mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
3316 commits 33 branches 197 tags 41 MiB
Commit graph

311 commits

Author SHA1 Message Date
Mariano Cano
edd475b81b Allow to configure azurekms using the URI 
With an URI, azurekms can be configured with client credentials,
and it can define a default vault and protection level.
 2021-10-12 18:24:58 -07:00
Mariano Cano
e15b5faf7d Merge branch 'master' into keyvault 2021-10-12 15:15:35 -07:00
Mariano Cano
d8720c3723 Update linkedca package. 2021-10-07 17:21:40 -07:00
Mariano Cano
48549bf317 Initialize windows terminal on all binaries. 2021-10-07 11:09:32 -07:00
Mariano Cano
6389100325 Add unit tests for azurekms. 2021-10-05 20:35:52 -07:00
Mariano Cano
392a18465f Add initial implementation of Azure Key Vault KMS. 
Fixes #462
 2021-10-05 17:06:17 -07:00
Mariano Cano
ad82d8a250 Upgrade go.step.sm/crypto as long with go-jose.v2 
There was a typo in the OKP template causing bad fingerprints for
Ed25519 keys.

See a10ff54e00

Fixes #705
 2021-09-22 15:15:19 -07:00
Herman Slatman
73d0a11a20
Update github.com/micromdm/scep/v2 2021-09-16 08:29:25 +02:00
Herman Slatman
611859eec4
Update go.mozilla.org/pkcs7 
This includes the fix as described in https://github.com/mozilla-services/pkcs7/pull/59,
which was the reason a fork of the library was used.
 2021-09-16 08:24:28 +02:00
Mariano Cano
9e7a3cd897 Update go.step.sm/crypto 2021-08-26 18:12:37 -07:00
Mariano Cano
352acf8faa Upgrade golang.org/x/crypto 2021-08-26 11:29:13 -07:00
Mariano Cano
42fde8ba28
Merge branch 'master' into linkedca 2021-08-25 15:56:50 -07:00
max furman
2317bf183b Nosql and badger bump 2021-08-25 10:32:12 -07:00
max furman
cc9bc9c84b Bump Badger 2021-08-25 10:24:18 -07:00
max furman
f53f78974e Badger bump to fix issue with caddy build 2021-08-18 11:38:31 -07:00
Mariano Cano
456ffd8806 Use linkedca v0.5.0 2021-08-11 15:33:34 -07:00
Mariano Cano
28e882c9b3 Add deployment type to export. 2021-08-10 17:14:17 -07:00
Mariano Cano
798b90c359 Move linkedca configuration to the main package. 2021-08-04 20:15:04 -07:00
Mariano Cano
de292fbed6 Use branch version of linkedca. 2021-08-02 16:08:54 -07:00
Mariano Cano
dc1ec18b52 Create a way to export ca configurations. 2021-07-26 19:01:56 -07:00
Mariano Cano
d0c1530f89 Remove replace of linkedca package. 2021-07-26 14:48:01 -07:00
Mariano Cano
4ad82a2f76 Check linkedca for revocation. 2021-07-23 16:10:13 -07:00
Mariano Cano
71f8019243 Store x509 and ssh certificates on linkedca if enabled. 2021-07-20 18:16:24 -07:00
Mariano Cano
17eef81c91 Remove linkerd replace. 2021-07-20 14:55:07 -07:00
Mariano Cano
a72eab915b Use linkedca v0.1.0 2021-07-20 12:59:59 -07:00
Mariano Cano
8fb5340dc9 Use a token at start time to configure linkedca. 
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
 2021-07-19 19:28:06 -07:00
Mariano Cano
f7e09af9df Implement the login command. 
The login commands creates a new certificate for the linked ca.
