Commit graph

279 commits

Author SHA1 Message Date
Mariano Cano
9f7f871f25 Add noop provisioner and use it if a provisioner cannot been found from a cert. 2019-03-07 16:05:13 -08:00
Mariano Cano
47817ab212 Fix interface type. 2019-03-07 16:04:56 -08:00
Mariano Cano
cc8764c343 Initialize the list for backward compatibility. 2019-03-07 16:04:29 -08:00
Mariano Cano
c0ef6f8dc5 Add missing modifier and change return codes. 2019-03-07 16:03:38 -08:00
Mariano Cano
a97ea87caa Move options to provisioner so we can set the duration of the cert. 2019-03-07 15:14:18 -08:00
Mariano Cano
507fd01062 Remove provisioner intermediate type. 2019-03-07 13:07:39 -08:00
Mariano Cano
1671ab2590 Fix some tests. 2019-03-07 12:15:18 -08:00
Mariano Cano
d92a7f2948 Rename provisioner to jwk. 2019-03-06 18:36:35 -08:00
Mariano Cano
a1782733fe Rename files. 2019-03-06 18:33:40 -08:00
Mariano Cano
2d00cd0933 Validate audiences in the default provisioner. 2019-03-06 18:32:56 -08:00
Mariano Cano
33c1449360 Remove deprecated file. 2019-03-06 17:42:17 -08:00
Mariano Cano
57b705f6cf Use provisioner sign options. 2019-03-06 17:37:49 -08:00
Mariano Cano
9d4034fbf6 Remove unused code. 2019-03-06 17:37:08 -08:00
Mariano Cano
6d395f3818 Add missing validy validator to oidc. 2019-03-06 17:30:14 -08:00
Mariano Cano
602a42813c Re-enable replay protection for JWK provisioner. 2019-03-06 17:00:45 -08:00
Mariano Cano
ab1cca03d7 Use new provisioners in authorize methods. 2019-03-06 15:04:28 -08:00
Mariano Cano
54ed49f072 Rename package. 2019-03-06 15:01:51 -08:00
Mariano Cano
c776ca3bd6 Use provisioner.Collection to store and request the provisioners. 2019-03-06 15:00:23 -08:00
Mariano Cano
34833d4fd5 Add validators from the authority package. 2019-03-06 14:58:46 -08:00
Mariano Cano
0dee841a4f Complete first version of provisioner implementations. 2019-03-06 14:54:56 -08:00
Mariano Cano
7eb6eb1d3e Complete provisioner.Claims with methods from authority. 2019-03-06 14:51:12 -08:00
Mariano Cano
fb77397fc7 Add new options to locate or list provisioners. 2019-03-06 14:50:13 -08:00
Mariano Cano
34ff388828 Use new types in config. 2019-03-06 14:49:25 -08:00
Mariano Cano
62dab7b6b8 Rename interface method. 2019-03-05 14:52:26 -08:00
Mariano Cano
5a8f78d9d0 Add support to collection to load the encrypted keys. 2019-03-05 14:45:57 -08:00
Mariano Cano
dd0376657c Move collection to a new file. 2019-03-05 14:28:32 -08:00
Mariano Cano
4b2b6ffe32 Create the provisioner type used to englobe all different provisioners. 2019-03-05 12:42:49 -08:00
Mariano Cano
bed3132028 Move provisioner to authority/provisioner package. 2019-03-04 18:19:14 -08:00
Mariano Cano
fc0b2ca5a6 Revert "Move provisioners to authority/provisioner package."
This reverts commit f88d622a67.
2019-03-04 18:17:35 -08:00
Mariano Cano
f88d622a67 Move provisioners to authority/provisioner package. 2019-03-04 18:10:19 -08:00
Mariano Cano
a2a45f635b Add initial implementation of an OIDC provisioner. 2019-03-04 17:58:20 -08:00
max furman
229e5908b7 Added test for different authority key id after renew
Also ran dep ensure.
2019-02-14 19:17:42 -08:00
Mariano Cano
d78febec7a Fix extensions copy on renew
Fixes #36
2019-02-14 16:44:36 -08:00
max furman
7e43402575 bug fix: don't add common name to CSR validation claims in Sign
* added unit test for this case
2019-02-06 16:26:25 -08:00
max furman
3415a1fef8 move SplitSANs to cli 2019-02-05 19:32:01 -08:00
max furman
6937bfea7b claims.SANS -> claims.SANs 2019-02-04 20:22:02 -08:00
max furman
93f39c64a0 backwards compat only when SANS empty 2019-02-04 20:02:56 -08:00
max furman
fe8c8614b2 SANS backwards compat when token missing sujbect SAN 2019-02-01 12:18:10 -06:00
max furman
e6e8443f3c allow multiple identical SANs in cert 2019-01-31 11:20:21 -06:00
max furman
f0683c2e0a Enable signing certificates with custom SANs
* validate against SANs in token. must be 1:1 equivalent.
