Commit graph

25 commits

Author SHA1 Message Date
Mariano Cano
8a05cdde52 Add audience in the error v2 2019-03-18 10:59:36 -07:00
Mariano Cano
f8fba4df6b Add audience in error. 2019-03-18 10:57:29 -07:00
Mariano Cano
23e6de57a2 Address comments in code review. 2019-03-13 11:26:18 -07:00
Mariano Cano
07cdc1021c Use OIDC nonce as the reuse key. 2019-03-12 15:47:18 -07:00
Mariano Cano
ef4d809ee6 Move matchesAudience and stripPort tests to provisioner package. 2019-03-11 15:47:57 -07:00
Mariano Cano
af9688c419 Fix some testing errors. 2019-03-08 18:05:11 -08:00
Mariano Cano
2d00cd0933 Validate audiences in the default provisioner. 2019-03-06 18:32:56 -08:00
Mariano Cano
57b705f6cf Use provisioner sign options. 2019-03-06 17:37:49 -08:00
Mariano Cano
602a42813c Re-enable replay protection for JWK provisioner. 2019-03-06 17:00:45 -08:00
Mariano Cano
ab1cca03d7 Use new provisioners in authorize methods. 2019-03-06 15:04:28 -08:00
max furman
3415a1fef8 move SplitSANs to cli 2019-02-05 19:32:01 -08:00
max furman
6937bfea7b claims.SANS -> claims.SANs 2019-02-04 20:22:02 -08:00
max furman
93f39c64a0 backwards compat only when SANS empty 2019-02-04 20:02:56 -08:00
max furman
fe8c8614b2 SANS backwards compat when token missing sujbect SAN 2019-02-01 12:18:10 -06:00
max furman
f0683c2e0a Enable signing certificates with custom SANs
* validate against SANs in token. must be 1:1 equivalent.
2019-01-30 18:21:03 -06:00
Mariano Cano
7e95fc0e45 Strip ports on audience check.
Services might have proxies behind them so we cannot rely on them.
Fixes #17
2018-12-21 15:27:22 -08:00
Mariano Cano
d6cad2a7f3 Add provisioner option to disable renewal.
Fixes smallstep/ca-component#108
2018-11-01 15:43:24 -07:00
max furman
0d9dd2d14b provisioner issuer -> name 2018-10-29 18:00:30 -07:00
max furman
a4a461466b withProvisionerOID and unit test 2018-10-25 23:49:23 -07:00
max furman
283dc42904 add unit tests for MatchOne (token audience) and Authority.New 2018-10-25 15:17:22 -07:00
max furman
ee7db4006a change sign + authorize authority api | add provisioners
* authorize returns []interface{}
 - operators in this list can conform to any interface the user decides
 - our implementation has a combination of certificate claim validators
 and certificate template modifiers.
* provisioners can set and enforce tls cert options
2018-10-18 22:26:39 -07:00
Mariano Cano
1c1ac1b3fb Add disableIssuedAt check functionality
Fixes #86
2018-10-24 18:59:48 -07:00
Mariano Cano
69da47a727 Set audience using the sign url. 2018-10-19 18:25:59 -07:00
max furman
0b5f6487e1 change provisioners api
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
2018-10-11 23:03:00 -07:00
max furman
c284a2c0ab first commit 2018-10-05 21:48:36 +00:00