54e43604ff
Merge pull request #363 from smallstep/max/k8ssa
Standardize k8ssa check on issuer name
2020-09-01 13:20:27 -07:00
Mariano Cano
f3b65e54ac Update go.step.sm to v0.5.0
Solves the problem of enforcing the signature algorithm. This
causes issues if the intermediate key is not an ECDSA key.
2020-09-01 12:44:46 -07:00
max furman
ce9af5c20f Standardize k8ssa check on issuer name 2020-08-31 20:56:00 -07:00
max furman
925edaede2 revert to skip_cleanup in travis 2020-08-31 14:28:31 -07:00