Mariano Cano
|
23045e1812
|
Clarify comments by code review
|
2022-09-22 11:05:06 -07:00 |
|
max furman
|
4c7a2ce3eb
|
Fix errors.As linter warnings
|
2022-09-22 00:04:31 -07:00 |
|
Mariano Cano
|
15dc7901e5
|
Fix unit tests
|
2022-09-21 18:46:46 -07:00 |
|
Mariano Cano
|
d68c765e20
|
Add context to errors
|
2022-09-21 18:46:34 -07:00 |
|
Mariano Cano
|
72e2c4eb2e
|
Render proper policy and constrains errors
|
2022-09-21 18:35:18 -07:00 |
|
Mariano Cano
|
4b79405dac
|
Check constraints and policy for leaf certificates too
|
2022-09-21 15:54:28 -07:00 |
|
Mariano Cano
|
a6e85cbbf6
|
Fix linter errors
|
2022-09-21 14:56:15 -07:00 |
|
Mariano Cano
|
325d8bca4f
|
Merge branch 'master' into name-constraints
|
2022-09-21 13:29:44 -07:00 |
|
max furman
|
2d4efc8292
|
Fix linter warnings
|
2022-09-21 12:29:20 -07:00 |
|
max furman
|
75bb196193
|
Add concurrency workflow config | fix broken test due to golang ver
|
2022-09-21 12:26:45 -07:00 |
|
max furman
|
120629edab
|
Do not use the templateError in the BadRequestErr
|
2022-09-20 23:07:16 -07:00 |
|
max furman
|
7c5e5b2b87
|
Even more linter fixes
|
2022-09-20 21:48:04 -07:00 |
|
max furman
|
f3d1863ec6
|
A few more linter errors
|
2022-09-20 21:01:55 -07:00 |
|
max furman
|
1e0ea6f958
|
more linting fixes
|
2022-09-20 19:05:12 -07:00 |
|
max furman
|
33458c88aa
|
Standardize linting file and fix or ignore lots of linting errors
|
2022-09-20 19:05:12 -07:00 |
|
Mariano Cano
|
f0a24bd8ca
|
Add acme property to enable challenges
Fixes #1027
|
2022-09-20 19:01:53 -07:00 |
|
Mariano Cano
|
567d96c771
|
Revert "Run on plaintext HTTP to support Cloud Run"
This reverts commit 09b9673a60 .
|
2022-09-20 18:57:46 -07:00 |
|
Mariano Cano
|
191d9e8629
|
Use go.step.sm/crypto to set the permanent identifier
|
2022-09-20 18:57:43 -07:00 |
|
Mariano Cano
|
debe565e42
|
Validate constraints on Sign and Renew/Rekey
Fixes #1060
|
2022-09-20 18:52:47 -07:00 |
|
Mariano Cano
|
89b6aa924a
|
Normalize IPs in matchIPConstraint
|
2022-09-20 18:44:15 -07:00 |
|
Brandon Weeks
|
f3d2bd7a19
|
Run on plaintext HTTP to support Cloud Run
|
2022-09-20 16:43:30 -07:00 |
|
Herman Slatman
|
25cbe02b9e
|
Add provisioner template validation
Fixes #1012
|
2022-09-20 16:40:25 -07:00 |
|
Max
|
2de7d3fcf0
|
Update authority/provisioner/claims.go
Co-authored-by: Mariano Cano <mariano@smallstep.com>
|
2022-09-20 16:35:43 -07:00 |
|
max furman
|
ab0d2503ae
|
Standardize linting file and fix or ignore lots of linting errors
|
2022-09-20 16:35:41 -07:00 |
|
Mariano Cano
|
3f58f30b21
|
Name tests properly
|
2022-09-20 15:53:08 -07:00 |
|
Mariano Cano
|
75bff055fc
|
Add StatusCoder to ConstraintError
|
2022-09-20 14:45:47 -07:00 |
|
Mariano Cano
|
2959aa676d
|
Add helper ValidateCertificate
|
2022-09-20 13:12:34 -07:00 |
|
Mariano Cano
|
8b54e25f64
|
