Commit graph

1299 commits

Author SHA1 Message Date
Mariano Cano
a7fe0104c4 Remove ACME restrictions and add proper template support. 2020-07-21 14:18:06 -07:00
Mariano Cano
6a09f11357 Use only the common name in iid subject.. 2020-07-21 14:18:06 -07:00
Mariano Cano
8236765e9c Use only key part to generate the SubjectKeyId.
This change generates the certificate subject key identifier using
the recommended method in the RFC 5280 section 4.2.1.2.
2020-07-21 14:18:06 -07:00
Mariano Cano
cf2989a848 Add token and subject to K8sSA provisioner to be used in custom
templates.
2020-07-21 14:18:06 -07:00
Mariano Cano
71be83b25e Add iss#sub uri in OIDC certificates.
Admin will use the CR template if none is provided.
2020-07-21 14:18:06 -07:00
Mariano Cano
9bd576af2c Fix build of SANs. 2020-07-21 14:18:06 -07:00
Mariano Cano
c58117b30d Allow to use base64 when defining a template in the ca.json. 2020-07-21 14:18:06 -07:00
Mariano Cano
b2ca3176f5 Prepend insecure to user and CR variables names. 2020-07-21 14:18:06 -07:00
Mariano Cano
69902b0153 For iid provisioners use only the csr name if custom sans is disabled.
The provisioner will validate the common name om a list of options.
2020-07-21 14:18:06 -07:00
Mariano Cano
b11486f41f Fix option method for template variable. 2020-07-21 14:18:06 -07:00
Mariano Cano
04f5053a7a Add template support for x5c. 2020-07-21 14:18:06 -07:00
Mariano Cano
eb8886d828 Add CR subject as iid default subject.
Add a minimal subject with just a common name to iid provisioners
in case we want to use it.
2020-07-21 14:18:06 -07:00
Mariano Cano
e60ea419cc Add template support for gcp provisioner. 2020-07-21 14:18:06 -07:00
Mariano Cano
32646c49bf Add templates support to Azure provisioner. 2020-07-21 14:18:06 -07:00
Mariano Cano
a44f0ca866 Add token payload. 2020-07-21 14:18:06 -07:00
Mariano Cano
00fd41a3d0 Add template support to K8sSA provisioners. 2020-07-21 14:18:06 -07:00
Mariano Cano
13b704aeed Add template support for AWS provisioner. 2020-07-21 14:18:05 -07:00
Mariano Cano
49b9aa6e3f Fix log string. 2020-07-21 14:18:05 -07:00
Mariano Cano
4795e371bd Add back the support for ca.json DN template. 2020-07-21 14:18:05 -07:00
Mariano Cano
e6fed5e0aa Minor fixes and comments. 2020-07-21 14:18:05 -07:00
Mariano Cano
81cd288104 Enable templates in acme provisioners. 2020-07-21 14:18:05 -07:00
Mariano Cano
e11160ebf1 Fix missing parenthesis. 2020-07-21 14:18:05 -07:00
Mariano Cano
a7e2ebb7d2 Fix creation of certificate without templates. 2020-07-21 14:18:05 -07:00
Mariano Cano
3c84453cf4 Move CreateTemplateData. 2020-07-21 14:18:05 -07:00
Mariano Cano
28ff122f83 Add certificate requests in the templates. 2020-07-21 14:18:05 -07:00
Mariano Cano
ca2fb42d68 Move options to the provisioner. 2020-07-21 14:18:05 -07:00
Mariano Cano
206bc6757a Add initial support for templates in the OIDC provisioner. 2020-07-21 14:18:05 -07:00
Mariano Cano
534a6b6c4c Add default templates for intermediate a root certificates. 2020-07-21 14:18:04 -07:00
Mariano Cano
0847af16cb Fix setter of basic constraints. 2020-07-21 14:18:04 -07:00
Mariano Cano
068bafe5a3 Add templateData to api sign request. 2020-07-21 14:18:04 -07:00
Mariano Cano
95c3a41bf0 Rename UserData to TemplateData and fix unmarshaling. 2020-07-21 14:18:04 -07:00
Mariano Cano
9f3acc254b Set the token payload in the JWK provisioner. 2020-07-21 14:18:04 -07:00
Mariano Cano
5a04e3b36d Add methods to add data to the template data. 2020-07-21 14:18:04 -07:00
Mariano Cano
ef0ed0ff95 Integrate simple templates in the JWK provisioner. 2020-07-21 14:18:04 -07:00
Mariano Cano
d1d9ae42d6 Use certificates x509util instead of cli for certificate signing. 2020-07-21 14:18:04 -07:00
Mariano Cano
9032018cf2 Convert x509util.WithOptions to new modifiers. 2020-07-21 14:18:04 -07:00
Mariano Cano
dcb962bdde Add TemplateData alias and some comments. 2020-07-21 14:18:04 -07:00
Mariano Cano
3ba1fbd881 Use local SplitSANs. 2020-07-21 14:18:04 -07:00
Mariano Cano
6eba0e0e0e Simplify default template. 2020-07-21 14:18:04 -07:00
Mariano Cano
abc0a63e32 Add wrapper around x509.CreateCertificate.
This wrapper generates some data if needed and cleans key usages
in templates.
2020-07-21 14:18:04 -07:00
Mariano Cano
3766702de9 Remove empty file. 2020-07-21 14:18:04 -07:00
Mariano Cano
208c351a39 Add sample leaf template. 2020-07-21 14:18:04 -07:00
Mariano Cano
70c0af8200 Use different options to load a template from a string or file. 2020-07-21 14:18:04 -07:00
Mariano Cano
738304bc6f Add support for SubjectalternativeName type.
Move code around and some fixes.
2020-07-21 14:18:04 -07:00
Mariano Cano
2556b57906 Add types for certificate flexibility.
This is a first implementation, not the final one.
2020-07-21 14:18:04 -07:00
Carl Tashian
c1e6c0285a
Merge pull request #325 from smallstep/readme-updates
README updates, round 2
2020-07-20 18:56:37 -05:00
Carl Tashian
912e298043 Whitelist -> Allowlist per https://tools.ietf.org/id/draft-knodel-terminology-01.html 2020-07-20 15:42:47 -07:00
Carl Tashian
ed89367fca Round 2 of README updates 2020-07-20 14:10:36 -07:00
Mariano Cano
51b9867c51
Merge pull request #318 from nop33/getting-started-docs-fixes
Getting Started docs fixes
2020-07-15 13:02:47 -07:00
Ilias Trichopoulos
7d5552f53e Fix service logs path 2020-07-14 08:48:43 +02:00