Herman Slatman
5cb23c6029
Merge pull request #804 from smallstep/herman/normalize-ipv6-dns-names
...
Normalize IPv6 hostname addresses
2022-02-09 11:25:24 +01:00
Herman Slatman
e887ccaa07
Ensure the CA TLS certificate represents IPv6 DNS names as IP in cert
...
If an IPv6 domain name (i.e. [::1]) is provided manually in the `ca.json`,
this commit will ensure that it's represented as an IP SAN in the TLS
certificate. Before this change, the IPv6 would become a DNS SAN.
2022-02-03 14:21:23 +01:00
Mariano Cano
300c19f8b9
Add a custom enforcer that can be used to modify a cert.
2022-02-02 14:36:58 -08:00
Herman Slatman
50c3bce98d
Change if/if to if/else-if when checking the type of JSON error
2022-01-12 21:34:38 +01:00
Herman Slatman
a3cf6bac36
Add special handling for *json.UnmarshalTypeError
2022-01-12 11:15:39 +01:00
Herman Slatman
0475a4d26f
Refactor extraction of JSON template syntax errors
2022-01-12 10:41:36 +01:00
Herman Slatman
a5455d3572
Improve errors related to template execution failures (slightly)
2022-01-10 15:49:37 +01:00
Herman Slatman
3bc3957b06
Merge branch 'master' into hs/acme-revocation
2021-12-09 09:36:52 +01:00
Herman Slatman
47a8a3c463
Add test case for ACME Revoke to Authority
2021-12-02 17:11:36 +01:00
Herman Slatman
c9cd876a7d
Merge branch 'master' into hs/acme-revocation
2021-11-25 00:40:56 +01:00
Mariano Cano
ff04873a2a
Change the default error type to forbidden in Sign.
...
The errors will also be propagated from sign options.
2021-11-23 18:58:16 -08:00
Mariano Cano
668d3ea6c7
Modify errs.Wrap() with bad request to send messages to users.
2021-11-18 18:44:58 -08:00
Mariano Cano
8ce807a6cb
Modify errs.BadRequest() calls to always send an error to the client.
2021-11-18 15:12:44 -08:00
Herman Slatman
3151255a25
Merge branch 'master' into hs/acme-revocation
2021-10-30 15:41:29 +02:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
Mariano Cano
42fde8ba28
Merge branch 'master' into linkedca
2021-08-25 15:56:50 -07:00
Mariano Cano
9e5762fe06
Allow the reuse of azure token if DisableTrustOnFirstUse is true
...
Azure caches tokens for 24h and we cannot issue a new certificate
for the same instance in that period of time.
The meaning of this parameter is to allow the signing of multiple
certificate in one instance. This is possible in GCP, because we
get a new token, and is possible in AWS because we can generate
a new one. On Azure there was no other way to do it unless you
wait for 24h.
Fixes #656
2021-08-11 11:50:54 -07:00
Mariano Cano
d72fa953ac
Remove debug statements.
2021-08-05 18:50:18 -07:00
Mariano Cano
3f07eb597a
Implement revocation using linkedca.
2021-08-05 18:45:50 -07:00
Mariano Cano
0730a165fd
Add collection of files and authority template.
2021-07-27 19:19:58 -07:00
Mariano Cano
71f8019243
Store x509 and ssh certificates on linkedca if enabled.
2021-07-20 18:16:24 -07:00
Herman Slatman
8f7e700f09
Merge branch 'master' into hs/acme-revocation
2021-07-09 11:22:25 +02:00
max furman
9fdef64709
Admin level API for provisioner mgmt v1
2021-07-02 19:05:17 -07:00
Herman Slatman
84e7d468f2
Improve handling of ACME revocation
2021-07-03 00:21:17 +02:00
max furman
7b5d6968a5
first commit
2021-05-19 15:20:16 -07:00
Mariano Cano
2cbaee9c1d
Allow to use an alternative interface to store renewed certs.
...
This can be useful to know if a certificate has been renewed and
link one certificate with the 'parent'.
2021-04-29 15:55:22 -07:00
Mariano Cano
e6833ecee3
Add extension of db.AuthDB to store the fullchain.
...
Add a temporary solution to allow an extension of an db.AuthDB
interface that logs the fullchain of certificates instead of just
the leaf.
2021-04-26 12:28:51 -07:00
Mariano Cano
0b8528ce6b
Allow mTLS revocation without provisioner.
2021-03-22 13:37:31 -07:00
Mariano Cano
bcf70206ac
Add support for revocation using an extra provisioner in the RA.
2021-03-17 19:47:36 -07:00
Mariano Cano
a6115e29c2
Add initial implementation of StepCAS.
...
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
2021-03-17 19:33:35 -07:00
Mariano Cano
3e0ab8fba7
Fix typo.
2020-10-05 18:00:50 -07:00
Mariano Cano
d64427487d
Add comment about the missing error check.
2020-10-05 17:39:44 -07:00
Mariano Cano
e17ce39e3a
Add support for Revoke using CAS.
2020-09-15 18:14:03 -07:00
Mariano Cano
aad8f9e582
Pass issuer and signer to softCAS options.
...
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
2020-09-10 19:09:46 -07:00
Mariano Cano
1b1f73dec6
Early attempt to develop a CAS interface.
2020-09-08 19:26:32 -07:00
Mariano Cano
cef0475e71
Make clear what's a template/unsigned certificate.
2020-08-28 14:33:26 -07:00
Mariano Cano
c94a1c51be
Merge branch 'master' into ssh-cert-templates
2020-08-24 15:08:28 -07:00
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
max furman
81875074e3
tie -> the in comment
2020-08-20 15:15:15 -07:00
max furman
cb594ed2e0
go mod tidy and golang 1.15.0 cleanup ...
...
- cs.NegotiatedProtocolIsMutual has been deprecated but we still build
in travis with 1.14 so for now we'll ignore this linting error
- string(int) was resolving to string of a single rune rather than
string of digits -> use fmt.Sprint
2020-08-17 13:48:37 -07:00
Mariano Cano
d30a95236d
Use always go.step.sm/crypto
2020-08-14 15:33:50 -07:00
Mariano Cano
0a59efd853
Use new x509util to generate the CA certificate.
2020-08-10 16:09:22 -07:00
Mariano Cano
4943ae58d8
Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates.
2020-08-10 15:29:18 -07:00
Mariano Cano
ce1eb0a01b
Use new x509util for renew/rekey.
2020-08-05 19:09:06 -07:00
Mariano Cano
c8d225a763
Use x509util from go.step.sm/crypto/x509util
2020-08-05 16:02:46 -07:00
Mariano Cano
a7b65f1e1e
Add authority.Sign test with custom templates.
2020-07-22 19:18:45 -07:00
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
2020-07-22 18:24:45 -07:00
Mariano Cano
ccc705cdcd
Use alias x509legacy to cli x509util in tls.go.
2020-07-21 14:20:48 -07:00
Mariano Cano
8f0dd811af
Allow to send errors from template to cli.
2020-07-21 14:18:06 -07:00
Mariano Cano
4795e371bd
Add back the support for ca.json DN template.
2020-07-21 14:18:05 -07:00