Mariano Cano
c480936ba4
Split comments.
2022-03-29 12:02:17 -07:00
Mariano Cano
955d4cf80d
Add authority.WithX509SignerFunc
...
This change adds a new authority option that allows to pass a callback
that returns the certificate chain and signer used to sign X.509
certificates.
This option will be used by Caddy, they renew the intermediate
certificate weekly and there's no other way to replace it without
re-creating the embedded CA.
Fixes #874
2022-03-28 17:54:35 -07:00
Mariano Cano
ae7b41a12c
Fix linter errors.
2022-02-16 18:33:33 -08:00
Mariano Cano
c0525381eb
Merge branch 'master' into feat/vault
2022-02-16 18:19:23 -08:00
Mariano Cano
d424159200
Fix certificate type identification
2022-02-16 18:09:20 -08:00
Mariano Cano
b3316c4a56
Refactor json Marshal+Unmarshal in one function.
2022-02-16 17:17:32 -08:00
Ahmet DEMIR
a9550a746f
fix: add back commented tests
2022-02-06 23:35:17 +01:00
Ahmet DEMIR
ab5197500c
fix: a certificat must excldue the root and you should use verified chained intermediate
2022-02-06 23:29:49 +01:00
Ahmet DEMIR
782ff76963
fix: apply suggestion to use cr only
2022-01-27 11:19:31 +01:00
Ahmet DEMIR
b49ac2501b
feat: enhance options and fix revoke plus more tests
2022-01-27 11:14:19 +01:00
Ahmet DEMIR
8ef3abf6d9
fix: minus d on Ed
2022-01-26 11:29:21 +01:00
Herman Slatman
ad041d6bb7
Fix deprecation of grpc.WithInsecure option
...
With the update of go.step.sm/linkedca grpc.WithInsecure was
deprecated. This commit fixes this by setting up the (insecure)
connection using the new method.
2022-01-21 16:17:40 +01:00
Ahmet DEMIR
d957a57e24
fix: apply mariano suggestions and fixes
...
* use json.RawMessage to remote mapstructure in options
* use vault secretid structure to support multiple source aka string, file and env
* remove log prefix
* return raw cert on error on newline for cert and csr
* clean sans, commonName in createCertificate (bad copy/paste from StepCAS)
* verify authority fingerprint
* convert serial on revoke to bigint, bytes and vault dashed representation
2022-01-20 10:16:47 +01:00
Ahmet DEMIR
16390694e1
feat(vault): adding hashicorp vault cas
2022-01-14 18:56:17 +01:00
Ahmet DEMIR
26d7b70957
feat(cas): add generic Config parameter to allow more flexible configuration on CAS
2022-01-13 20:31:37 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
2021-11-13 01:30:03 +01:00
Mariano Cano
e15b5faf7d
Merge branch 'master' into keyvault
2021-10-12 15:15:35 -07:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
Mariano Cano
52a18e0c2d
Add key name to CreateCertificateAuthority
2021-10-07 14:19:39 -07:00
Mariano Cano
e4e799ca85
Fix typos in comment.
2021-09-09 12:45:29 -07:00
Mariano Cano
6d644880bd
Allow to kms signers to define the SignatureAlgorithm
...
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.
On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
2021-09-08 17:48:50 -07:00
Mariano Cano
de719eb6f0
Add an option to avoid password prompts on step cas
...
When we are using `step ca init` to create a stepcas RA we don't
have access to the password for verify the provisioner.
2021-08-04 16:16:35 -07:00
max furman
77fdfc9fa3
Merge branch 'master' into max/cert-mgr-crud
2021-07-02 20:26:46 -07:00
max furman
9fdef64709
Admin level API for provisioner mgmt v1
2021-07-02 19:05:17 -07:00
Mariano Cano
35e6cc275a
Fix typos in comments.
2021-06-23 09:35:14 +02:00
Mariano Cano
dce1b290bd
Remove debug statements.
