Commit graph

133 commits

Author SHA1 Message Date
Mariano Cano
8200d19894
Improve CRL implementation
This commit adds some changes to PR #731, some of them are:
- Add distribution point to the CRL
- Properly stop the goroutine that generates the CRLs
- CRL config validation
- Remove expired certificates from the CRL
- Require enable set to true to generate a CRL

This last point is the principal change in behaviour from the previous
implementation. The CRL will not be generated if it's not enabled, and
if it is enabled it will always be regenerated at some point, not only
if there is a revocation.
2022-10-26 18:55:24 -07:00
Raal Goff
d0e81af524 Merge branch 'master' into crl-support 2022-09-30 08:45:48 +08:00
max furman
7c5e5b2b87
Even more linter fixes 2022-09-20 21:48:04 -07:00
max furman
6af9437875
Rebase over master and a few more linter fixes 2022-09-20 19:05:12 -07:00
max furman
18a648cffa
Fix linter warning about bad error name 2022-09-20 19:05:12 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
b0d24fb801 Fix test with gcloud local credentialss 2022-09-16 12:35:09 -07:00
Raal Goff
924082bb49 fix linter errors 2022-09-08 10:09:37 +08:00
Raal Goff
d2483f3a70 Merge branch 'master' into crl-support
# Conflicts:
#	authority/config/config.go
2022-09-08 09:45:04 +08:00
Mariano Cano
a7fcfe0e4e Verify with roots and intermediates 2022-08-30 17:11:44 -07:00
Mariano Cano
ea8579f3df Fix bad signature algorithm on EC+RSA PKI
When the root certificate has an EC key and he intermediate has an
RSA key, the signature algorithm of the leafs should be the default
one, SHA256WithRSA, instead of the one that the intermediate has.

Fixes #1033
2022-08-30 16:49:56 -07:00
Mariano Cano
8bd0174251 Rename field to IsCAServerCert 2022-08-11 15:14:26 -07:00
Mariano Cano
5df1694250 Add endpoint id for the RA certificate
In a linked RA mode, send an endpoint id to group the server
certificates.
2022-08-11 14:47:11 -07:00
Mariano Cano
eb091aec54 Simplify field names for ProvisionerInfo 2022-08-10 17:44:14 -07:00
Mariano Cano
369b8f81c3 Use go.step.sm/crypto/kms
Fixes #975
2022-08-08 17:58:18 -07:00
Mariano Cano
f1aabaa99c Use functions from os instead of io/ioutil 2022-08-08 12:12:53 -07:00
Mariano Cano
c5c7c30cc2 Fix typo in ProvisionerInfo 2022-08-04 10:07:20 -07:00
Mariano Cano
64744562c6 Send RA provisioner to linkedca. 2022-08-03 18:44:25 -07:00
Mariano Cano
6b5d3dca95 Add provisioner name to RA info 2022-08-03 18:44:04 -07:00
Mariano Cano
9648fe6b4c Remove debug statement 2022-08-03 15:32:39 -07:00
Mariano Cano
7a1e6a0e1f Fix and extend stepcas unit tests 2022-08-03 11:57:42 -07:00
Mariano Cano
9408d0f24b Send RA provisioner information to the CA 2022-08-02 19:28:49 -07:00
Raal Goff
60671b07d7 Merge branch 'master' into crl-support
# Conflicts:
#	api/api.go
#	authority/config/config.go
#	cas/softcas/softcas.go
#	db/db.go
2022-07-13 08:52:58 +08:00
Mariano Cano
f140874e42
Merge pull request #958 from smallstep/rsa-signature-algorithm
Sign certificates with the issuer signature algorithm
2022-06-16 15:08:10 -07:00
Mariano Cano
31af1efa48 Sign certificates with the issuer signature algorithm
An RSA key can sign another certificates using the RSA PKCS#1
and the RSA-PSS scheme, this change will keep the signature
algorithm used in the issuer in the signed certificates instead
of using PKCS#1 by default.
2022-06-15 19:10:58 -07:00
Mariano Cano
34f926804d
Merge pull request #954 from shuLhan/shulhan-gofmt
all: reformat all go files with the next gofmt (Go 1.19)
2022-06-15 18:11:51 -07:00
Shulhan
ee53530d1f
cas/cloudcas: update test on createPublicKey for the next Go release
The next Go release call panic on elliptic.Marshal [1][2], which
affect the test case fail_ec_marshal on createPublicKey.

This changes fix this by initializing the P and B in test case
PublicKey CurveParams to prevent panic.

[1] https://github.com/golang/go/issues/50975
[2] a218b3520a
2022-06-16 03:01:38 +07:00
Shulhan
fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19)
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
2022-06-16 01:28:59 +07:00
Erik DeLamarter
07984a968f
better error messages
Co-authored-by: Mariano Cano <mariano.cano@gmail.com>
2022-05-21 21:11:52 +02:00
Erik De Lamarter
9ec154aab0
rewrite and improve secret-id config 2022-05-21 21:06:15 +02:00
Erik De Lamarter
6989c7f146
vault auth unit tests 2022-05-21 21:06:15 +02:00
Erik De Lamarter
6c44291d8d
refactor vault auth 2022-05-21 21:06:15 +02:00
Erik De Lamarter
dec1067add
vault kubernetes auth 2022-05-21 21:06:14 +02:00
Mariano Cano
3aebe8d019 Add missing comma in comment. 2022-04-15 12:19:32 -07:00
Mariano Cano
e29c85bbd4 Use errors and fmt instead of pkg/errors. 2022-04-12 14:04:46 -07:00
Mariano Cano
76c483c36f Add missing comments. 2022-04-12 11:15:28 -07:00
Mariano Cano
48bc20c9f3 Unify json parameters. 2022-04-12 11:11:36 -07:00
Mariano Cano
790a19c6f6
make json names uniform
Co-authored-by: Ahmet Demir <ahmet2mir+github@gmail.com>
2022-04-12 10:01:22 -07:00
Mariano Cano
967d9136ca Cleanup Vault CAS integration 2022-04-11 18:44:13 -07:00
Mariano Cano
37b521ec6c
Merge branch 'master' into feat/vault 2022-04-11 14:57:45 -07:00
Raal Goff
c8b38c0e13 implemented requested changes 2022-04-06 10:50:09 +08:00
Raal Goff
d417ce3232 implement changes from review 2022-04-06 08:23:53 +08:00
Raal Goff
e8fdb703c9 initial support for CRL 2022-04-06 08:19:45 +08:00
Mariano Cano
abf5fc32a3 Format comment. 2022-03-29 14:26:17 -07:00
Mariano Cano
c480936ba4 Split comments. 2022-03-29 12:02:17 -07:00
Mariano Cano
955d4cf80d Add authority.WithX509SignerFunc
This change adds a new authority option that allows to pass a callback
that returns the certificate chain and signer used to sign X.509
certificates.

This option will be used by Caddy, they renew the intermediate
certificate weekly and there's no other way to replace it without
re-creating the embedded CA.

Fixes #874
2022-03-28 17:54:35 -07:00
Mariano Cano
ae7b41a12c Fix linter errors. 2022-02-16 18:33:33 -08:00
Mariano Cano
c0525381eb Merge branch 'master' into feat/vault 2022-02-16 18:19:23 -08:00
Mariano Cano
d424159200 Fix certificate type identification 2022-02-16 18:09:20 -08:00
Mariano Cano
b3316c4a56 Refactor json Marshal+Unmarshal in one function. 2022-02-16 17:17:32 -08:00