Commit graph

1005 commits

Author SHA1 Message Date
Mariano Cano
c250c6ad91 Add unit tests for softkms. 2020-01-15 17:30:17 -08:00
Mariano Cano
a773977a81 Fix interface change. 2020-01-15 17:29:34 -08:00
Mariano Cano
927a3b3a86 Return crypto.PublicKey on kms.GetPublicKey. 2020-01-15 17:27:21 -08:00
Mariano Cano
ec2046bba8 Add grpc dependency. 2020-01-14 18:51:05 -08:00
Mariano Cano
9021951f1a Fix types. 2020-01-14 18:47:05 -08:00
Mariano Cano
a9c2db8f98 Add close method and fix types in softkms. 2020-01-14 18:46:18 -08:00
Mariano Cano
a3128a26bb Add Close method to the key manager interface. 2020-01-14 18:46:01 -08:00
Mariano Cano
e60beeb7fc Make cloudkms more robust.
* Automatically create key rings if needed.
* User CryptoKeyVersions if needed.
* Add support to close the client.
* Add new pareters to CreateKey responses to make things easier.
2020-01-14 18:43:39 -08:00
Mariano Cano
3f8de17a40 Cleanup types and add initial support for the options required for PKCS11. 2020-01-14 18:42:14 -08:00
Mariano Cano
9641ab33b8 Use crypto.Signer instead of ssh.Signer in SSH options. 2020-01-14 18:38:29 -08:00
Mariano Cano
e98d7832b9 Add options to read the roots and federated roots from a bundle. 2020-01-10 18:33:48 -08:00
Mariano Cano
44eccc6bd8 Merge branch 'ssh' into kms 2020-01-10 17:49:52 -08:00
Mariano Cano
3ce267cdd6 Upgrade smallste/cli 2020-01-10 17:21:47 -08:00
Mariano Cano
ab1807d6a0 Use release v1.19.1 of golangci-lint
See https://github.com/golangci/golangci-lint/issues/885
2020-01-10 17:19:56 -08:00
Mariano Cano
3cbf30b555 Upgrade golangci-lint to v1.22.2 2020-01-10 11:19:28 -08:00
Mariano Cano
085ae82163 Remove the use of custom x509 package.
Upgrade cli dependency.
2020-01-10 10:58:49 -08:00
Mariano Cano
995375013d Update dependencies for kms support. 2020-01-09 18:43:35 -08:00
Mariano Cano
c62526b39f Add wip support for kms. 2020-01-09 18:42:26 -08:00
Mariano Cano
d13754166a Add support for cloudkms and softkms. 2020-01-09 18:41:13 -08:00
Mariano Cano
8a10c5032f
Merge pull request #150 from smallstep/backdate
Add backdate support to the x509 and SSH certificates.
2020-01-08 12:52:31 -08:00
Mariano Cano
77af30bfa3 Remove debug statement. 2020-01-08 11:46:33 -08:00
Mariano Cano
f46dc03111 Add tests of profileLimitDuration with backdate. 2020-01-06 14:34:59 -08:00
Mariano Cano
165a91858e Add tests for backdate and sshDefaultDuration 2020-01-06 14:21:13 -08:00
Mariano Cano
7e33aeb8d3 Add unit test for profileDefaultDuration. 2020-01-06 12:19:00 -08:00
Mariano Cano
f06db4099e Add backdate support on ssh rekey. 2020-01-03 18:30:17 -08:00
Mariano Cano
935d0d4542 Add support for backdate to SSH certificates. 2020-01-03 18:22:52 -08:00
Mariano Cano
64e0a2ca6f Disable backdata on ca tests. 2020-01-03 18:16:45 -08:00
Mariano Cano
76c14560b0 Use errs package for HTTP errors. 2020-01-03 17:41:16 -08:00
Mariano Cano
50717b3ffa Update assert package. 2020-01-03 13:27:45 -08:00
Mariano Cano
e67ccd9e3d Add fault tolerance against clock skew accross system on TLS certificates. 2020-01-02 17:48:28 -08:00
max furman
967e86a48b Simplify trimming *. prefix of domain in acme dns validation. 2019-12-20 13:32:44 -08:00
Max
37d33968f1
Merge pull request #146 from anxolerd/normalize-wildcard
Perform domain normalization for wildcard domains
2019-12-20 13:29:24 -08:00
Oleksandr Kovalchuk
ec8ff0bced
Add testcase which ensures we pass correct domain to lookupTxt
Make sure we do not pass domains with asterisk (wildcard) in the middle,
like _acme-challenge.*.example.com to lookupTxt function, but preprocess
domain and remove leading wildcard so we lookup for
_acme-challenge.example.com.
2019-12-20 22:54:41 +02:00
Oleksandr Kovalchuk
46832bb9b3
Remove superflurous Printf statement
The statement was used for debug purposes and should not be included in
the final build
2019-12-20 22:22:12 +02:00
Oleksandr Kovalchuk
a995cca418
Perform domain normalization for wildcard domains
Perform domain normalization for wildcard domains, so we do query
TXT records for _acme-challenge.example.domain instead of
_acme-challenge.*.example.domain when performing DNS-01 challenge. In
this way the behavior is consistent with letsencrypt and records queried
are in sync with the ones that are shown in certbot manual mode.
2019-12-20 19:17:53 +02:00
Mariano Cano
1fa35491ea Update cli dependency. 2019-12-18 14:44:59 -08:00
Mariano Cano
eeabf5ba4c Fix tests. 2019-12-18 14:44:08 -08:00
Mariano Cano
a6deea7d8d Renew identity certificate in /ssh/rekey and /ssh/renew 2019-12-18 14:43:38 -08:00
Mariano Cano
0b5d37b284 Add method to just write the identity certificate. 2019-12-18 14:39:01 -08:00
Mariano Cano
839fe6b952 Add method to renew the identity. 2019-12-18 12:46:46 -08:00
max furman
aa58940582 Should be returning nil from applyIdentity if cert expired. 2019-12-17 15:53:37 -08:00
max furman
6200aeaad0 cli dep update 2019-12-17 14:39:08 -08:00
Max
bd6eca6342
Merge pull request #145 from smallstep/err 2019-12-17 14:33:48 -08:00
max furman
e5a8629a21 updating dependencies 2019-12-17 14:31:22 -08:00
max furman
cb78a087d5 Update cli dep 2019-12-17 14:30:18 -08:00
max furman
f9ef5070f9 Move api errors to their own package and modify the typedef 2019-12-17 14:26:02 -08:00
Mariano Cano
6d6f496331 Allow no provisioners. 2019-12-16 11:22:24 -08:00
Mariano Cano
ba11f6acb7 Update dependencies. 2019-12-13 13:59:11 -08:00
Mariano Cano
d210082113 Use new version of nosql. 2019-12-13 13:56:56 -08:00
Mariano Cano
7ecb831e07 Add wrappers to identity methods in the ca package. 2019-12-12 13:16:17 -08:00