2021-06-08 17:57:24 -07:00
Mariano Cano
ac3c754a6d
Use known CA and add tier and gcs bucket options.
2021-06-08 17:43:52 -07:00
Mariano Cano
529eb4bae9
Rename CAPool to CaPool.
2021-06-07 19:20:23 -07:00
Mariano Cano
9db68db509
Add tests with cloudCAS EnableCertificateAuthority.
2021-06-07 19:17:30 -07:00
Mariano Cano
48bc4e549d
Fix cloudcas tests.
2021-06-07 15:53:29 -07:00
Mariano Cano
072bd0dcf4
Add support for Google CAS v1
2021-06-03 19:31:19 -07:00
Herman Slatman
491c2b8d93
Improve initialization of SCEP authority
2021-05-26 16:10:21 -07:00
Herman Slatman
2a249d20de
Refactor initialization of SCEP authority
2021-05-26 16:04:19 -07:00
Herman Slatman
c5e4ea08b3
Merge branch 'master' into hs/scep
2021-03-26 15:22:41 +01:00
Mariano Cano
84018ec71b
Clarify comment.
2021-03-25 11:07:58 -07:00
Mariano Cano
a9297100d8
Allow to configure the JWK using the encrypted key.
2021-03-24 19:05:56 -07:00
Mariano Cano
d9f93ccfde
Fix typo.
2021-03-24 12:06:29 -07:00
Mariano Cano
edc7c4d90e
Add support for password encrypted files
2021-03-23 17:54:42 -07:00
Mariano Cano
80542d6d9a
Add JWK as an issuer for stepcas.
2021-03-23 16:14:49 -07:00
Mariano Cano
ce3e6bfdf6
Fix linting errors.
2021-03-22 13:45:20 -07:00
Mariano Cano
96de4e6ec8
Return a non-implemented error in stepcas.RenewCertificate.
2021-03-22 12:56:12 -07:00
Mariano Cano
348815f4f6
Fix error message.
2021-03-22 11:51:11 -07:00
Herman Slatman
583d60dc0d
Address (most) PR comments
2021-03-21 16:42:41 +01:00
Mariano Cano
e7a6c46e54
Fix linting errors.
2021-03-19 14:21:47 -07:00
Mariano Cano
08e75b614e
Do not depend on Go 1.16.
2021-03-19 13:23:32 -07:00
Mariano Cano
6fd6270e7d
Remove debug statements.
2021-03-19 13:21:14 -07:00
Mariano Cano
7958f6ebb5
Add support for lifetime.
2021-03-19 13:19:49 -07:00
Mariano Cano
ae4b8f58b8
Add support for emails, ips and uris.
2021-03-19 12:02:03 -07:00
Mariano Cano
dbb48ecf8d
Add tests for stepcas.
2021-03-18 18:01:38 -07:00
Mariano Cano
bcf70206ac
Add support for revocation using an extra provisioner in the RA.
2021-03-17 19:47:36 -07:00
Mariano Cano
a6115e29c2
Add initial implementation of StepCAS.
...
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
2021-03-17 19:33:35 -07:00
Herman Slatman
e1cab4966f
Improve initialization of SCEP authority
2021-03-12 15:49:39 +01:00
Herman Slatman
7ad90d10b3
Refactor initialization of SCEP authority
2021-02-26 00:32:21 +01:00
Miclain Keffeler
ffbfcfb1f2
format.
2020-12-28 18:46:21 -06:00
Miclain K Keffeler
7a1eb43bb1
Update options.go
2020-12-28 17:12:37 -06:00
Miclain K Keffeler
f3396bf964
Update softcas.go
2020-12-28 17:10:44 -06:00
Miclain Keffeler
7545b4a625
leverage intermediate_ca.crt for appending certs.
2020-12-23 22:41:10 -06:00
Mariano Cano
a97fab4119
Fix mispell.
2020-11-03 12:48:48 -08:00
Mariano Cano
b057c6677a
Use test/bufconn instead of a real listener.
