Commit graph

9 commits

Author SHA1 Message Date
Mariano Cano
6d644880bd Allow to kms signers to define the SignatureAlgorithm
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.

On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
2021-09-08 17:48:50 -07:00
Mariano Cano
ce3e6bfdf6 Fix linting errors. 2021-03-22 13:45:20 -07:00
Mariano Cano
96de4e6ec8 Return a non-implemented error in stepcas.RenewCertificate. 2021-03-22 12:56:12 -07:00
Mariano Cano
a6115e29c2 Add initial implementation of StepCAS.
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
2021-03-17 19:33:35 -07:00
Mariano Cano
2b4b902975 Add initial support for step ca init with cloud cas.
Fixes smallstep/cli#363
2020-11-03 12:44:28 -08:00
Mariano Cano
38fa780775 Add interface to get root certificate from CAS.
This change makes easier the configuration of cloudCAS as it does
not require to configure the root or intermediate certificate
in the ca.json. CloudCAS will get the root certificate using
the configured certificateAuthority.
2020-09-21 15:27:20 -07:00
Mariano Cano
aad8f9e582 Pass issuer and signer to softCAS options.
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
2020-09-10 19:09:46 -07:00
Mariano Cano
c8d9cb0a1d Complete cloudcas using CAS v1beta1. 2020-09-10 16:19:18 -07:00
Mariano Cano
1b1f73dec6 Early attempt to develop a CAS interface. 2020-09-08 19:26:32 -07:00