This certificate will be used to sync data with the linkedca
endpoint.
 2021-07-12 15:28:13 +02:00
max furman
77fdfc9fa3 Merge branch 'master' into max/cert-mgr-crud 2021-07-02 20:26:46 -07:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
Mariano Cano
65dacc2795 Replace golint with revive 2021-06-23 09:53:26 +02:00
Mariano Cano
2a97389f1b Upgrade dependencies. 2021-06-08 17:47:26 -07:00
Mariano Cano
072bd0dcf4 Add support for Google CAS v1 2021-06-03 19:31:19 -07:00
Herman Slatman
66a67ed691 Update to v2.0.0 of github.com/micromdm/scep 2021-05-26 16:15:24 -07:00
Herman Slatman
75cd3ab0ac Change to a fixed fork of go.mozilla.org/pkcs7 
Hopefully this will be a temporary change until
the fix is merged in the upstream module.
 2021-05-26 16:07:37 -07:00
Herman Slatman
2a249d20de Refactor initialization of SCEP authority 2021-05-26 16:04:19 -07:00
Herman Slatman
48c86716a0 Add rudimentary (and incomplete) support for SCEP 2021-05-26 15:58:04 -07:00
Herman Slatman
bc2bb53009
Merge branch 'master' into hs/scep 2021-05-20 21:35:44 +02:00
Mariano Cano
f84c8f846a Upgrade x/crypto 
Although this does not affects us the old version had the vulnerability
CVE-2020-29652
 2021-05-18 19:16:13 -07:00
max furman
b205f50412 bump crypto to 0.8.3 and go mod tidy 2021-05-13 12:14:11 -07:00
Herman Slatman
c3d9cef497
Update to v2.0.0 of github.com/micromdm/scep 2021-03-26 22:04:18 +01:00
Herman Slatman
c5e4ea08b3
Merge branch 'master' into hs/scep 2021-03-26 15:22:41 +01:00
Mariano Cano
561341a6f2 Update go.step.sm/crypto. 2021-03-18 18:04:38 -07:00
Herman Slatman
efd5501aca
Merge branch 'master' into hs/scep 2021-03-12 12:16:10 +01:00
Mariano Cano
d74f1fa55e Use cli-utils v0.2.0 2021-03-10 12:53:25 -08:00
Mariano Cano
a1a7e38a49 Add support for cli-utils with powershell support. 2021-03-10 12:34:47 -08:00
Herman Slatman
9df5f513e7
Change to a fixed fork of go.mozilla.org/pkcs7 
Hopefully this will be a temporary change until
the fix is merged in the upstream module.
 2021-03-06 22:35:41 +01:00
Herman Slatman
7ad90d10b3
Refactor initialization of SCEP authority 2021-02-26 00:32:21 +01:00
Herman Slatman
9e43dc85d8
Merge branch 'master' into hs/scep-master 2021-02-19 10:16:39 +01:00
Mariano Cano
3eb24d7d01 Remove duplicated replace. 2021-02-16 17:14:15 -08:00
Herman Slatman
ffdd58ea3c
Add rudimentary (and incomplete) support for SCEP 2021-02-12 12:03:08 +01:00
Mariano Cano
f289d1ee1f Update to crypto11 v1.2.4 
This version now includes my changes to delete a certificate.
 2021-02-08 12:01:21 -08:00
Mariano Cano
4fbf7569fa Merge branch 'master' into pkcs11 2021-02-01 18:13:16 -08:00
Mariano Cano
1d47a7284d Upgrade nosql with a version of badger compatible with 32bits 2021-02-01 18:09:28 -08:00
Mariano Cano
6c0cf99b24 Upgrade nosql with a 32-bit version of badger. 2021-01-27 11:02:56 -08:00
Mariano Cano
8dca652bc7 Add support for PKCS #11 KMS. 
The implementation works with YubiHSM2. Unit tests are still pending.