2019-01-30 18:21:03 -06:00
Derrick Lyndon Pallas
7a5c4a1112 authority/provisioners: fix overflow on 32-bit systems
In Go, len returns signed ints, not unsigned ints; consequently, this code
comparison overflows on 32-bit systems, like ARM.
2019-01-28 00:54:15 +00:00
max furman
2c72ada610 remove dead code 2019-01-20 21:37:12 -08:00
max furman
6dc89f46d8 make Duration public 2019-01-20 21:33:14 -08:00
max furman
0615f7eb11 don't wrap time.Duration 2019-01-18 12:08:18 -08:00
max furman
4b742042ee make Duration wrapper publicly accessible 2019-01-18 10:39:12 -08:00
Mariano Cano
e8ac3f4888 Add comment to differentiate GetRootCertificates and GetRoots. 2019-01-14 18:11:55 -08:00
Mariano Cano
6e620073f5 Rename method Empties to HasEmpties 2019-01-14 18:11:55 -08:00
max furman
cfbb2a6f41 method documentation grammar fix 2019-01-14 17:55:01 -08:00
Mariano Cano
518b597535 Remove mTLS client requirement in /roots and /federation 2019-01-11 19:08:08 -08:00
Mariano Cano
1763ede99d Add tests for new methods. 2019-01-10 13:19:51 -08:00
Mariano Cano
d296cf95a9 Add mTLS request to get all the root CAs, not the federated ones. 2019-01-07 17:48:56 -08:00
Mariano Cano
98cc243a37 Add support for multiple roots. 2019-01-07 15:30:28 -08:00
Mariano Cano
722bcb7e7a Add initial support for federated root certificates. 2019-01-04 17:51:32 -08:00
Mariano Cano
7e95fc0e45 Strip ports on audience check.
Services might have proxies behind them so we cannot rely on them.
Fixes #17
2018-12-21 15:27:22 -08:00
Mariano Cano
9b87e08faf Do not require the port in the audience check.
Fixes #17
2018-12-21 14:04:22 -08:00
Mariano Cano
7da1d1adc2 Fix typo. 2018-11-01 15:51:20 -07:00
Mariano Cano
d6cad2a7f3 Add provisioner option to disable renewal.
Fixes smallstep/ca-component#108
2018-11-01 15:43:24 -07:00
max furman
c74fcd57a7 ca-component -> certificates
* fix redundant error check
* add README
2018-10-31 21:36:01 -07:00
Mariano Cano
428661f472 Use name instead of issuer in error message. 2018-10-30 15:25:52 -07:00
max furman
0d9dd2d14b provisioner issuer -> name 2018-10-29 18:00:30 -07:00
Mariano Cano
ea0307239a Fix dead code and add missing error check. 2018-10-26 15:05:37 -07:00
Mariano Cano
d574545d94 Format code with gofmt -s 2018-10-26 15:01:02 -07:00
max furman
7fa06643b2 change step provisioner OID and ASN1 representation 2018-10-26 14:24:16 -07:00
max furman
b457b15292 fix: omit empty claims in AuthConfig 2018-10-26 10:51:40 -07:00
max furman
ca6087145f fix unit test 2018-10-25 23:55:31 -07:00
max furman
a4a461466b withProvisionerOID and unit test 2018-10-25 23:49:23 -07:00
max furman
283dc42904 add unit tests for MatchOne (token audience) and Authority.New 2018-10-25 15:17:22 -07:00
Mariano Cano
0ccf775f2e Add support for cursors in the api. 2018-10-25 18:53:13 -07:00
Mariano Cano
1de8eb4bfa Fix provisioner package move. 2018-10-25 17:27:40 -07:00
Mariano Cano
1db177b80d Add backend support for provisioners with cursors.
Fixes #83
2018-10-25 15:40:12 -07:00
max furman
d2872564b4 accidentally removed DisableIssuedAtCheck during merge 2018-10-25 00:15:17 -07:00
max furman
ee7db4006a change sign + authorize authority api | add provisioners
* authorize returns []interface{}
 - operators in this list can conform to any interface the user decides
 - our implementation has a combination of certificate claim validators
 and certificate template modifiers.
* provisioners can set and enforce tls cert options
2018-10-18 22:26:39 -07:00
Mariano Cano
1c1ac1b3fb Add disableIssuedAt check functionality
Fixes #86
2018-10-24 18:59:48 -07:00
Mariano Cano
69da47a727 Set audience using the sign url. 2018-10-19 18:25:59 -07:00
max furman
0b5f6487e1 change provisioners api
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
2018-10-11 23:03:00 -07:00
max furman
f1dc00c810 add Provisioner config validation 2018-10-08 23:25:18 -07:00
max furman
0e904989d2 add unit tests for authority.Provisioners api 2018-10-08 22:40:07 -07:00
max furman
d773770a44 add authority.New unit tests 2018-10-08 21:48:44 -07:00
max furman
c284a2c0ab first commit 2018-10-05 21:48:36 +00:00