Commit graph

346 commits

Author SHA1 Message Date
max furman
ab78534b08 add test for SAN backwards compatibility with CLI
* new provisioner tokens always contain the crt.Subject.CommonName
in the SANS attribute of the token claims. added tests that verifies
backwards compatibility still works in cases where the token does not
contain the subject as a SAN claim.
2019-02-01 12:24:21 -06:00
max furman
e6e8443f3c allow multiple identical SANs in cert 2019-01-31 11:20:21 -06:00
max furman
f0683c2e0a Enable signing certificates with custom SANs
* validate against SANs in token. must be 1:1 equivalent.
2019-01-30 18:21:03 -06:00
Mariano Cano
d394dd233a Initiate default RootCAs/ClientCAs when no options are passed. 2019-01-23 14:33:16 -08:00
Mariano Cano
25eba1a96c WIP on the safely rotate of root and federated certificates.
Fixes #23
2019-01-22 19:54:12 -08:00
Mariano Cano
bacbf85aa3 Add new bootstrap method that creates a listener. 2019-01-17 14:48:33 -08:00
Mariano Cano
984bf8d38c Add missing file. 2019-01-16 19:06:21 -08:00
Mariano Cano
1cc5e94666 Add simple test for federation. 2019-01-16 19:03:41 -08:00
Mariano Cano
dbd1bf11f1 Rename variable. 2019-01-14 17:35:38 -08:00
Mariano Cano
7dc61bf233 Remove deprecated code 2019-01-11 19:13:06 -08:00
Mariano Cano
518b597535 Remove mTLS client requirement in /roots and /federation 2019-01-11 19:08:08 -08:00
Mariano Cano
9adc65febf Add test for newTLSOptionCtx 2019-01-10 15:31:40 -08:00
Mariano Cano
6116523055 Fix random order in tests. 2019-01-10 10:57:06 -08:00
Mariano Cano
8510e25b3b Add test with bootstrap server. 2019-01-09 18:48:15 -08:00
Mariano Cano
f99ae9da93 Add root rotation test. 2019-01-09 17:55:32 -08:00
Mariano Cano
af9e6488fc Make the renew test shorter. 2019-01-09 17:35:00 -08:00
Mariano Cano
25ddbaedff Allow to customize the minimal cert duration for tests. 2019-01-09 17:24:11 -08:00
Mariano Cano
10aaece1b0 Update root certificates on renew. 2019-01-09 13:20:28 -08:00
Mariano Cano
6d3e8ed93c Add all root certificates by default on bootstrap methods. 2019-01-07 18:55:40 -08:00
Mariano Cano
d296cf95a9 Add mTLS request to get all the root CAs, not the federated ones. 2019-01-07 17:48:56 -08:00
Mariano Cano
98cc243a37 Add support for multiple roots. 2019-01-07 15:30:28 -08:00
Mariano Cano
722bcb7e7a Add initial support for federated root certificates. 2019-01-04 17:51:32 -08:00
Mariano Cano
7e2f80ac30 Fix grammar error 2018-11-27 16:29:14 -08:00
max furman
c0107ab5b9 Fix ca renew documentation 2018-11-27 16:25:01 -08:00
Mariano Cano
f7a5be3942 Force the renew of the CA server. 2018-11-27 15:57:13 -08:00
Mariano Cano
b0a410066b Add support for parsing endpoints without schema.
Fixes smallstep/ca-component#117
2018-11-26 18:29:45 -08:00
Mariano Cano
d872f09910 Use mTLS by default on SDK methods.
Add options to modify the tls.Config for different configurations.
Fixes #7
2018-11-21 13:31:09 -08:00
Mariano Cano
9c64dbda9a Add helpers to add direct support for mTLS. 2018-11-07 16:07:35 -08:00
Mariano Cano
b23e3bec7f Remove comment of removed arguments. 2018-11-06 17:45:41 -08:00
max furman
5f2d998584 change documentation for bootstrap Server|Client
* provide documentation for default and non-default invocation.
2018-11-06 17:39:00 -08:00
Mariano Cano
ba88c8c5cb Add context to bootstrap methods. 2018-11-06 17:16:33 -08:00
Mariano Cano
7eb8aeb1f1 Add tests for bootstrap functions. 2018-11-05 12:22:10 -08:00
Mariano Cano
091506a994 Add bootstrap helpers that uses just a token. 2018-11-02 18:54:49 -07:00
max furman
c74fcd57a7 ca-component -> certificates
* fix redundant error check
* add README
2018-10-31 21:36:01 -07:00
max furman
0d9dd2d14b provisioner issuer -> name 2018-10-29 18:00:30 -07:00
Mariano Cano
71a3587b76 Add client support for provisioner cursor and limit options.
Fixes #83
2018-10-26 11:35:15 -07:00
Mariano Cano
99cab73360 Remove unused import /provisioners/jwk-set-by-issuer 2018-10-25 18:55:18 -07:00
max furman
ee7db4006a change sign + authorize authority api | add provisioners
* authorize returns []interface{}
 - operators in this list can conform to any interface the user decides
 - our implementation has a combination of certificate claim validators
 and certificate template modifiers.
* provisioners can set and enforce tls cert options
2018-10-18 22:26:39 -07:00
Mariano Cano
d7c31c3133 Properly fill CSR DNSNames or IPAddresses 2018-10-24 19:49:16 -07:00
Mariano Cano
2b2598c695 Fix audience to fix ca tests. 2018-10-24 12:50:42 -07:00
Mariano Cano
511e1a9e23 Fix getting transport from root fingerprint. 2018-10-24 12:42:37 -07:00
max furman
0b5f6487e1 change provisioners api
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
2018-10-11 23:03:00 -07:00
Mariano Cano
7b6a3ea427 Add client methods for provisioning endpoints. 2018-10-09 14:54:29 -07:00
max furman
378166a3b2 add full stack tests for multiple provisioners api
* /provisioners and /provisioners/<key-id>/encrypted-key
2018-10-09 13:37:47 -07:00
max furman
d773770a44 add authority.New unit tests 2018-10-08 21:48:44 -07:00
max furman
c284a2c0ab first commit 2018-10-05 21:48:36 +00:00