Allow nil engines
|
2022-09-20 12:33:03 -07:00 |
|
Mariano Cano
|
2a15e3eee1
|
Rename constraint.Service to constraint.Engine
|
2022-09-20 11:38:32 -07:00 |
|
Mariano Cano
|
45e594f98c
|
Make the constraint service public
|
2022-09-20 11:36:45 -07:00 |
|
Mariano Cano
|
7bea2f4d0e
|
Add more constraint unit tests
|
2022-09-20 11:33:36 -07:00 |
|
Mariano Cano
|
495494ce8f
|
Return a typed error
|
2022-09-20 10:36:44 -07:00 |
|
Mariano Cano
|
6686f0437d
|
Remove x509 prefixes
|
2022-09-20 10:23:51 -07:00 |
|
Mariano Cano
|
0263468424
|
Initial work on name constraints validation
Issue #1060
|
2022-09-19 19:45:13 -07:00 |
|
Mariano Cano
|
34c6c65671
|
Pass attestation information to the Sign method
Attestation information might be useful in authorizing webhooks
|
2022-09-16 12:37:41 -07:00 |
|
Mariano Cano
|
42102d88d5
|
Fix merge and add unit tests
|
2022-09-15 15:50:04 -07:00 |
|
Mariano Cano
|
ee7307bd41
|
Cherry-pick acme.go from acdfdf3
|
2022-09-15 14:45:14 -07:00 |
|
Mariano Cano
|
8fc4a58242
|
Fix nil pointer exception, missing error
|
2022-09-15 13:05:39 -07:00 |
|
Raal Goff
|
40baf73dff
|
remove incorrect check on revoked certificate dates, add mutex lock for generating CRLs,
|
2022-09-15 15:03:42 +08:00 |
|
Mariano Cano
|
4e19aa4c52
|
Add cache duration if crl is set
|
2022-09-14 12:21:52 -07:00 |
|
Mariano Cano
|
0829f37fe8
|
Define a default crl cache duration
|
2022-09-14 11:43:58 -07:00 |
|
Mariano Cano
|
4a4f7ca9ba
|
Fix panic if cacheDuration is not set
|
2022-09-14 11:16:47 -07:00 |
|
Mariano Cano
|
bb0210e875
|
Fix typo in linkedca variable
|
2022-09-09 14:34:32 -07:00 |
|
Mariano Cano
|
1e098aef5b
|
Fixes ACMEAttestationFormat comment
|
2022-09-09 10:57:32 -07:00 |
|
Mariano Cano
|
66407139e5
|
Add methods to convert attestation formats
|
2022-09-08 17:49:24 -07:00 |
|
Mariano Cano
|
ba42aaf865
|
Add attestationFormat property in the ACME provisioner
|
2022-09-08 17:16:50 -07:00 |
|
Mariano Cano
|
b2119e9f2c
|
Merge pull request #977 from smallstep/device-attestation
Device attestation
|
2022-09-08 13:26:28 -07:00 |
|
Mariano Cano
|
fd4e96d1f4
|
Rename method to IsChallengeEnabled
|
2022-09-08 13:22:35 -07:00 |
|
Mariano Cano
|
c77b4ff9c5
|
Fix linter errors
|
2022-09-08 12:49:16 -07:00 |
|
Mariano Cano
|
59c5219a07
|
Use a type for acme challenges
|
2022-09-08 12:34:06 -07:00 |
|
Raal Goff
|
924082bb49
|
fix linter errors
|
2022-09-08 10:09:37 +08:00 |
|
Raal Goff
|
d2483f3a70
|
Merge branch 'master' into crl-support
# Conflicts:
# authority/config/config.go
|
2022-09-08 09:45:04 +08:00 |
|
Raal Goff
|
b89f210469
|
remove fail-email test and add ok-empty-email test
|
2022-09-07 07:45:27 +08:00 |
|
Mariano Cano
|
a2749ca8ed
|
Merge branch 'master' into device-attestation
|
2022-09-06 12:29:06 -07:00 |
|
Raal Goff
|
7a03c43fe2
|
