Commit graph

3021 commits

Author SHA1 Message Date
Mariano Cano
ed778b7fc1
Merge pull request #956 from shuLhan/kms-uri-test-go119
kms/uri: fix test on Parse for the next Go release
2022-06-16 10:45:27 -07:00
Shulhan
0e7257a236
kms/uri: fix test on Parse for the next Go release
The next Go release add field OmitHost to url.URL [1] which cause the
TestParse fail.
Since the CI supports two consecutive Go versions at the same times, we
copy the uri_test.go to uri_119_test.go for testing with Go 1.19.

While at it, print the got and want object using the same format
(%#v) and type (*URL) for consistency.

[1] https://go-review.googlesource.com/c/go/+/391294
2022-06-17 00:32:08 +07:00
Mariano Cano
31af1efa48 Sign certificates with the issuer signature algorithm
An RSA key can sign another certificates using the RSA PKCS#1
and the RSA-PSS scheme, this change will keep the signature
algorithm used in the issuer in the signed certificates instead
of using PKCS#1 by default.
2022-06-15 19:10:58 -07:00
Mariano Cano
34f926804d
Merge pull request #954 from shuLhan/shulhan-gofmt
all: reformat all go files with the next gofmt (Go 1.19)
2022-06-15 18:11:51 -07:00
Mariano Cano
0b748f2d03
Merge pull request #955 from shuLhan/cas-cloudcas-test-go119
cas/cloudcas: update test on createPublicKey for the next Go release
2022-06-15 17:17:04 -07:00
Shulhan
ee53530d1f
cas/cloudcas: update test on createPublicKey for the next Go release
The next Go release call panic on elliptic.Marshal [1][2], which
affect the test case fail_ec_marshal on createPublicKey.

This changes fix this by initializing the P and B in test case
PublicKey CurveParams to prevent panic.

