Commit graph

1433 commits

Author SHA1 Message Date
Mariano Cano
28ff122f83 Add certificate requests in the templates. 2020-07-21 14:18:05 -07:00
Mariano Cano
ca2fb42d68 Move options to the provisioner. 2020-07-21 14:18:05 -07:00
Mariano Cano
206bc6757a Add initial support for templates in the OIDC provisioner. 2020-07-21 14:18:05 -07:00
Mariano Cano
534a6b6c4c Add default templates for intermediate a root certificates. 2020-07-21 14:18:04 -07:00
Mariano Cano
0847af16cb Fix setter of basic constraints. 2020-07-21 14:18:04 -07:00
Mariano Cano
068bafe5a3 Add templateData to api sign request. 2020-07-21 14:18:04 -07:00
Mariano Cano
95c3a41bf0 Rename UserData to TemplateData and fix unmarshaling. 2020-07-21 14:18:04 -07:00
Mariano Cano
9f3acc254b Set the token payload in the JWK provisioner. 2020-07-21 14:18:04 -07:00
Mariano Cano
5a04e3b36d Add methods to add data to the template data. 2020-07-21 14:18:04 -07:00
Mariano Cano
ef0ed0ff95 Integrate simple templates in the JWK provisioner. 2020-07-21 14:18:04 -07:00
Mariano Cano
d1d9ae42d6 Use certificates x509util instead of cli for certificate signing. 2020-07-21 14:18:04 -07:00
Mariano Cano
9032018cf2 Convert x509util.WithOptions to new modifiers. 2020-07-21 14:18:04 -07:00
Mariano Cano
dcb962bdde Add TemplateData alias and some comments. 2020-07-21 14:18:04 -07:00
Mariano Cano
3ba1fbd881 Use local SplitSANs. 2020-07-21 14:18:04 -07:00
Mariano Cano
6eba0e0e0e Simplify default template. 2020-07-21 14:18:04 -07:00
Mariano Cano
abc0a63e32 Add wrapper around x509.CreateCertificate.
This wrapper generates some data if needed and cleans key usages
in templates.
2020-07-21 14:18:04 -07:00
Mariano Cano
3766702de9 Remove empty file. 2020-07-21 14:18:04 -07:00
Mariano Cano
208c351a39 Add sample leaf template. 2020-07-21 14:18:04 -07:00
Mariano Cano
70c0af8200 Use different options to load a template from a string or file. 2020-07-21 14:18:04 -07:00
Mariano Cano
738304bc6f Add support for SubjectalternativeName type.
Move code around and some fixes.
2020-07-21 14:18:04 -07:00
Mariano Cano
2556b57906 Add types for certificate flexibility.
This is a first implementation, not the final one.
2020-07-21 14:18:04 -07:00
Carl Tashian
c1e6c0285a
Merge pull request #325 from smallstep/readme-updates
README updates, round 2
2020-07-20 18:56:37 -05:00
Carl Tashian
912e298043 Whitelist -> Allowlist per https://tools.ietf.org/id/draft-knodel-terminology-01.html 2020-07-20 15:42:47 -07:00
Carl Tashian
ed89367fca Round 2 of README updates 2020-07-20 14:10:36 -07:00
Mariano Cano
51b9867c51
Merge pull request #318 from nop33/getting-started-docs-fixes
Getting Started docs fixes
2020-07-15 13:02:47 -07:00
Ilias Trichopoulos
7d5552f53e Fix service logs path 2020-07-14 08:48:43 +02:00
Ilias Trichopoulos
6d8b4a1b9a Fix service name 2020-07-14 08:48:18 +02:00
Ilias Trichopoulos
730639d2a3 Fix service user name
In `ExecStart` the user used us `smallstep` so the same user should be defined in `useradd`.
2020-07-14 08:48:18 +02:00
Carl Tashian
8875097931
Merge pull request #310 from smallstep/fix-docker-build
Fix Docker example build on Linux
2020-07-13 12:23:03 -05:00
Carl Tashian
15bbd1cf20 Remove libpcsclite-dev requirement 2020-07-13 09:29:35 -07:00
Carl Tashian
d0b9538bc5 WIP readme changes 2020-07-13 09:28:46 -07:00
Carl Tashian
8b0da33e27
Merge pull request #313 from smallstep/readme-update
First stab at a README update 😱
2020-07-13 09:45:21 -05:00
Max
fa8a808fc8
Merge pull request #314 from smallstep/max/rekey
A few last fixes and tests added for rekey/renew ...
2020-07-09 12:19:01 -07:00
max furman
fd05f3249b A few last fixes and tests added for rekey/renew ...
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
2020-07-09 12:11:40 -07:00
Max
ea9bc493b8
Merge pull request #307 from dharanikumar-s/master
Add support for rekeying Fixes #292
2020-07-09 11:39:00 -07:00
Carl Tashian
4150ded4c1 First stab at a README update 😱 2020-07-08 18:42:43 -07:00
max furman
b5699892ad Add github response to frequenty asked questions doc
- security risks of exposing the OAuth Client Secret in the output of
  `step ca provisioner list`
2020-07-08 15:18:30 -07:00
dharanikumar-s
57fb0c80cf Removed calculating SubjectKeyIdentifier on Rekey 2020-07-08 12:52:53 +05:30
dharanikumar-s
dfda497929 Renamed RenewOrRekey to Rekey 2020-07-08 11:47:59 +05:30
Carl Tashian
4bde83a262 Fixes #295 2020-07-07 13:09:15 -07:00
dharanikumar-s
fe73154a20 Corrected misspelling 2020-07-05 22:50:02 +05:30
dharanikumar-s
a3b5211e0f gofmted the code 2020-07-05 22:40:36 +05:30
dharanikumar-s
0c21f0ae9e Added error check after GenerateDefaultKeyPair 2020-07-05 22:38:45 +05:30
dharanikumar-s
2479371c06 Added error check while marshalling public key 2020-07-05 22:37:29 +05:30
dharanikumar-s
b368a53149 Modified TestAuthority_Renew to TestAuthority_RenewOrRekey 2020-07-05 22:17:57 +05:30
dharanikumar-s
c8c3581e2f SubjectKeyIdentifier extention is calculated from public key passed to this function instead of copying from old certificate 2020-07-05 22:15:01 +05:30
dharanikumar-s
954fda657b Added renewOrRekey to mockAuthority. Added Test_caHandler_Rekey 2020-07-05 22:05:00 +05:30
dharanikumar-s
01a6469d25 Moved peer certificate check to the first line 2020-07-03 16:00:22 +05:30
dharanikumar-s
8f504483ce Added RenewOrRekey function based on @maraino suggestion. RenewOrReky is called from Renew. 2020-07-03 15:58:15 +05:30
Mariano Cano
6736ddee69 Use smallstep/cli v0.14.6 2020-07-02 13:55:00 -07:00