allow missing Email claim in OIDC tokens, use subject when its missing
|
2022-09-05 12:43:32 +08:00 |
|
Mariano Cano
|
1938b1bb34
|
Merge branch 'master' into herman/fix-template-validation
|
2022-08-25 13:31:33 -07:00 |
|
Mariano Cano
|
1d1e024b84
|
Upgrade to go.step.sm/crypto v0.18.0
|
2022-08-25 12:40:31 -07:00 |
|
Mariano Cano
|
f1c63bc38d
|
Fix challenge mapping
|
2022-08-24 19:30:28 -07:00 |
|
Mariano Cano
|
df96b126dc
|
Add AuthorizeChallenge unit tests
|
2022-08-24 12:31:09 -07:00 |
|
Mariano Cano
|
bca311b05e
|
Add acme property to enable challenges
Fixes #1027
|
2022-08-23 17:11:40 -07:00 |
|
Herman Slatman
|
6b7b989988
|
Add provisioner template validation
Fixes #1012
|
2022-08-23 16:27:49 +02:00 |
|
Mariano Cano
|
693dc39481
|
Merge branch 'master' into device-attestation
|
2022-08-22 17:59:17 -07:00 |
|
Mariano Cano
|
b1e9d5ee86
|
Revert "Run on plaintext HTTP to support Cloud Run"
This reverts commit 09b9673a60 .
|
2022-08-22 17:50:14 -07:00 |
|
Mariano Cano
|
23b8f45b37
|
Address gosec warnings
Most if not all false positives
|
2022-08-18 17:46:20 -07:00 |
|
Mariano Cano
|
0c7467ceb2
|
Allow to automatically configure and linked RA
|
2022-08-16 14:39:02 -07:00 |
|
Mariano Cano
|
5e0be92273
|
Allow option to skip the validation of config
|
2022-08-16 14:04:04 -07:00 |
|
Mariano Cano
|
b62f4d1000
|
Add lgtm comments on some security warnings
|
2022-08-11 17:32:57 -07:00 |
|
Mariano Cano
|
a5439c43cd
|
Remove ciphersuites without Lucky13 countermeasures
SHA-256 variants of the CBC ciphersuites don't implement any Lucky13
countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and
https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
|
2022-08-11 17:11:04 -07:00 |
|
Mariano Cano
|
8bd0174251
|
Rename field to IsCAServerCert
|
2022-08-11 15:14:26 -07:00 |
|
Mariano Cano
|
5df1694250
|
Add endpoint id for the RA certificate
In a linked RA mode, send an endpoint id to group the server
certificates.
|
2022-08-11 14:47:11 -07:00 |
|
Mariano Cano
|
eb091aec54
|
Simplify field names for ProvisionerInfo
|
2022-08-10 17:44:14 -07:00 |
|
Mariano Cano
|
21427d5d65
|
Replace instead of prepend provisioner extension
With non standard SANs this will generate the SAN and provisioner
extension in the same order.
|
2022-08-09 16:48:00 -07:00 |
|
Mariano Cano
|
369b8f81c3
|
Use go.step.sm/crypto/kms
Fixes #975
|
2022-08-08 17:58:18 -07:00 |
|
Mariano Cano
|
e02a190fa7
|
Merge branch 'master' into device-attestation
|
2022-08-08 17:29:59 -07:00 |
|
Max
|
3e2729e391
|
Merge pull request #989 from smallstep/max/disable-ssh-hosts
Add attribute to disable SSH Hosts list API
|
2022-08-08 14:15:35 -07:00 |
|
max furman
|
99c9155467
|
disableSSHHostsListAPI -> disableGetSSHHosts
|
2022-08-04 18:44:44 -07:00 |
|
Mariano Cano
|
64744562c6
|
Send RA provisioner to linkedca.
