Commit graph

2673 commits

Author SHA1 Message Date
Herman Slatman
5cb23c6029
Merge pull request #804 from smallstep/herman/normalize-ipv6-dns-names
Normalize IPv6 hostname addresses
2022-02-09 11:25:24 +01:00
Herman Slatman
d00729df0b
Refactor ACME Admin API 2022-02-08 13:26:30 +01:00
Mariano Cano
588c72c046
Merge pull request #817 from Cpcrook/chore/#816-provisioner-decryption-error-messaging
Add descriptive provisioner JWK decryption error messages
2022-02-07 10:14:36 -08:00
Ahmet DEMIR
a9550a746f
fix: add back commented tests 2022-02-06 23:35:17 +01:00
Ahmet DEMIR
ab5197500c
fix: a certificat must excldue the root and you should use verified chained intermediate 2022-02-06 23:29:49 +01:00
Chris Crook
11637b5793 Add descriptive provisioner JWK decryption error messages
Wrap other errors in decryption process with more helpful messaging.  This should help users troubleshoot misconfiguration more easily.

Fixes #816
2022-02-04 17:53:58 -05:00
max furman
039d2455d9 changelog update 2022-02-03 13:21:58 -08:00
max furman
5f4ac5beff Fix broken test due to linter fix 2022-02-03 12:43:53 -08:00
max furman
62690ab52e Fix linting errors and pin linter version in release action 2022-02-03 12:23:02 -08:00
Mariano Cano
d384b534c7
Merge pull request #814 from smallstep/x509-enforcer
Authority enforcer option
2022-02-03 10:53:04 -08:00
Herman Slatman
bfa2245abb
Merge branch 'master' into herman/normalize-ipv6-dns-names 2022-02-03 17:24:08 +01:00
Herman Slatman
e887ccaa07
Ensure the CA TLS certificate represents IPv6 DNS names as IP in cert
If an IPv6 domain name (i.e. [::1]) is provided manually in the `ca.json`,
this commit will ensure that it's represented as an IP SAN in the TLS
certificate. Before this change, the IPv6 would become a DNS SAN.
2022-02-03 14:21:23 +01:00
Herman Slatman
1fe7362bee
Normalize IPv6 addresses in ACME linker 2022-02-03 13:55:15 +01:00
Mariano Cano
300c19f8b9 Add a custom enforcer that can be used to modify a cert. 2022-02-02 14:36:58 -08:00
J. Hunter Hawke
808f039b09
Added some example ansible configs (#813) 2022-02-02 18:54:55 +01:00
Herman Slatman
4a0cfd24e5
Merge pull request #797 from smallstep/herman/scep-macos-renewal-fixes
Fix macOS SCEP client issues
2022-01-31 13:27:44 +01:00
Herman Slatman
c7c5c3c94e
Merge branch 'master' into herman/scep-macos-renewal-fixes 2022-01-31 13:20:16 +01:00
Herman Slatman
c57dfeec2d
Merge pull request #650 from hslatman/hs/acme-eab
ACME External Account Binding
2022-01-31 12:21:22 +01:00
Herman Slatman
bf21319e76
Fix PR comments and issue with empty string slices 2022-01-28 13:26:56 +01:00
Mariano Cano
09a9b3e1c8 Upgrade go.step.sm/crypto 2022-01-27 13:12:50 -08:00
Herman Slatman
5f42ae0bce
Remove unused function LoadProvisionerByID from SCEP 2022-01-27 21:06:55 +01:00
Ahmet DEMIR
782ff76963
fix: apply suggestion to use cr only 2022-01-27 11:19:31 +01:00
Ahmet DEMIR
b49ac2501b
feat: enhance options and fix revoke plus more tests 2022-01-27 11:14:19 +01:00
Ahmet DEMIR
8ef3abf6d9
fix: minus d on Ed 2022-01-26 11:29:21 +01:00
Herman Slatman
fd9845e9c7
Add cursor and limit to ACME EAB DB interface 2022-01-24 14:03:56 +01:00
Herman Slatman
ad041d6bb7
Fix deprecation of grpc.WithInsecure option
With the update of go.step.sm/linkedca grpc.WithInsecure was