2020-11-03 12:45:31 -08:00
Mariano Cano
4f9200cc47
Add missing docs.
2020-11-03 12:45:31 -08:00
Mariano Cano
41a46bbd75
Enable default cas implementation.
2020-11-03 12:45:31 -08:00
Mariano Cano
7020011842
Add some extra tests.
2020-11-03 12:45:31 -08:00
Mariano Cano
7aa8a8fe1e
Complete tests for softCAS.
2020-11-03 12:45:31 -08:00
Mariano Cano
bb4f2aef2f
Fix lint error.
2020-11-03 12:45:31 -08:00
Mariano Cano
b275758018
Complete CloudCAS tests.
...
Upgrade cloud.google.com/go
2020-11-03 12:45:31 -08:00
Mariano Cano
10c2ce3071
Add missing files, mocks created using mockgen.
2020-11-03 12:44:54 -08:00
Mariano Cano
b2ae112dd2
Add initial tests for CreateCertificateAuthority.
2020-11-03 12:44:54 -08:00
Mariano Cano
b68344ec36
Fix unexpected error.
2020-11-03 12:44:54 -08:00
Mariano Cano
dff00a0218
Add support for local signing or cloudCAS intermediates.
2020-11-03 12:44:54 -08:00
Mariano Cano
2b4b902975
Add initial support for step ca init
with cloud cas.
...
Fixes smallstep/cli#363
2020-11-03 12:44:28 -08:00
Mariano Cano
2654231c49
Update option property.
2020-10-19 18:47:36 -07:00
Mariano Cano
9f21813dd6
Rename option.
2020-10-19 18:44:27 -07:00
Mariano Cano
8381e9bd17
Fix typos.
2020-10-05 17:20:22 -07:00
Mariano Cano
8e6d7accf8
Do not add the CRL distribution points extension.
...
This extension is added by CloudCAS.
2020-09-21 17:09:46 -07:00
Mariano Cano
38fa780775
Add interface to get root certificate from CAS.
...
This change makes easier the configuration of cloudCAS as it does
not require to configure the root or intermediate certificate
in the ca.json. CloudCAS will get the root certificate using
the configured certificateAuthority.
2020-09-21 15:27:20 -07:00
Mariano Cano
fa099f2ae2
Change method name.
2020-09-21 15:11:25 -07:00
Mariano Cano
884a6f5dd0
Skip test on CI.
2020-09-16 14:03:26 -07:00
Mariano Cano
91aa1e87f1
Do not use go 1.15 methods.
2020-09-16 13:51:49 -07:00
Mariano Cano
f2dd5c48cc
Fix linting errors.
2020-09-16 12:41:43 -07:00
Mariano Cano
8957e5e5a2
Add missing tests
2020-09-16 12:34:42 -07:00
Mariano Cano
e146b3fe16
Add Unit tests for softcas.
2020-09-15 19:37:02 -07:00
Mariano Cano
1550a21f68
Fix unit tests.
2020-09-15 18:14:21 -07:00
Mariano Cano
144ffe73dd
Complete unit tests for Google CAS.
2020-09-15 17:23:11 -07:00
Mariano Cano
f7d066fca8
Fix key usages.
2020-09-15 15:19:59 -07:00
Mariano Cano
01e6495f43
Add most of cloudcas unit tests and minor fixes.
2020-09-14 19:13:40 -07:00
Mariano Cano
8eff4e77a8
Comment request structs.
2020-09-14 19:12:49 -07:00
Mariano Cano
aad8f9e582
Pass issuer and signer to softCAS options.
...
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
2020-09-10 19:09:46 -07:00
Mariano Cano
c8d9cb0a1d
Complete cloudcas using CAS v1beta1.
2020-09-10 16:19:18 -07:00
Mariano Cano
1b1f73dec6
Early attempt to develop a CAS interface.
2020-09-08 19:26:32 -07:00