mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
1774 commits 33 branches 197 tags 41 MiB
Commit graph

289 commits

Author SHA1 Message Date
Mariano Cano
9cc410b308 Use map[string]struct{} instead of map[string]bool 2021-04-29 18:40:04 -07:00
Mariano Cano
c8eb771a8e Add test for oidc with preferred usernames. 2021-04-29 18:37:48 -07:00
Cristian Le
8b1ab30212 Sanitize usernames 2021-04-30 09:41:06 +09:00
Cristian Le
bf364f0a5f Draft: adding usernames to GetIdentityFunc 2021-04-30 09:14:28 +09:00
Cristian Le
861ef80e0d Rename and reformat to PreferredUsername 2021-04-30 08:44:41 +09:00
Cristian Le
55fbcfb3be Implement #550 
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
 2021-04-29 15:44:21 +09:00
max furman
2ae43ef2dc [acme db interface] wip errors 2021-03-25 12:05:46 -07:00
max furman
16665c97f0 Allow empty SAN in CSR for validation ... 
- The default template will always use the SANs from the token.
- If there are any SANs they must be validated against the token.
 2021-01-14 15:26:46 -06:00
Mariano Cano
5017b7d21f Recalculate token id instead of validating it. 2020-12-17 14:52:34 -08:00
Mariano Cano
86c947babc Upgrade crypto and fix test. 2020-12-17 14:17:08 -08:00
Mariano Cano
0cf594a003 Validate payload ID. 
Related to #435
 2020-12-17 13:35:14 -08:00
Mariano Cano
39b23c057d Add all AWS certificates used to verify base64 signatures. 2020-10-28 17:47:44 -07:00
Mariano Cano
7d1686dc53 Add option to specify the AWS IID certificates to use. 
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.

Fixes #393
 2020-10-13 17:51:24 -07:00
Mariano Cano
4c8bf87dc1 Use new admin template for K8ssa and admin-OIDC provisioners. 
This change replaces the .Insecure.CR template to one that sets
all the SANs, but uses key usages and extended key usages for
regular TLS certificates.
 2020-09-21 12:49:16 -07:00
Mariano Cano
276e307a1d Add extra tests for CustomSSHTemplateOptions 2020-09-08 15:43:39 -07:00
max furman
da9f0b09af Ignore null string for x509 and ssh templateData. 2020-09-08 13:59:22 -07:00
Mariano Cano
81c6e01269 Fix unit test. 2020-09-04 11:16:17 -07:00
max furman
ce9af5c20f Standardize k8ssa check on issuer name 2020-08-31 20:56:00 -07:00
Mariano Cano
8ee246edda Upgrade go.step.sm to v0.4.0 2020-08-31 12:30:54 -07:00
Mariano Cano
35bd3ec383
Merge pull request #329 from smallstep/ssh-cert-templates 
SSH cert templates
 2020-08-28 14:42:58 -07:00
Mariano Cano
b7269b6579 Fix comment. 2020-08-28 14:22:13 -07:00
Mariano Cano
c94a1c51be Merge branch 'master' into ssh-cert-templates 2020-08-24 15:08:28 -07:00
Mariano Cano
ba918100d0 Use go.step.sm/crypto/jose 
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
 2020-08-24 14:44:11 -07:00
max furman
46fc922afd Remove unused code; fix usage wrong word; add gap time for unit test 2020-08-20 18:48:17 -07:00
Mariano Cano
d30a95236d Use always go.step.sm/crypto 2020-08-14 15:33:50 -07:00
Mariano Cano
aaaa7e9b4e Merge branch 'master' into cert-templates 2020-08-14 10:45:41 -07:00
Mariano Cano
e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 2020-08-10 11:26:51 -07:00
Mariano Cano
f437b86a7b Merge branch 'cert-templates' into ssh-cert-templates 2020-08-05 18:43:07 -07:00
Mariano Cano
c8d225a763 Use x509util from go.step.sm/crypto/x509util 2020-08-05 16:02:46 -07:00
Mariano Cano
37f84e9bb3 Add delay in test. 2020-08-03 19:01:15 -07:00
Mariano Cano
8d89bbd62f Remove unused code. 2020-08-03 18:39:02 -07:00
Mariano Cano
c4bbc81d9f Fix authority tests. 2020-08-03 18:36:05 -07:00
Mariano Cano
413af88aad Fix provisioning tests. 2020-08-03 18:10:29 -07:00
Mariano Cano
b66bdfabcd Enforce an OIDC users to send all template variables. 2020-08-03 15:28:48 -07:00
Mariano Cano
9822305bb6 Use only the IID template on IID provisioners. 
Use always sshutil.DefaultIIDCertificate and require at least one
principal on IID provisioners.
 2020-08-03 15:11:42 -07:00
Mariano Cano
aa657cdb4b Use SSHOptions inside provisioner options. 2020-07-30 18:44:52 -07:00
Mariano Cano
02379d494b Add support for extensions and critical options on the identity 
function.
 2020-07-30 17:45:03 -07:00
Mariano Cano
8ff8d90f8c On JWK and X5C validate the key id on the request. 2020-07-30 17:45:03 -07:00
Mariano Cano
a78f7e8913 Add template support on k8ssa provisioner. 2020-07-30 17:45:03 -07:00
Mariano Cano
6c36ceb158 Add initial template support for iid provisisioners. 2020-07-30 17:45:03 -07:00
Mariano Cano
8e7bf96769 Fix error prefix. 2020-07-30 17:45:03 -07:00
Mariano Cano
e0dce54338 Add missing argument. 2020-07-30 17:45:03 -07:00
Mariano Cano
c1fc45c872 Simplify SSH modifiers with options. 
It also changes the behavior of the request options to modify only
the validity of the certificate.
 2020-07-30 17:45:03 -07:00
Mariano Cano
ad28f0f59a Move variable where it is used. 2020-07-30 17:45:03 -07:00
Mariano Cano
715eb4eacc Add initial support for ssh templates on OIDC. 2020-07-30 17:45:03 -07:00
Mariano Cano
c2dc76550c Add ssh certificate template to X5C provisioner. 2020-07-30 17:45:03 -07:00
Mariano Cano
380a0d6daf Add ssh certificate templates to JWK provisioner. 2020-07-30 17:45:03 -07:00
Mariano Cano
f75a12e10a Add omitempty tag option. 2020-07-30 17:45:03 -07:00
Mariano Cano
570ede45e7 Do not enforce number of principals or extensions. 2020-07-30 17:45:02 -07:00
Mariano Cano
631f1612a1 Add TemplateData to SignSSHOptions. 2020-07-30 17:45:02 -07:00