Mariano Cano
c7f226bcec
Add support for renew when using stepcas
...
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.
The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.
Fixes #1021 for stepcas
2022-11-04 16:42:07 -07:00
Mariano Cano
f066ac3d40
Remove buggy logic on GetRevokedCertificates()
2022-10-27 11:58:01 -07:00
Mariano Cano
8200d19894
Improve CRL implementation
...
This commit adds some changes to PR #731 , some of them are:
- Add distribution point to the CRL
- Properly stop the goroutine that generates the CRLs
- CRL config validation
- Remove expired certificates from the CRL
- Require enable set to true to generate a CRL
This last point is the principal change in behaviour from the previous
implementation. The CRL will not be generated if it's not enabled, and
if it is enabled it will always be regenerated at some point, not only
if there is a revocation.
2022-10-26 18:55:24 -07:00
Raal Goff
f7df865687
refactor crl config, add some tests
2022-10-07 10:30:00 +08:00
Raal Goff
40baf73dff
remove incorrect check on revoked certificate dates, add mutex lock for generating CRLs,
2022-09-15 15:03:42 +08:00
Raal Goff
9fa5f46213
add minor doco, Test_CRLGeneration(), fix some issues from merge
2022-07-13 08:56:47 +08:00
Raal Goff
60671b07d7
Merge branch 'master' into crl-support
...
# Conflicts:
# api/api.go
# authority/config/config.go
# cas/softcas/softcas.go
# db/db.go
2022-07-13 08:52:58 +08:00
Mariano Cano
26dd97e718
Merge branch 'master' into context-authority
2022-05-23 12:36:16 -07:00
Mariano Cano
20b2c6a201
Extract cert storer methods from AuthDB
...
To be able to extend the AuthDB with methods that also extend the
provisioner we need to either create a new method or to split the
interface. This change splits the interface so we can have a cleaner
implementation.
2022-05-18 18:27:37 -07:00
Mariano Cano
0446e82320
Add context methods for the authority database
2022-04-27 12:05:19 -07:00
Mariano Cano
3694ba30dc
Store certificate and provisioner in one transaction.
2022-04-12 18:42:27 -07:00
Mariano Cano
1d1e095447
Add tests for LoadProvisionerByCertificate.
2022-04-08 13:06:29 -07:00
Raal Goff
c8b38c0e13
implemented requested changes
2022-04-06 10:50:09 +08:00
Mariano Cano
7d6116c3d0
Add GetCertificateData and refactor x509_certs_data.
2022-04-05 19:24:53 -07:00
Mariano Cano
41c6ded85e
Store in the db the provisioner that granted a cert.
2022-04-05 18:00:01 -07:00
Raal Goff
773741eda8
Merge remote-tracking branch 'origin/crl-support' into crl-support
...
# Conflicts:
# api/api_test.go
# authority/tls.go
2022-04-06 08:35:13 +08:00
Raal Goff
53dbe2309b
implemented some requested changes
2022-04-06 08:24:49 +08:00
Raal Goff
d417ce3232
implement changes from review
2022-04-06 08:23:53 +08:00
Raal Goff
7d024cc4cb
change GenerateCertificateRevocationList to return DER, store DER in db instead of PEM, nicer PEM encoding of CRL, add Mock stubs
2022-04-06 08:22:26 +08:00
Raal Goff
e8fdb703c9
initial support for CRL
2022-04-06 08:19:45 +08:00
Raal Goff
8520c861d5
implemented some requested changes
2022-04-05 11:19:13 +08:00
Herman Slatman
47a8a3c463
Add test case for ACME Revoke to Authority
2021-12-02 17:11:36 +01:00
Raal Goff
222b52db13
implement changes from review
2021-11-04 14:05:07 +08:00
Raal Goff
8545adea92
change GenerateCertificateRevocationList to return DER, store DER in db instead of PEM, nicer PEM encoding of CRL, add Mock stubs
2021-11-02 13:26:07 +08:00
Raal Goff
56926b9012
initial support for CRL
2021-10-30 15:52:50 +08:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
Mariano Cano
8381e9bd17
Fix typos.
2020-10-05 17:20:22 -07:00
Mariano Cano
e17ce39e3a
Add support for Revoke using CAS.
2020-09-15 18:14:03 -07:00
max furman
d51f254ee4
ValueLogLoadingMode -> FileLoading Mode badger
2020-04-20 16:09:07 -07:00
max furman
0573c00bd3
Simultaneous support for Badger V1+V2 and ...
...
* valueLogLoadingMode config for low RAM badger environments
2020-04-20 11:46:47 -07:00
max furman
dccbdf3a90
Introduce generalized statusCoder errors and loads of ssh unit tests.
...
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
2020-01-28 13:29:40 -08:00
max furman
db1b7a7f8f
extraneous new line
2020-01-28 13:29:39 -08:00
max furman
29853ae016
sshpop provisioner + ssh renew | revoke | rekey first pass
2020-01-28 13:28:16 -08:00
max furman
862d704f6b
get-hosts fixes
2020-01-28 13:28:16 -08:00
max furman
5616386eed
Add SSH getHosts api
2020-01-28 13:28:16 -08:00
Mariano Cano
37f17213bb
Add initial support for check-host endpoint.
2020-01-28 13:28:16 -08:00
max furman
83a8139543
dep update nosql
...
* Fixes #112
2019-09-24 14:31:07 -07:00
max furman
e3826dd1c3
Add ACME CA capabilities
2019-09-13 15:48:33 -07:00
max furman
599fc1058c
loadOrStore -> cmpAndSwap
2019-06-10 13:21:06 -07:00
max furman
81db527f12
NoopDB -> SimpleDB
2019-05-07 12:26:30 -07:00
max furman
b73fe8c157
Add used OTT to DB during authToken step
2019-05-06 15:52:02 -07:00
max furman
46c7592f34
db: Omit empty optional fields from JSON
2019-04-26 13:08:14 -07:00
max furman
c242602231
reload and shutdown trickery
...
* Only shutdown the database once.
* Be careful when reloading the CA. Depending on whether the DB has
already been shutdown, and error may be unrecoverable.
2019-04-25 13:25:41 -07:00
max furman
cbeca9383b
Update nosql integration
...
* shutdown and reload database on SIGHUP
2019-04-24 18:00:59 -07:00
max furman
ab4d569f36
Add /revoke API with interface db backend
2019-04-10 13:50:35 -07:00