Herman Slatman
479eda7339
Improve error message when client renews with expired certificate
...
When a client provides an expired certificate and `AllowAfterExpiry`
is not enabled, the client would get a rather generic error with
instructions to view the CA logs. Viewing the CA logs can be done
when running `step-ca`, but they can't be accessed easily in the
hosted solution.
This commit returns a slightly more informational message to the
client in this specific situation.
2022-05-19 01:25:30 +02:00
Herman Slatman
14524d7916
Merge pull request #938 from smallstep/herman/update-crypto-0.16.2
...
Update go.step.sm/crypto to v0.16.2
2022-05-18 09:15:18 +02:00
Herman Slatman
d1ab1d5431
Merge branch 'master' into herman/update-crypto-0.16.2
2022-05-18 09:11:38 +02:00
Herman Slatman
984e4fcff8
Merge pull request #932 from smallstep/herman/pkcs7-patches
...
Use github.com/smallstep/pkcs7 fork with (selected) patches applied
2022-05-18 09:10:48 +02:00
Herman Slatman
b75ce3acbd
Update to go.step.sm/crypto v0.16.2
...
This patch release of go.step.sm/crypto fixes an issue with
not all `Subject` names being available for usage in a template
as `ExtraNames`.
2022-05-17 23:39:01 +02:00
Herman Slatman
ea084d71fb
Merge pull request #933 from smallstep/herman/allow-deny
...
Fix check for admin not belonging to provisioner that policy applies to
2022-05-12 16:42:26 +02:00
Herman Slatman
c695b23e24
Fix check for admin not belonging to policy
2022-05-12 16:33:32 +02:00
Mariano Cano
d0c0733691
Merge pull request #924 from vijayjt/vijayt/helmchart-kms
...
Allow KMS type to be specified in the helm chart values YAML
2022-05-11 14:14:25 -07:00
Herman Slatman
7030dbb7a1
Use github.com/smallstep/pkcs7 fork with patches applied
2022-05-11 21:18:47 +02:00
Herman Slatman
d51913f62a
Merge pull request #917 from smallstep/herman/scep-get
...
Add SCEP GET requests
2022-05-11 15:32:45 +02:00
Herman Slatman
688ae837a4
Add some tests for SCEP request decoding
2022-05-07 00:26:18 +02:00
Herman Slatman
c9a89d13ee
Merge branch 'master' into herman/scep-get
2022-05-06 23:49:53 +02:00
Herman Slatman
65090daac3
Merge pull request #788 from smallstep/herman/allow-deny
...
Add allow/deny policy for x509 SANs and SSH Principals
2022-05-06 19:11:34 +02:00
Herman Slatman
cc26a0b394
Explicitly disable wildcard Common Name constraint
2022-05-06 13:58:48 +02:00
Herman Slatman
0f4ffa504a
Fix linting issues
2022-05-06 13:23:09 +02:00
Herman Slatman
7104299119
Add full policy validation in API
2022-05-06 13:12:13 +02:00
Herman Slatman
ed231d29e2
Update to go.step.sm/linkedca@v0.16.1
2022-05-05 15:57:47 +02:00
Herman Slatman
105211392c
Don't rely on linkedca model stability in API response bodies
2022-05-05 14:10:52 +02:00
Herman Slatman
5e9bce508d
Unexport GetPolicy()
2022-05-05 12:32:53 +02:00
Herman Slatman
f0272dc717
Fix import replacement of linkedca
2022-05-05 11:10:21 +02:00
Herman Slatman
60d8b22d89
Change context retrievers to MustTFromContext
2022-05-05 11:05:57 +02:00
vijayjt
02c0ae81ac
Allow KMS type to be specified in the helm chart template if specified on the command line.
2022-05-05 00:10:59 +01:00
Herman Slatman
723c4c14c0
Merge branch 'master' into herman/allow-deny
2022-05-02 16:29:00 +02:00
Herman Slatman
77893ea55c
Change authority policy to use dbPolicy model
2022-05-02 15:55:26 +02:00
Herman Slatman
13173ec8a2
Fix SCEP GET requests
2022-05-01 22:29:17 +02:00
Herman Slatman
d82e51b748
Update AllowWildcardNames configuration name
2022-04-29 15:08:19 +02:00
Herman Slatman
2b7f6931f3
Change Subject Common Name verification
...
Subject Common Names can now also be configured to be allowed or
denied, similar to SANs. When a Subject Common Name is not explicitly
allowed or denied, its type will be determined and its value will be
validated according to the constraints for that type of name (i.e. URI).
2022-04-28 14:49:23 +02:00
max furman
88a1bf17cf
Update to pull request template
2022-04-27 11:40:43 -07:00
Carl Tashian
c82296b7cd
Merge pull request #910 from jschlyter/docker_hsm
...
Dockerfile for HSM-enabled Step CA
2022-04-27 09:37:43 -07:00
Herman Slatman
74a6e59b1f
Add tests for ProtoJSON and bad proto messages
2022-04-26 14:56:42 +02:00
Herman Slatman
bddd08d4b0
Remove "proto:" prefix from bad proto JSON messages
2022-04-26 14:01:16 +02:00
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container
2022-04-26 13:12:16 +02:00
Herman Slatman
2a7620641f
Fix more PR comments
2022-04-26 10:15:17 +02:00
Herman Slatman
76112c2da1
Improve error creation and testing for core policy engine
2022-04-26 01:47:07 +02:00
Jakob Schlyter
c1425422dd
include support for GCP and AWS KMS by default
2022-04-25 14:25:31 +02:00
Jakob Schlyter
df8eca2c19
space
2022-04-25 14:14:23 +02:00
Herman Slatman
20f5d12b99
Improve test rigour for reloadPolicyEngines
2022-04-25 11:02:03 +02:00
Herman Slatman
6264e8495c
Improve policy error handling code coverage
2022-04-24 16:29:31 +02:00
Herman Slatman
3fa96ebf13
Improve policy errors returned to client
2022-04-24 13:11:32 +02:00
Jakob Schlyter
66ba6048a4
start pcscd if installed
2022-04-24 11:08:51 +02:00
Jakob Schlyter
6ee48ca631
add pcsc-lite
2022-04-24 10:59:26 +02:00
Jakob Schlyter
221ced5c51
add Dockerfile for building with HSM support
2022-04-23 10:49:33 +02:00
Herman Slatman
a3c51881c7
Merge branch 'master' into herman/allow-deny
2022-04-22 15:52:36 +02:00
Herman Slatman
c40a4d2694
Contain policy engines inside provisioner Controller
2022-04-22 01:20:38 +02:00
Herman Slatman
ef110a94df
Change pointer booleans to regular boolean configuration
2022-04-21 23:45:05 +02:00
Herman Slatman
e9f5a1eb98
Improve policy bad request handling
2022-04-21 17:16:02 +02:00
Herman Slatman
b72430f4ea
Block all APIs when using linked deployment mode
2022-04-21 16:18:55 +02:00
Herman Slatman
fb81407d6f
Fix ACME policy comments
2022-04-21 13:21:06 +02:00
Herman Slatman
a2cfbe3d54
Fix (part of) PR comments
2022-04-21 12:14:03 +02:00
Carl Tashian
3424442c50
Merge pull request #906 from smallstep/install-step-ra-arm5
...
We now have an armv5 step-ca build; remove guard clause from RA installer
2022-04-20 10:32:24 -07:00