Commit graph

80 commits

Author SHA1 Message Date
Raal Goff
d417ce3232 implement changes from review 2022-04-06 08:23:53 +08:00
Raal Goff
e8fdb703c9 initial support for CRL 2022-04-06 08:19:45 +08:00
Mariano Cano
abf5fc32a3 Format comment. 2022-03-29 14:26:17 -07:00
Mariano Cano
c480936ba4 Split comments. 2022-03-29 12:02:17 -07:00
Mariano Cano
955d4cf80d Add authority.WithX509SignerFunc
This change adds a new authority option that allows to pass a callback
that returns the certificate chain and signer used to sign X.509
certificates.

This option will be used by Caddy, they renew the intermediate
certificate weekly and there's no other way to replace it without
re-creating the embedded CA.

Fixes #874
2022-03-28 17:54:35 -07:00
Herman Slatman
ad041d6bb7
Fix deprecation of grpc.WithInsecure option
With the update of go.step.sm/linkedca grpc.WithInsecure was
deprecated. This commit fixes this by setting up the (insecure)
connection using the new method.
2022-01-21 16:17:40 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
Mariano Cano
e15b5faf7d Merge branch 'master' into keyvault 2021-10-12 15:15:35 -07:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Mariano Cano
52a18e0c2d Add key name to CreateCertificateAuthority 2021-10-07 14:19:39 -07:00
Mariano Cano
e4e799ca85 Fix typos in comment. 2021-09-09 12:45:29 -07:00
Mariano Cano
6d644880bd Allow to kms signers to define the SignatureAlgorithm
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.

On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
2021-09-08 17:48:50 -07:00
Mariano Cano
de719eb6f0 Add an option to avoid password prompts on step cas
When we are using `step ca init` to create a stepcas RA we don't
have access to the password for verify the provisioner.
2021-08-04 16:16:35 -07:00
max furman
77fdfc9fa3 Merge branch 'master' into max/cert-mgr-crud 2021-07-02 20:26:46 -07:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
Mariano Cano
35e6cc275a Fix typos in comments. 2021-06-23 09:35:14 +02:00
Mariano Cano
dce1b290bd Remove debug statements. 2021-06-08 17:57:24 -07:00
Mariano Cano
ac3c754a6d Use known CA and add tier and gcs bucket options. 2021-06-08 17:43:52 -07:00
Mariano Cano
529eb4bae9 Rename CAPool to CaPool. 2021-06-07 19:20:23 -07:00
Mariano Cano
9db68db509 Add tests with cloudCAS EnableCertificateAuthority. 2021-06-07 19:17:30 -07:00
Mariano Cano
48bc4e549d Fix cloudcas tests. 2021-06-07 15:53:29 -07:00
Mariano Cano
072bd0dcf4 Add support for Google CAS v1 2021-06-03 19:31:19 -07:00
Herman Slatman
491c2b8d93 Improve initialization of SCEP authority 2021-05-26 16:10:21 -07:00
Herman Slatman
2a249d20de Refactor initialization of SCEP authority 2021-05-26 16:04:19 -07:00
Herman Slatman
c5e4ea08b3
Merge branch 'master' into hs/scep 2021-03-26 15:22:41 +01:00
Mariano Cano
84018ec71b Clarify comment. 2021-03-25 11:07:58 -07:00
Mariano Cano
a9297100d8 Allow to configure the JWK using the encrypted key. 2021-03-24 19:05:56 -07:00
Mariano Cano
d9f93ccfde Fix typo. 2021-03-24 12:06:29 -07:00
Mariano Cano
edc7c4d90e Add support for password encrypted files 2021-03-23 17:54:42 -07:00
Mariano Cano
80542d6d9a Add JWK as an issuer for stepcas. 2021-03-23 16:14:49 -07:00
Mariano Cano
ce3e6bfdf6 Fix linting errors. 2021-03-22 13:45:20 -07:00
Mariano Cano
96de4e6ec8 Return a non-implemented error in stepcas.RenewCertificate. 2021-03-22 12:56:12 -07:00
Mariano Cano
348815f4f6 Fix error message. 2021-03-22 11:51:11 -07:00
Herman Slatman
583d60dc0d
Address (most) PR comments 2021-03-21 16:42:41 +01:00
Mariano Cano
e7a6c46e54 Fix linting errors. 2021-03-19 14:21:47 -07:00
Mariano Cano
08e75b614e Do not depend on Go 1.16. 2021-03-19 13:23:32 -07:00
Mariano Cano
6fd6270e7d Remove debug statements. 2021-03-19 13:21:14 -07:00
Mariano Cano
7958f6ebb5 Add support for lifetime. 2021-03-19 13:19:49 -07:00
Mariano Cano
ae4b8f58b8 Add support for emails, ips and uris. 2021-03-19 12:02:03 -07:00
Mariano Cano
dbb48ecf8d Add tests for stepcas. 2021-03-18 18:01:38 -07:00
Mariano Cano
bcf70206ac Add support for revocation using an extra provisioner in the RA. 2021-03-17 19:47:36 -07:00
Mariano Cano
a6115e29c2 Add initial implementation of StepCAS.
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
2021-03-17 19:33:35 -07:00
Herman Slatman
e1cab4966f
Improve initialization of SCEP authority 2021-03-12 15:49:39 +01:00
Herman Slatman
7ad90d10b3
Refactor initialization of SCEP authority 2021-02-26 00:32:21 +01:00
Miclain Keffeler
ffbfcfb1f2 format. 2020-12-28 18:46:21 -06:00
Miclain K Keffeler
7a1eb43bb1
Update options.go 2020-12-28 17:12:37 -06:00
Miclain K Keffeler
f3396bf964
Update softcas.go 2020-12-28 17:10:44 -06:00
Miclain Keffeler
7545b4a625 leverage intermediate_ca.crt for appending certs. 2020-12-23 22:41:10 -06:00
Mariano Cano
a97fab4119 Fix mispell. 2020-11-03 12:48:48 -08:00
Mariano Cano
b057c6677a Use test/bufconn instead of a real listener. 2020-11-03 12:45:31 -08:00