Commit graph

3020 commits

Author SHA1 Message Date
max furman
bfb406bf70 Fixes for PR review 2022-05-18 09:43:32 -07:00
Herman Slatman
14524d7916
Merge pull request #938 from smallstep/herman/update-crypto-0.16.2
Update go.step.sm/crypto to v0.16.2
2022-05-18 09:15:18 +02:00
Herman Slatman
d1ab1d5431
Merge branch 'master' into herman/update-crypto-0.16.2 2022-05-18 09:11:38 +02:00
Herman Slatman
984e4fcff8
Merge pull request #932 from smallstep/herman/pkcs7-patches
Use github.com/smallstep/pkcs7 fork with (selected) patches applied
2022-05-18 09:10:48 +02:00
Herman Slatman
b75ce3acbd
Update to go.step.sm/crypto v0.16.2
This patch release of go.step.sm/crypto fixes an issue with
not all `Subject` names being available for usage in a template
as `ExtraNames`.
2022-05-17 23:39:01 +02:00
Mariano Cano
400b1ece0b Remove scep handler after merge. 2022-05-12 17:39:36 -07:00
Mariano Cano
898ca41268 Merge branch 'master' into context-authority 2022-05-12 17:14:46 -07:00
Herman Slatman
ea084d71fb
Merge pull request #933 from smallstep/herman/allow-deny
Fix check for admin not belonging to provisioner that policy applies to
2022-05-12 16:42:26 +02:00
Herman Slatman
c695b23e24
Fix check for admin not belonging to policy 2022-05-12 16:33:32 +02:00
max furman
25b8d196d8 Couple changes in response to PR
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
  admins when not using Admin API
2022-05-11 17:04:43 -07:00
Mariano Cano
d0c0733691
Merge pull request #924 from vijayjt/vijayt/helmchart-kms
Allow KMS type to be specified in the helm chart values YAML
2022-05-11 14:14:25 -07:00
Herman Slatman
7030dbb7a1
Use github.com/smallstep/pkcs7 fork with patches applied 2022-05-11 21:18:47 +02:00
Herman Slatman
d51913f62a
Merge pull request #917 from smallstep/herman/scep-get
Add SCEP GET requests
2022-05-11 15:32:45 +02:00
Mariano Cano
8942422973 Add GetID() and add authority to initial context 2022-05-10 16:51:09 -07:00
Herman Slatman
688ae837a4
Add some tests for SCEP request decoding 2022-05-07 00:26:18 +02:00
Herman Slatman
c9a89d13ee
Merge branch 'master' into herman/scep-get 2022-05-06 23:49:53 +02:00
Mariano Cano
1e03bbb1af Change types in the ACMEAdminResponder 2022-05-06 14:11:10 -07:00
Mariano Cano
f639bfc53b Use contexts on the new PolicyAdminResponder 2022-05-06 14:05:08 -07:00
Mariano Cano
d461918eb0 Merge branch 'master' into context-authority 2022-05-06 13:21:41 -07:00
Herman Slatman
65090daac3
Merge pull request #788 from smallstep/herman/allow-deny
Add allow/deny policy for x509 SANs and SSH Principals
2022-05-06 19:11:34 +02:00
Herman Slatman
cc26a0b394
Explicitly disable wildcard Common Name constraint 2022-05-06 13:58:48 +02:00
Herman Slatman
0f4ffa504a
Fix linting issues 2022-05-06 13:23:09 +02:00
Herman Slatman
7104299119
Add full policy validation in API 2022-05-06 13:12:13 +02:00
Mariano Cano
2ea0c70344 Move acme context middleware to deprecated handler 2022-05-05 12:25:07 -07:00
Herman Slatman
ed231d29e2
Update to go.step.sm/linkedca@v0.16.1 2022-05-05 15:57:47 +02:00
Herman Slatman
105211392c
Don't rely on linkedca model stability in API response bodies 2022-05-05 14:10:52 +02:00
Herman Slatman
5e9bce508d
Unexport GetPolicy() 2022-05-05 12:32:53 +02:00
Herman Slatman
f0272dc717
Fix import replacement of linkedca 2022-05-05 11:10:21 +02:00
Herman Slatman
60d8b22d89
Change context retrievers to MustTFromContext 2022-05-05 11:05:57 +02:00
Mariano Cano
d51c6b7d83 Make step handler backward compatible 2022-05-04 19:20:34 -07:00
Mariano Cano
43ddcf2efe Do not use deprecated AuthorizeSign 2022-05-04 17:35:34 -07:00
vijayjt
02c0ae81ac Allow KMS type to be specified in the helm chart template if specified on the command line. 2022-05-05 00:10:59 +01:00
Mariano Cano
62d93a644e Apply base context to test of the ca package 2022-05-02 19:39:50 -07:00
Mariano Cano
9147356d8a Fix linter errors 2022-05-02 18:47:47 -07:00
Mariano Cano
a8a4261980 Fix authority/admin/api tests 2022-05-02 18:39:03 -07:00
Mariano Cano
2ab7dc6f9d Fix acme tests. 2022-05-02 18:09:26 -07:00
Mariano Cano
ba499eeb2a Fix acme/api tests. 2022-05-02 17:40:10 -07:00
Mariano Cano
6f9d847bc6 Fix panic in acme/api tests. 2022-05-02 17:35:35 -07:00
Herman Slatman
723c4c14c0
Merge branch 'master' into herman/allow-deny 2022-05-02 16:29:00 +02:00
Herman Slatman
77893ea55c
Change authority policy to use dbPolicy model 2022-05-02 15:55:26 +02:00
Herman Slatman
13173ec8a2
Fix SCEP GET requests 2022-05-01 22:29:17 +02:00
max furman
4cb74e7d8b fix linter warnings 2022-04-30 13:08:28 -07:00
Herman Slatman
d82e51b748
Update AllowWildcardNames configuration name 2022-04-29 15:08:19 +02:00
Mariano Cano
d1f75f1720 Refactor ACME api. 2022-04-28 19:15:18 -07:00
Mariano Cano
fddd6f7d95 Move linker to the acme package. 2022-04-28 15:15:50 -07:00
Mariano Cano
55b0f72821 Add context methods for the acme linker. 2022-04-28 15:14:15 -07:00
Herman Slatman
2b7f6931f3
Change Subject Common Name verification
Subject Common Names can now also be configured to be allowed or
denied, similar to SANs. When a Subject Common Name is not explicitly
allowed or denied, its type will be determined and its value will be
validated according to the constraints for that type of name (i.e. URI).
2022-04-28 14:49:23 +02:00
Mariano Cano
bb8d85a201 Fix unit tests - work in progress 2022-04-27 19:08:16 -07:00
Mariano Cano
42435ace64 Use scep authority from context
This commit also converts all the methods from the handler to
functions.
2022-04-27 18:06:53 -07:00
Mariano Cano
688f9ceb56 Add scep authority to context. 2022-04-27 18:02:37 -07:00