Mariano Cano
e83e47a91e
Use sshutil and randutil from go.step.sm/crypto.
2020-08-10 11:26:51 -07:00
Mariano Cano
fcfc4e9b2b
Fix ssh federated template variables.
2020-06-23 11:14:26 -07:00
Mariano Cano
e3ae751b57
Use templates from authority instead of config.
2020-06-16 17:57:35 -07:00
Mariano Cano
6c844a0618
Load default templates if no templates are configured.
2020-06-16 17:26:18 -07:00
Mariano Cano
c02fe77998
Close the key manager before shutting down.
2020-05-07 18:59:30 -07:00
Mariano Cano
4e544344f9
Initialize the required config fields on embedded authorities.
...
This change is to make easier the use of embedded authorities. It
can be difficult for third parties to know what fields are required.
The new init methods will define the minimum usable configuration.
2020-05-06 13:00:42 -07:00
Mariano Cano
b5eab009b2
Rename method to NewEmbedded
2020-05-05 17:46:22 -07:00
Mariano Cano
824374bde0
Create a method to initialize the authority without a config file.
...
When the CA is embedded in a third party product like Caddy, the
config needed to use placeholders to be valid. This change adds
a new method `NewEmbeddedAuthority` that allows to create an
authority with the given options, the minimum options are a root
and intermediate certificate, and the intermediate key.
Fixes #218
2020-05-04 18:52:18 -07:00
Mariano Cano
c49a9d5e33
Add context parameter to all SSH methods.
2020-03-10 19:01:45 -07:00
Mariano Cano
5c8c741fab
Fix linting issues.
2020-02-14 11:46:31 -08:00
Mariano Cano
9021951f1a
Fix types.
2020-01-14 18:47:05 -08:00
Mariano Cano
e98d7832b9
Add options to read the roots and federated roots from a bundle.
2020-01-10 18:33:48 -08:00
Mariano Cano
c62526b39f
Add wip support for kms.
2020-01-09 18:42:26 -08:00
max furman
1e17ec7d33
Use x5cInsecure token for /ssh/check-host endpoint
2019-12-11 14:54:29 -08:00
max furman
c2a3bcfab5
resolving merge
2019-11-20 17:26:04 -08:00
max furman
927784237d
Use an actual Hosts type when returning ssh hosts
2019-11-20 17:23:51 -08:00
Mariano Cano
2f18a26d4f
Add version endpoint.
2019-11-20 17:01:31 -08:00
max furman
35912cc906
change func def for getSSHHosts
...
* continue to return all hosts if injection method not specified
2019-11-20 12:59:48 -08:00
max furman
c407a9319b
Add getSSHHosts injection func
2019-11-20 11:32:27 -08:00
max furman
8b2105a8f9
Instrument getIdentity func for OIDC ssh provisioner
2019-11-19 13:32:58 -08:00
max furman
6ca1df5081
Add WithGetIdentityFunc option and attr to authority
...
* Add Identity type to provisioner
2019-11-14 20:38:39 -08:00
Mariano Cano
86a0558587
Add support for /ssh/bastion method.
2019-11-14 18:24:58 -08:00
Mariano Cano
43b663e0c3
Move Option type to a new file.
2019-11-14 15:29:04 -08:00
max furman
a9ea292bd4
sshpop provisioner + ssh renew | revoke | rekey first pass
2019-11-05 16:41:42 -08:00
Mariano Cano
e5da24f269
Fix list of user ssh public keys.
2019-11-05 16:41:17 -08:00
Mariano Cano
91ccc3802c
Fix lint error.
2019-11-05 16:41:17 -08:00
Mariano Cano
38d735be6e
Add support for federated keys.
2019-11-05 16:41:17 -08:00
Mariano Cano
e84489775b
Add support for multiple ssh roots.
...
Fixes #125
2019-11-05 16:41:17 -08:00
Mariano Cano
caa2174efc
Add support for user data in templates.
2019-11-05 16:41:17 -08:00
Mariano Cano
7b8bb6deb4
Add initial support for ssh config.
...
Related to smallstep/cli#170
2019-11-05 16:41:17 -08:00
Mariano Cano
dc6ffb7670
Add initial implementation of ssh config.
2019-11-05 16:41:17 -08:00
max furman
fe7973c060
wip
2019-09-19 13:17:45 -07:00
max furman
e3826dd1c3
Add ACME CA capabilities
2019-09-13 15:48:33 -07:00
Mariano Cano
004ea12212
Allow to use custom SSH user/host key files.
2019-08-01 15:04:56 -07:00
Mariano Cano
1c8f610ca9
Add initial implementation of an SSH CA using the JWK provisioner.
...
Fixes smallstep/ca-component#187
2019-07-23 18:46:43 -07:00
Mariano Cano
dbd3131068
Fix comments.
2019-05-10 17:54:18 -07:00
Mariano Cano
fb6a1afd89
Fix typo.
2019-05-10 16:04:30 -07:00
Mariano Cano
3a1a4c5ea9
Do not allow reload with database configuration changes.
...
Fixes #smallstep/ca-component#170
2019-05-10 15:58:37 -07:00
max furman
81db527f12
NoopDB -> SimpleDB
2019-05-07 12:26:30 -07:00
max furman
ab4d569f36
Add /revoke API with interface db backend
2019-04-10 13:50:35 -07:00
Mariano Cano
2fb77b8a4d
Truncate to seconds the startTime to simplify tests.
2019-03-11 18:14:20 -07:00
Mariano Cano
2d00cd0933
Validate audiences in the default provisioner.
2019-03-06 18:32:56 -08:00
Mariano Cano
c776ca3bd6
Use provisioner.Collection to store and request the provisioners.
2019-03-06 15:00:23 -08:00
Mariano Cano
98cc243a37
Add support for multiple roots.
2019-01-07 15:30:28 -08:00
Mariano Cano
722bcb7e7a
Add initial support for federated root certificates.
2019-01-04 17:51:32 -08:00
Mariano Cano
7e95fc0e45
Strip ports on audience check.
...
Services might have proxies behind them so we cannot rely on them.
Fixes #17
2018-12-21 15:27:22 -08:00
Mariano Cano
9b87e08faf
Do not require the port in the audience check.
...
Fixes #17
2018-12-21 14:04:22 -08:00
max furman
0d9dd2d14b
provisioner issuer -> name
2018-10-29 18:00:30 -07:00
Mariano Cano
ea0307239a
Fix dead code and add missing error check.
2018-10-26 15:05:37 -07:00
Mariano Cano
1de8eb4bfa
Fix provisioner package move.
2018-10-25 17:27:40 -07:00