[1] https://github.com/golang/go/issues/50975
[2] a218b3520a
2022-06-16 03:01:38 +07:00
Shulhan
fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19)
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
2022-06-16 01:28:59 +07:00
Mariano Cano
304cc5a70f
Merge pull request #950 from gdbelvin/pinsrc
step-pkcs11-init pin-file support
2022-06-09 14:41:11 -07:00
Gary Belvin
fed09047f9 pinfile 2022-06-09 13:51:14 -04:00
Max
34d141e4d5
Merge pull request #945 from smallstep/changelog-update
Update changelog
2022-05-26 11:06:30 -07:00
max furman
5e56a7b4ec Changelog update for 0.20.0
- added line for new WithOptions on authority Init
2022-05-26 10:57:05 -07:00
Herman Slatman
b4b9893fcd Update changelog 2022-05-26 10:57:03 -07:00
Mariano Cano
6d580a69e8 Update changelog 2022-05-26 10:56:24 -07:00
Mariano Cano
de00e01f1b
Merge pull request #947 from smallstep/fix-ssh-revocation
Fix SSH certificate revocation
2022-05-25 17:24:45 -07:00
Mariano Cano
2adf8caac7 Fix Dependabot warning on an indirect dependency 2022-05-25 17:11:45 -07:00
Mariano Cano
9c049eec5a Add revoke ssh unit test 2022-05-25 17:10:07 -07:00
Mariano Cano
ce9a23a0f7 Fix SSH certificate revocation 2022-05-25 16:55:22 -07:00
Herman Slatman
abfbbc8d49
Merge pull request #946 from smallstep/herman/acme-csr-padding
Strip base64-url padding from ACME CSR
2022-05-25 23:25:34 +02:00
Herman Slatman
fd546287ac
Strip base64-url padding from ACME CSR
This commit strips the padding from a base64-url encoded CSR
submitted by a client that doesn't use raw base64-url encoding.
2022-05-25 22:46:26 +02:00
Herman Slatman
a564b4f32e
Merge pull request #944 from smallstep/herman/tls-wasm-client
Set nil dial context for js/wasm runtime
2022-05-25 22:35:18 +02:00
Herman Slatman
a7dd3a986f
Set nil dial context for js/wasm runtime 2022-05-25 16:51:26 +02:00
Mariano Cano
911cec21da
Merge pull request #943 from smallstep/ssh-renew-provisioner
Add provisioner to SSH renewals
2022-05-23 17:21:55 -07:00
Mariano Cano
94f5b92513 Use proper context in authority package 2022-05-23 15:31:43 -07:00
Mariano Cano
1be74eca62 Merge branch 'master' into ssh-renew-provisioner 2022-05-23 14:31:15 -07:00
Mariano Cano
539bfddba5
Merge pull request #914 from smallstep/context-authority
Retrieve authority from the context
2022-05-23 14:12:58 -07:00
Mariano Cano
e7f4eaf6c4 Remove explicit deprecation notice
This will avoid linter errors on other projects for now.
2022-05-23 14:04:31 -07:00
Mariano Cano
26dd97e718 Merge branch 'master' into context-authority 2022-05-23 12:36:16 -07:00
Mariano Cano
02fd0e7170
Merge pull request #913 from delamart/master
Vault Kubernetes Auth
2022-05-23 12:08:01 -07:00
Erik DeLamarter
07984a968f
better error messages
Co-authored-by: Mariano Cano <mariano.cano@gmail.com>
2022-05-21 21:11:52 +02:00
Erik De Lamarter
9ec154aab0
rewrite and improve secret-id config 2022-05-21 21:06:15 +02:00
Erik De Lamarter
6989c7f146
vault auth unit tests 2022-05-21 21:06:15 +02:00
Erik De Lamarter
6c44291d8d
refactor vault auth 2022-05-21 21:06:15 +02:00
Erik De Lamarter
dec1067add
vault kubernetes auth 2022-05-21 21:06:14 +02:00
Mariano Cano
6b3a8f22f3 Add provisioner to SSH renewals
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
2022-05-20 14:41:44 -07:00
Mariano Cano
3c4d0412ef
Merge pull request #941 from smallstep/ssh-provisioner
Report SSH provisioner
2022-05-20 12:24:30 -07:00
Mariano Cano
eebbd65dd5 Fix linter error 2022-05-20 12:03:36 -07:00
Max
f8148071fb
Merge pull request #915 from smallstep/max/removing-beta
exposing authority configuration for provisioner cli commands
2022-05-19 22:53:59 -07:00
max furman
5443aa073a gofmt -s 2022-05-19 22:46:25 -07:00
max furman
8ca9442fe9 Add -s to make fmt and bump golangci-lint to 1.45.2 2022-05-19 22:40:47 -07:00
Max
586e4fd3b5
Update authority/options.go
Co-authored-by: Mariano Cano <mariano@smallstep.com>
2022-05-19 22:26:20 -07:00
Mariano Cano
1ad75a3bdb Skip failing test for now
This test fails randomly on VMs, there's an issue to fix this so
skipping it for now
2022-05-19 18:51:51 -07:00
Mariano Cano
dd985ce154 Clarify errors when sending renewed certificates 2022-05-19 18:41:13 -07:00
Mariano Cano
a627f21440 Fix AuthorizeSSHSign tests with extra SignOption 2022-05-18 18:51:36 -07:00
Mariano Cano
e7d7eb1a94 Add provisioner as a signOption for SSH 2022-05-18 18:42:42 -07:00
Mariano Cano
293586079a Store provisioner with SignSSH
This change also allows to store the old certificate on renewal on
linkedca or if the db interface supports it.
2022-05-18 18:33:53 -07:00
Mariano Cano
c8d7ad7ab9 Fix store certificates methods with new interface 2022-05-18 18:33:22 -07:00
Mariano Cano
de99c3cac0 Report provisioner and parent on linkedca 2022-05-18 18:30:53 -07:00
Mariano Cano
20b2c6a201 Extract cert storer methods from AuthDB
To be able to extend the AuthDB with methods that also extend the
provisioner we need to either create a new method or to split the
interface. This change splits the interface so we can have a cleaner
implementation.
2022-05-18 18:27:37 -07:00
Herman Slatman
9e05cc4d51
Merge pull request #940 from smallstep/herman/improve-renew-expired-cert-error
Improve error message when client renews with expired certificate
2022-05-19 01:46:01 +02:00
Herman Slatman
479eda7339
Improve error message when client renews with expired certificate
When a client provides an expired certificate and `AllowAfterExpiry`
is not enabled, the client would get a rather generic error with
instructions to view the CA logs. Viewing the CA logs can be done
when running `step-ca`, but they can't be accessed easily in the
hosted solution.

This commit returns a slightly more informational message to the
client in this specific situation.
2022-05-19 01:25:30 +02:00