mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
3085 commits 33 branches 197 tags 41 MiB
Commit graph

136 commits

Author SHA1 Message Date
Mariano Cano
c9e7af3722 Use only name constraints in GetTLSCertificate 2022-09-23 11:04:27 -07:00
Mariano Cano
2eba5326db Remove policy validation on renew 2022-09-22 12:17:16 -07:00
Mariano Cano
d68c765e20 Add context to errors 2022-09-21 18:46:34 -07:00
Mariano Cano
72e2c4eb2e Render proper policy and constrains errors 2022-09-21 18:35:18 -07:00
Mariano Cano
4b79405dac Check constraints and policy for leaf certificates too 2022-09-21 15:54:28 -07:00
Mariano Cano
325d8bca4f Merge branch 'master' into name-constraints 2022-09-21 13:29:44 -07:00
Mariano Cano
debe565e42 Validate constraints on Sign and Renew/Rekey 
Fixes #1060
 2022-09-20 18:52:47 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
34c6c65671 Pass attestation information to the Sign method 
Attestation information might be useful in authorizing webhooks
 2022-09-16 12:37:41 -07:00
Mariano Cano
8bd0174251 Rename field to IsCAServerCert 2022-08-11 15:14:26 -07:00
Mariano Cano
5df1694250 Add endpoint id for the RA certificate 
In a linked RA mode, send an endpoint id to group the server
certificates.
 2022-08-11 14:47:11 -07:00
Mariano Cano
eb091aec54 Simplify field names for ProvisionerInfo 2022-08-10 17:44:14 -07:00
Mariano Cano
6b5d3dca95 Add provisioner name to RA info 2022-08-03 18:44:04 -07:00
Mariano Cano
f9df8ac05f Remove unused interface 2022-08-03 12:03:49 -07:00
Mariano Cano
9408d0f24b Send RA provisioner information to the CA 2022-08-02 19:28:49 -07:00
Mariano Cano
ce9a23a0f7 Fix SSH certificate revocation 2022-05-25 16:55:22 -07:00
Mariano Cano
c8d7ad7ab9 Fix store certificates methods with new interface 2022-05-18 18:33:22 -07:00
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container 2022-04-26 13:12:16 +02:00
Herman Slatman
76112c2da1
Improve error creation and testing for core policy engine 2022-04-26 01:47:07 +02:00
Herman Slatman
3fa96ebf13
Improve policy errors returned to client 2022-04-24 13:11:32 +02:00
Herman Slatman
ad2de16299
Merge branch 'master' into herman/allow-deny 2022-04-19 10:26:31 +02:00
Mariano Cano
fe9c3cf753
Merge branch 'master' into ahmet2mir-feat/vault 2022-04-18 15:35:26 -07:00
Herman Slatman
abcad679ff
Merge branch 'master' into herman/allow-deny 2022-04-18 21:54:55 +02:00
Mariano Cano
ea5f7f2acc
Fix SANs for step-ca certificate 
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
 2022-04-12 13:57:55 -07:00
Mariano Cano
37b521ec6c
Merge branch 'master' into feat/vault 2022-04-11 14:57:45 -07:00
Herman Slatman
9797b3350e
Merge branch 'master' into herman/allow-deny 2022-04-08 16:01:56 +02:00
Mariano Cano
db337debcd Load provisioner from the database instead of the extension. 2022-04-05 19:25:47 -07:00
Herman Slatman
571b21abbc
Fix (most) PR comments 2022-03-31 16:12:29 +02:00
Herman Slatman
b49307f326
Fix ACME order tests with mock ACME CA 2022-03-24 18:34:04 +01:00
Herman Slatman
9e0edc7b50
Add early authority policy evaluation to ACME order API 2022-03-24 14:55:40 +01:00
Herman Slatman
613c99f00f
Fix linting issues 2022-03-24 13:10:49 +01:00
Mariano Cano
9d027c17d0 Send current provisioner on PostCertificate 2022-03-21 19:24:05 -07:00
Herman Slatman
101ca6a2d3
Check admin subjects before changing policy 2022-03-21 15:53:59 +01:00
Herman Slatman
81b0c6c37c
Add API implementation for authority and provisioner policy 2022-03-15 15:56:04 +01:00
Herman Slatman
7c541888ad
Refactor configuration of allow/deny on authority level 2022-03-08 13:26:07 +01:00
Mariano Cano
c0525381eb Merge branch 'master' into feat/vault 2022-02-16 18:19:23 -08:00
Herman Slatman
5cb23c6029
Merge pull request #804 from smallstep/herman/normalize-ipv6-dns-names 
Normalize IPv6 hostname addresses
 2022-02-09 11:25:24 +01:00
Herman Slatman
e887ccaa07
Ensure the CA TLS certificate represents IPv6 DNS names as IP in cert 
If an IPv6 domain name (i.e. [::1]) is provided manually in the `ca.json`,
this commit will ensure that it's represented as an IP SAN in the TLS
certificate. Before this change, the IPv6 would become a DNS SAN.
 2022-02-03 14:21:23 +01:00
Mariano Cano
300c19f8b9 Add a custom enforcer that can be used to modify a cert. 2022-02-02 14:36:58 -08:00
Ahmet DEMIR
68b980d689
feat(authority): avoid hardcoded cn in authority csr 2022-01-13 20:30:54 +01:00
Herman Slatman
50c3bce98d
Change if/if to if/else-if when checking the type of JSON error 2022-01-12 21:34:38 +01:00
Herman Slatman
a3cf6bac36
Add special handling for *json.UnmarshalTypeError 2022-01-12 11:15:39 +01:00
Herman Slatman
0475a4d26f
Refactor extraction of JSON template syntax errors 2022-01-12 10:41:36 +01:00
Herman Slatman
a5455d3572
Improve errors related to template execution failures (slightly) 2022-01-10 15:49:37 +01:00
Herman Slatman
3bc3957b06
Merge branch 'master' into hs/acme-revocation 2021-12-09 09:36:52 +01:00
Herman Slatman
47a8a3c463
Add test case for ACME Revoke to Authority 2021-12-02 17:11:36 +01:00
Herman Slatman
c9cd876a7d
Merge branch 'master' into hs/acme-revocation 2021-11-25 00:40:56 +01:00
Mariano Cano
ff04873a2a Change the default error type to forbidden in Sign. 
The errors will also be propagated from sign options.
 2021-11-23 18:58:16 -08:00
Mariano Cano
668d3ea6c7 Modify errs.Wrap() with bad request to send messages to users. 2021-11-18 18:44:58 -08:00
Mariano Cano
8ce807a6cb Modify errs.BadRequest() calls to always send an error to the client. 2021-11-18 15:12:44 -08:00