Commit graph

394 commits

Author SHA1 Message Date
Oleksandr Kovalchuk
503c9f6101
Add config option to force CN
Add configuration option `forceCN` to ACME provisioner. When this option
is set to `true`, provisioner should generate Subject.CommonName for
certificate if it was not present in the request. Default value of
`false` should keep the existing behavior (do not modify CSR and
certificate).

Ref: https://github.com/smallstep/certificates/issues/259
2020-05-14 13:20:55 +03:00
Mariano Cano
4e544344f9 Initialize the required config fields on embedded authorities.
This change is to make easier the use of embedded authorities. It
can be difficult for third parties to know what fields are required.
The new init methods will define the minimum usable configuration.
2020-05-06 13:00:42 -07:00
Mariano Cano
b5eab009b2 Rename method to NewEmbedded 2020-05-05 17:46:22 -07:00
Mariano Cano
824374bde0 Create a method to initialize the authority without a config file.
When the CA is embedded in a third party product like Caddy, the
config needed to use placeholders to be valid. This change adds
a new method `NewEmbeddedAuthority` that allows to create an
authority with the given options, the minimum options are a root
and intermediate certificate, and the intermediate key.

Fixes #218
2020-05-04 18:52:18 -07:00
Mariano Cano
4e9bff0986 Add support for OIDC multitoken tenants for azure. 2020-04-24 14:36:32 -07:00
Mariano Cano
8bc3b05232 Add new extra test case. 2020-04-24 10:27:44 -07:00
Mariano Cano
b0ff731d18 Add support for user provisioner certificates on OIDC provisioners.
OIDC provisioners create an SSH certificate with two principals. This
was avoiding the creationg of user provisioner certificates for those
provisioners.

Fixes smallstep/cli#268
2020-04-23 19:42:55 -07:00
Mariano Cano
a2dfa6faa8 Fix unit tests. 2020-04-20 12:29:23 -07:00
Mariano Cano
13507efb35 Remove the requirement for CSR to have a common name.
Fixes #226
2020-04-20 10:43:33 -07:00
Mariano Cano
02ed784a9b Do not enable by default ForwardAgent. 2020-04-15 11:17:24 -07:00
Mariano Cano
bfe1f4952d Rename interface to CertificateEnforcer and add tests. 2020-03-31 11:41:36 -07:00
Mariano Cano
64f26c0f40 Enforce a duration for identity certificates. 2020-03-30 17:33:04 -07:00
Mariano Cano
fa416336a8 Add context to tests. 2020-03-10 19:17:32 -07:00
Mariano Cano
c49a9d5e33 Add context parameter to all SSH methods. 2020-03-10 19:01:45 -07:00
Mariano Cano
f868e07a76 Allow to use custom principals on cloud provisioners.
Fixes #203
2020-03-05 14:33:42 -08:00
Mariano Cano
59fc8cdd2d Fix typo in comments. 2020-02-27 10:48:16 -08:00
Mariano Cano
5c8c741fab Fix linting issues. 2020-02-14 11:46:31 -08:00
Mariano Cano
05cc1437b7 Remove unnecessary parse of certificate. 2020-02-13 17:48:43 -08:00
Mariano Cano
2d4f369db2 Add options to set root and federated certificates using x509.Certificate 2020-02-12 15:36:24 -08:00
Mariano Cano
43bd8113aa Remove unnecessary comments. 2020-02-11 14:46:18 -08:00
Mariano Cano
4eaeede77d Fix unit tests. 2020-02-11 14:05:37 -08:00
Mariano Cano
21bd339b86 Merge branch 'master' into kms 2020-02-11 13:20:35 -08:00
Mariano Cano
7846696fbb Fix return sign options on ssh sign. 2020-01-29 11:58:47 -08:00
max furman
d482ae2fb5 Remove test that is no longer implemented by the method. 2020-01-28 13:29:40 -08:00
max furman
397a181d10 Add backdate validation to sshCertValidityValidator. 2020-01-28 13:29:40 -08:00
max furman
df60fe3f0d Remove all references to old apiError. 2020-01-28 13:29:40 -08:00
max furman
1cb8bb3ae1 Simplify statuscoder error generators. 2020-01-28 13:29:40 -08:00
max furman
dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-28 13:29:40 -08:00
Mariano Cano
895d3054a3 Remove the use of custom x509 package.
Upgrade cli dependency.
2020-01-28 13:29:39 -08:00
Mariano Cano
144acb9ee3 Remove debug statement. 2020-01-28 13:29:39 -08:00
Mariano Cano
06411d1715 Add tests of profileLimitDuration with backdate. 2020-01-28 13:29:39 -08:00
Mariano Cano
8297e5c717 Add tests for backdate and sshDefaultDuration 2020-01-28 13:29:39 -08:00
Mariano Cano
93b65bee7c Add unit test for profileDefaultDuration. 2020-01-28 13:29:39 -08:00
Mariano Cano
74b5d7f984 Add backdate support on ssh rekey. 2020-01-28 13:29:39 -08:00
Mariano Cano
84ff172093 Add support for backdate to SSH certificates. 2020-01-28 13:29:39 -08:00
Mariano Cano
5565d61bf3 Add fault tolerance against clock skew accross system on TLS certificates. 2020-01-28 13:29:39 -08:00
max furman
b9f6aacb0f Move api errors to their own package and modify the typedef 2020-01-28 13:29:39 -08:00
Mariano Cano
f033422ffa Allow no provisioners. 2020-01-28 13:29:39 -08:00
Mariano Cano
f4615d6258 Addapt test to api change. 2020-01-28 13:29:39 -08:00
max furman
3ac388612a Use x5cInsecure token for /ssh/check-host endpoint 2020-01-28 13:29:39 -08:00
Mariano Cano
08eac1b00d Make sure to define the KeyID from the token if available. 2020-01-28 13:29:39 -08:00
Mariano Cano
de3ba58455 Store renew certificate in the database. 2020-01-28 13:29:39 -08:00
Mariano Cano
caa2b8dbb7 Add leeway in identity not before. 2020-01-28 13:29:39 -08:00
max furman
9caadbb341 Fix authority calling wrong revoke method 2020-01-28 13:29:39 -08:00
Mariano Cano
f26103d150 Make test compilable. 2020-01-28 13:29:39 -08:00
Mariano Cano
557a45abfa Update template tests. 2020-01-28 13:29:39 -08:00
max furman
656f35e522 Use an actual Hosts type when returning ssh hosts 2020-01-28 13:29:39 -08:00
Mariano Cano
03bb26fb91 Add missing version.go file. 2020-01-28 13:28:17 -08:00
Mariano Cano
c60641701b Add version endpoint. 2020-01-28 13:28:16 -08:00
max furman
f92bb06b6c change func def for getSSHHosts
* continue to return all hosts if injection method not specified
2020-01-28 13:28:16 -08:00