Mariano Cano
|
b401376829
|
Add current provisioner to AuthorizeSign SignOptions.
The original provisioner cannot be retrieved from a certificate
if a linked ra is used.
|
2022-03-21 19:21:40 -07:00 |
|
Mariano Cano
|
616490a9c6
|
Refactor renew after expiry token authorization
This changes adds a new authority method that authorizes the
renew after expiry tokens.
|
2022-03-10 20:21:01 -08:00 |
|
Mariano Cano
|
259e95947c
|
Add support for the provisioner controller
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
|
2022-03-09 18:43:45 -08:00 |
|
Mariano Cano
|
668d3ea6c7
|
Modify errs.Wrap() with bad request to send messages to users.
|
2021-11-18 18:44:58 -08:00 |
|
max furman
|
9fdef64709
|
Admin level API for provisioner mgmt v1
|
2021-07-02 19:05:17 -07:00 |
|
max furman
|
638766c615
|
wip
|
2021-05-19 18:23:20 -07:00 |
|
max furman
|
5d09d04d14
|
wip
|
2021-05-19 15:20:16 -07:00 |
|
Mariano Cano
|
ba918100d0
|
Use go.step.sm/crypto/jose
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
|
2020-08-24 14:44:11 -07:00 |
|
Mariano Cano
|
e83e47a91e
|
Use sshutil and randutil from go.step.sm/crypto.
|
2020-08-10 11:26:51 -07:00 |
|
Mariano Cano
|
f437b86a7b
|
Merge branch 'cert-templates' into ssh-cert-templates
|
2020-08-05 18:43:07 -07:00 |
|
Mariano Cano
|
c8d225a763
|
Use x509util from go.step.sm/crypto/x509util
|
2020-08-05 16:02:46 -07:00 |
|
Mariano Cano
|
aa657cdb4b
|
Use SSHOptions inside provisioner options.
|
2020-07-30 18:44:52 -07:00 |
|
Mariano Cano
|
8ff8d90f8c
|
On JWK and X5C validate the key id on the request.
|
2020-07-30 17:45:03 -07:00 |
|
Mariano Cano
|
380a0d6daf
|
Add ssh certificate templates to JWK provisioner.
|
2020-07-30 17:45:03 -07:00 |
|
Mariano Cano
|
6c64fb3ed2
|
Rename provisioner options structs:
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
|
2020-07-22 18:24:45 -07:00 |
|
Mariano Cano
|
02c4f9817d
|
Set full token payload instead of only the known properties.
|
2020-07-21 14:21:54 -07:00 |
|
Mariano Cano
|
e6fed5e0aa
|
Minor fixes and comments.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
ca2fb42d68
|
Move options to the provisioner.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
9f3acc254b
|
Set the token payload in the JWK provisioner.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
ef0ed0ff95
|
Integrate simple templates in the JWK provisioner.
|
2020-07-21 14:18:04 -07:00 |
|
max furman
|
71d87b4e61
|
wip
|
2020-06-24 23:25:15 -07:00 |
|
max furman
|
3636ba3228
|
wip
|
2020-06-23 17:13:39 -07:00 |
|
max furman
|
1951669e13
|
wip
|
2020-06-23 11:10:45 -07:00 |
|
max furman
|
1cb8bb3ae1
|
Simplify statuscoder error generators.
|
2020-01-28 13:29:40 -08:00 |
|
max furman
|
dccbdf3a90
|
Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
|
2020-01-28 13:29:40 -08:00 |
|
Mariano Cano
|
84ff172093
|
Add support for backdate to SSH certificates.
|
2020-01-28 13:29:39 -08:00 |
|
Mariano Cano
|
08eac1b00d
|
Make sure to define the KeyID from the token if available.
|
2020-01-28 13:29:39 -08:00 |
|
max furman
|
9caadbb341
|
Fix authority calling wrong revoke method
|
2020-01-28 13:29:39 -08:00 |
|
max furman
|
414a94b210
|
Instrument getIdentity func for OIDC ssh provisioner
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
a86dc78b5d
|
Add missing comment.
|
2020-01-28 13:28:16 -08:00 |
|
Mariano Cano
|
7db7b1ee4c
|
Fix some provisioner tests
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
54e3cf7322
|
Add multiuse capability to k8ssa provisioners
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
29853ae016
|
sshpop provisioner + ssh renew | revoke | rekey first pass
|
2020-01-28 13:28:16 -08:00 |
|
max furman
|
d368791606
|
Add x5c provisioner capabilities
|
2019-10-14 14:51:37 -07:00 |
|
Mariano Cano
|
396b4222aa
|
Implement validator for ssh keys.
Fixes #100
|
2019-09-10 17:04:13 -07:00 |
|
Mariano Cano
|
10e7b81b9f
|
Merge branch 'master' into ssh-ca
|
2019-09-05 23:06:01 +02:00 |
|
max furman
|
2b41faa9cf
|
Enforce >= 2048 bit rsa keys at the provisioner layer
* Fixes #94
* In the future this should be configurable by provisioner
|
2019-08-27 14:44:59 -07:00 |
|
max furman
|
635c59ed24
|
Accept emails SANs
|
2019-08-23 15:59:30 -07:00 |
|
Mariano Cano
|
57a529cc1a
|
Allow to enable the SSH CA per provisioner
|
2019-08-05 11:40:27 -07:00 |
|
Mariano Cano
|
a8f4ad1b8e
|
Set default SSH options if no user options are given.
|
2019-07-31 17:03:33 -07:00 |
|
Mariano Cano
|
53f62f871c
|
Set not extensions to host certificates.
|
2019-07-29 16:36:46 -07:00 |
|
Mariano Cano
|
f01286bb48
|
Add support for SSH certificates to OIDC.
Update the interface for all the provisioners.
|
2019-07-29 15:54:07 -07:00 |
|
Mariano Cano
|
1c8f610ca9
|
Add initial implementation of an SSH CA using the JWK provisioner.
Fixes smallstep/ca-component#187
|
2019-07-23 18:46:43 -07:00 |
|
Mariano Cano
|
f794dbeb93
|
Add support for GCP identity tokens.
|
2019-04-17 17:28:21 -07:00 |
|
max furman
|
ab4d569f36
|
Add /revoke API with interface db backend
|
2019-04-10 13:50:35 -07:00 |
|
Mariano Cano
|
7378ed27ac
|
Refactor claims so they can be totally omitted if only the parent is set.
|
2019-03-19 15:10:52 -07:00 |
|
Mariano Cano
|
0b4cde1ad3
|
Move type to the first position of the struct.
|
2019-03-13 15:33:52 -07:00 |
|
Mariano Cano
|
23e6de57a2
|
Address comments in code review.
|
2019-03-13 11:26:18 -07:00 |
|
Mariano Cano
|
dce3100cfb
|
Add missing time in validation.
|
2019-03-11 11:12:47 -07:00 |
|
Mariano Cano
|
67c79fd014
|
Add tests for default provisioner.
|
2019-03-08 17:24:58 -08:00 |
|