mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
2863 commits 33 branches 197 tags 41 MiB
Commit graph

147 commits

Author SHA1 Message Date
Mariano Cano
824374bde0 Create a method to initialize the authority without a config file. 
When the CA is embedded in a third party product like Caddy, the
config needed to use placeholders to be valid. This change adds
a new method `NewEmbeddedAuthority` that allows to create an
authority with the given options, the minimum options are a root
and intermediate certificate, and the intermediate key.

Fixes #218
 2020-05-04 18:52:18 -07:00
Mariano Cano
c49a9d5e33 Add context parameter to all SSH methods. 2020-03-10 19:01:45 -07:00
Mariano Cano
5c8c741fab Fix linting issues. 2020-02-14 11:46:31 -08:00
Mariano Cano
9021951f1a Fix types. 2020-01-14 18:47:05 -08:00
Mariano Cano
e98d7832b9 Add options to read the roots and federated roots from a bundle. 2020-01-10 18:33:48 -08:00
Mariano Cano
c62526b39f Add wip support for kms. 2020-01-09 18:42:26 -08:00
max furman
1e17ec7d33 Use x5cInsecure token for /ssh/check-host endpoint 2019-12-11 14:54:29 -08:00
max furman
c2a3bcfab5 resolving merge 2019-11-20 17:26:04 -08:00
max furman
927784237d Use an actual Hosts type when returning ssh hosts 2019-11-20 17:23:51 -08:00
Mariano Cano
2f18a26d4f Add version endpoint. 2019-11-20 17:01:31 -08:00
max furman
35912cc906 change func def for getSSHHosts 
* continue to return all hosts if injection method not specified
 2019-11-20 12:59:48 -08:00
max furman
c407a9319b Add getSSHHosts injection func 2019-11-20 11:32:27 -08:00
max furman
8b2105a8f9 Instrument getIdentity func for OIDC ssh provisioner 2019-11-19 13:32:58 -08:00
max furman
6ca1df5081 Add WithGetIdentityFunc option and attr to authority 
* Add Identity type to provisioner
 2019-11-14 20:38:39 -08:00
Mariano Cano
86a0558587 Add support for /ssh/bastion method. 2019-11-14 18:24:58 -08:00
Mariano Cano
43b663e0c3 Move Option type to a new file. 2019-11-14 15:29:04 -08:00
max furman
a9ea292bd4 sshpop provisioner + ssh renew | revoke | rekey first pass 2019-11-05 16:41:42 -08:00
Mariano Cano
e5da24f269 Fix list of user ssh public keys. 2019-11-05 16:41:17 -08:00
Mariano Cano
91ccc3802c Fix lint error. 2019-11-05 16:41:17 -08:00
Mariano Cano
38d735be6e Add support for federated keys. 2019-11-05 16:41:17 -08:00
Mariano Cano
e84489775b Add support for multiple ssh roots. 
Fixes #125
 2019-11-05 16:41:17 -08:00
Mariano Cano
caa2174efc Add support for user data in templates. 2019-11-05 16:41:17 -08:00
Mariano Cano
7b8bb6deb4 Add initial support for ssh config. 
Related to smallstep/cli#170
 2019-11-05 16:41:17 -08:00
Mariano Cano
dc6ffb7670 Add initial implementation of ssh config. 2019-11-05 16:41:17 -08:00
max furman
fe7973c060 wip 2019-09-19 13:17:45 -07:00
max furman
e3826dd1c3 Add ACME CA capabilities 2019-09-13 15:48:33 -07:00
Mariano Cano
004ea12212 Allow to use custom SSH user/host key files. 2019-08-01 15:04:56 -07:00
Mariano Cano
1c8f610ca9 Add initial implementation of an SSH CA using the JWK provisioner. 
Fixes smallstep/ca-component#187
 2019-07-23 18:46:43 -07:00
Mariano Cano
dbd3131068 Fix comments. 2019-05-10 17:54:18 -07:00
Mariano Cano
fb6a1afd89 Fix typo. 2019-05-10 16:04:30 -07:00
Mariano Cano
3a1a4c5ea9 Do not allow reload with database configuration changes. 
Fixes #smallstep/ca-component#170
 2019-05-10 15:58:37 -07:00
max furman
81db527f12 NoopDB -> SimpleDB 2019-05-07 12:26:30 -07:00
max furman
ab4d569f36 Add /revoke API with interface db backend 2019-04-10 13:50:35 -07:00
Mariano Cano
2fb77b8a4d Truncate to seconds the startTime to simplify tests. 2019-03-11 18:14:20 -07:00
Mariano Cano
2d00cd0933 Validate audiences in the default provisioner. 2019-03-06 18:32:56 -08:00
Mariano Cano
c776ca3bd6 Use provisioner.Collection to store and request the provisioners. 2019-03-06 15:00:23 -08:00
Mariano Cano
98cc243a37 Add support for multiple roots. 2019-01-07 15:30:28 -08:00
Mariano Cano
722bcb7e7a Add initial support for federated root certificates. 2019-01-04 17:51:32 -08:00
Mariano Cano
7e95fc0e45 Strip ports on audience check. 
Services might have proxies behind them so we cannot rely on them.
Fixes #17
 2018-12-21 15:27:22 -08:00
Mariano Cano
9b87e08faf Do not require the port in the audience check. 
Fixes #17
 2018-12-21 14:04:22 -08:00
max furman
0d9dd2d14b provisioner issuer -> name 2018-10-29 18:00:30 -07:00
Mariano Cano
ea0307239a Fix dead code and add missing error check. 2018-10-26 15:05:37 -07:00
Mariano Cano
1de8eb4bfa Fix provisioner package move. 2018-10-25 17:27:40 -07:00
Mariano Cano
1db177b80d Add backend support for provisioners with cursors. 
Fixes #83
 2018-10-25 15:40:12 -07:00
Mariano Cano
69da47a727 Set audience using the sign url. 2018-10-19 18:25:59 -07:00
max furman
d773770a44 add authority.New unit tests 2018-10-08 21:48:44 -07:00
max furman
c284a2c0ab first commit 2018-10-05 21:48:36 +00:00