|
2022-08-03 18:44:25 -07:00 |
|
Mariano Cano
|
6b5d3dca95
|
Add provisioner name to RA info
|
2022-08-03 18:44:04 -07:00 |
|
Mariano Cano
|
a1f54921d2
|
Rename internal field
|
2022-08-03 12:07:45 -07:00 |
|
Mariano Cano
|
f9df8ac05f
|
Remove unused interface
|
2022-08-03 12:03:49 -07:00 |
|
Mariano Cano
|
9408d0f24b
|
Send RA provisioner information to the CA
|
2022-08-02 19:28:49 -07:00 |
|
max furman
|
fb7f57a8df
|
Add attribute to disable SSH Hosts list API
|
2022-07-27 23:30:00 -07:00 |
|
Raal Goff
|
60671b07d7
|
Merge branch 'master' into crl-support
# Conflicts:
# api/api.go
# authority/config/config.go
# cas/softcas/softcas.go
# db/db.go
|
2022-07-13 08:52:58 +08:00 |
|
Brandon Weeks
|
09b9673a60
|
Run on plaintext HTTP to support Cloud Run
|
2022-06-23 05:19:36 +10:00 |
|
Shulhan
|
fe04f93d7f
|
all: reformat all go files with the next gofmt (Go 1.19)
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
|
2022-06-16 01:28:59 +07:00 |
|
Mariano Cano
|
9c049eec5a
|
Add revoke ssh unit test
|
2022-05-25 17:10:07 -07:00 |
|
Mariano Cano
|
ce9a23a0f7
|
Fix SSH certificate revocation
|
2022-05-25 16:55:22 -07:00 |
|
Mariano Cano
|
911cec21da
|
Merge pull request #943 from smallstep/ssh-renew-provisioner
Add provisioner to SSH renewals
|
2022-05-23 17:21:55 -07:00 |
|
Mariano Cano
|
94f5b92513
|
Use proper context in authority package
|
2022-05-23 15:31:43 -07:00 |
|
Mariano Cano
|
1be74eca62
|
Merge branch 'master' into ssh-renew-provisioner
|
2022-05-23 14:31:15 -07:00 |
|
Mariano Cano
|
26dd97e718
|
Merge branch 'master' into context-authority
|
2022-05-23 12:36:16 -07:00 |
|
Mariano Cano
|
6b3a8f22f3
|
Add provisioner to SSH renewals
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
|
2022-05-20 14:41:44 -07:00 |
|
Mariano Cano
|
3c4d0412ef
|
Merge pull request #941 from smallstep/ssh-provisioner
Report SSH provisioner
|
2022-05-20 12:24:30 -07:00 |
|
Max
|
f8148071fb
|
Merge pull request #915 from smallstep/max/removing-beta
exposing authority configuration for provisioner cli commands
|
2022-05-19 22:53:59 -07:00 |
|
max furman
|
5443aa073a
|
gofmt -s
|
2022-05-19 22:46:25 -07:00 |
|
Max
|
586e4fd3b5
|
Update authority/options.go
Co-authored-by: Mariano Cano <mariano@smallstep.com>
|
2022-05-19 22:26:20 -07:00 |
|
Mariano Cano
|
dd985ce154
|
Clarify errors when sending renewed certificates
|
2022-05-19 18:41:13 -07:00 |
|
Mariano Cano
|
a627f21440
|
Fix AuthorizeSSHSign tests with extra SignOption
|
2022-05-18 18:51:36 -07:00 |
|
Mariano Cano
|
e7d7eb1a94
|
Add provisioner as a signOption for SSH
|
2022-05-18 18:42:42 -07:00 |
|
Mariano Cano
|
293586079a
|
Store provisioner with SignSSH
This change also allows to store the old certificate on renewal on
linkedca or if the db interface supports it.
|
2022-05-18 18:33:53 -07:00 |
|