deprecated. This commit fixes this by setting up the (insecure)
connection using the new method.
2022-01-21 16:17:40 +01:00
Herman Slatman
3b72d241e0
Add LinkedCA integration for improved SCEP provisioner 2022-01-21 16:07:50 +01:00
Herman Slatman
c3f2fd8ef0
Add RW locks to prevent concurrent updates to the DB
Although this may slow certain API calls down and may not be, strictly
necessary, I think it's best to put all the ACME EAB operations behind
RW locks to prevent concurrent updates to the DB and guarantee
consistent result sets.
2022-01-20 17:25:15 +01:00
Herman Slatman
868cc4ad7f
Increase test coverage for additional indexes 2022-01-20 17:06:23 +01:00
Herman Slatman
8838961b68
Merge branch 'master' into hs/acme-eab 2022-01-20 11:05:28 +01:00
Herman Slatman
c0eb420806
Remove special case for empty slices 2022-01-20 11:03:49 +01:00
Ahmet DEMIR
d957a57e24
fix: apply mariano suggestions and fixes
* use json.RawMessage to remote mapstructure in options
* use vault secretid structure to support multiple source aka string, file and env
* remove log prefix
* return raw cert on error on newline for cert and csr
* clean sans, commonName in createCertificate (bad copy/paste from StepCAS)
* verify authority fingerprint
* convert serial on revoke to bigint, bytes and vault dashed representation
2022-01-20 10:16:47 +01:00
Herman Slatman
716b946e7a
Normalize IPv6 hostname addresses 2022-01-19 17:14:45 +01:00
Herman Slatman
64680bb16d
Fix PR comments 2022-01-19 11:31:33 +01:00
Carl Tashian
262375577a
Merge pull request #794 from smallstep/create-db-folder
Create the db directory on step ca init
2022-01-18 16:11:07 -08:00
Herman Slatman
3612eefc31
Cleanup 2022-01-18 15:54:18 +01:00
Ahmet DEMIR
16390694e1
feat(vault): adding hashicorp vault cas 2022-01-14 18:56:17 +01:00
Herman Slatman
9c6580ccd2
Fix macOS SCEP client issues
Fixes #746
2022-01-14 10:48:23 +01:00
Ahmet DEMIR
26d7b70957
feat(cas): add generic Config parameter to allow more flexible configuration on CAS 2022-01-13 20:31:37 +01:00
Ahmet DEMIR
68b980d689
feat(authority): avoid hardcoded cn in authority csr 2022-01-13 20:30:54 +01:00
Herman Slatman
988efc8cd4
Merge pull request #792 from smallstep/herman/improve-template-errors
Improve errors related to template execution failures
2022-01-12 21:38:51 +01:00
Carl Tashian
9848caf49f Create the db directory on step ca init 2022-01-12 12:35:37 -08:00
Herman Slatman
50c3bce98d
Change if/if to if/else-if when checking the type of JSON error 2022-01-12 21:34:38 +01:00
max furman
4afcdd55ff Update doc line on WithSSHGetHosts 2022-01-12 12:25:04 -08:00
Herman Slatman
a3cf6bac36
Add special handling for *json.UnmarshalTypeError 2022-01-12 11:15:39 +01:00
Herman Slatman
0475a4d26f
Refactor extraction of JSON template syntax errors 2022-01-12 10:41:36 +01:00
Mariano Cano
57f9e54151
Merge pull request #785 from smallstep/nebulous
Add initial implementation of a nebula provisioner
2022-01-11 17:50:40 -08:00
Herman Slatman
a5455d3572
Improve errors related to template execution failures (slightly) 2022-01-10 15:49:37 +01:00
Mariano Cano
de549adf2d Do not add extra new lines when creating nebula provisioners 2022-01-07 11:24:59 -08:00
Mariano Cano
0920224816 Fix error message. 2022-01-07 11:09:32 -08:00