Fixes #301
 2021-01-26 20:03:53 -08:00
Mariano Cano
c61222de1d Upgrade nosql version. 
nosql has newer version of badgers v1 and v2.
 2021-01-21 18:03:55 -08:00
Derek Gaffney
8416bd633d Bump go-piv to v1.7.0 for x32 overflow fix 2020-12-27 20:27:39 -05:00
Mariano Cano
86c947babc Upgrade crypto and fix test. 2020-12-17 14:17:08 -08:00
Mariano Cano
d6ea8b13ab Upgrade crypto. 
Related to #435
 2020-12-17 13:34:50 -08:00
Mariano Cano
921de7e07f Upgrade crypto to v0.7.1 
Add basic constraints extensions if defined.
 2020-11-17 11:43:12 -08:00
Mariano Cano
736a6fb64e Fix rebase. 2020-11-03 12:49:04 -08:00
Mariano Cano
b275758018 Complete CloudCAS tests. 
Upgrade cloud.google.com/go
 2020-11-03 12:45:31 -08:00
Mariano Cano
b2ae112dd2 Add initial tests for CreateCertificateAuthority. 2020-11-03 12:44:54 -08:00
Mariano Cano
461735718d Update go.step.sm/crypto dependency. 2020-11-03 12:44:54 -08:00
Mariano Cano
2b4b902975 Add initial support for step ca init with cloud cas. 
Fixes smallstep/cli#363
 2020-11-03 12:44:28 -08:00
Mariano Cano
b79701202b Use cli-utils@v0.1.0 2020-10-29 15:07:14 -07:00
Mariano Cano
40d0596b71 Use smallstep/cli-utils instead of smallstep/cli 2020-10-29 13:10:03 -07:00
max furman
81a0df9e45 go mod tidy 2020-10-21 20:42:23 -07:00
max furman
bf45e6ff16 Bump cli to v0.15.3 2020-10-21 16:40:06 -07:00
max furman
3f4d041082 bump cli to master 2020-10-20 22:38:59 -07:00
Mariano Cano
647b9b4541
Merge pull request #367 from smallstep/cas 
Support for CAS Interface and CloudCAS
 2020-10-05 18:09:01 -07:00
Mariano Cano
4c8bf87dc1 Use new admin template for K8ssa and admin-OIDC provisioners. 
This change replaces the .Insecure.CR template to one that sets
all the SANs, but uses key usages and extended key usages for
regular TLS certificates.
 2020-09-21 12:49:16 -07:00
Mariano Cano
a332c40530 Merge branch 'master' into cas 2020-09-17 14:46:52 -07:00
Pierre Laden
179e793f1a - provide PINpolicy always to piv-go to avoid trying to use attestation cert, which we might not have 
- bump piv-go version to 1.6.0
 2020-09-16 21:59:48 +02:00
Mariano Cano
c8d9cb0a1d Complete cloudcas using CAS v1beta1. 2020-09-10 16:19:18 -07:00
Mariano Cano
1b1f73dec6 Early attempt to develop a CAS interface. 2020-09-08 19:26:32 -07:00
Mariano Cano
3ac0ef2eaa Update crypto to v0.6.0 2020-09-02 18:08:24 -07:00
Mariano Cano
f3b65e54ac Update go.step.sm to v0.5.0 
Solves the problem of enforcing the signature algorithm. This
causes issues if the intermediate key is not an ECDSA key.
 2020-09-01 12:44:46 -07:00
Mariano Cano
8ee246edda Upgrade go.step.sm to v0.4.0 2020-08-31 12:30:54 -07:00
Mariano Cano
ef86bedb2c Upgrade go.step.sm dependency to v0.3.0 2020-08-25 11:46:04 -07:00
Mariano Cano
c94a1c51be Merge branch 'master' into ssh-cert-templates 2020-08-24 15:08:28 -07:00
Mariano Cano
ba918100d0 Use go.step.sm/crypto/jose 
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
 2020-08-24 14:44:11 -07:00
Mariano Cano
03d642e59c Update go.step.sm/crypto to v0.2.0 
Fixes #302
 2020-08-20 16:02:45 -07:00
max furman
cb594ed2e0 go mod tidy and golang 1.15.0 cleanup ... 
- cs.NegotiatedProtocolIsMutual has been deprecated but we still build
in travis with 1.14 so for now we'll ignore this linting error
- string(int) was resolving to string of a single rune rather than
string of digits -> use fmt.Sprint
 2020-08-17 13:48:37 -07:00
max furman
795648e5d5 bump cli to v0.15.0 2020-08-16 21:04:12 -07:00
Mariano Cano
32ba80f446 Use pemutil branch. 2020-08-14 15:44:18 -07:00
Mariano Cano
d30a95236d Use always go.step.sm/crypto 2020-08-14 15:33:50 -07:00
Mariano Cano
aaaa7e9b4e Merge branch 'master' into cert-templates 2020-08-14 10:45:41 -07:00
Mariano Cano
533ad0ca20 Use always go.step.sm/crypto/x509util 2020-08-11 17:59:33 -07:00
Mariano Cano
4943ae58d8 Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates. 2020-08-10 15:29:18 -07:00
Mariano Cano
e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 2020-08-10 11:26:51 -07:00
Mariano Cano
c8d225a763 Use x509util from go.step.sm/crypto/x509util 2020-08-05 16:02:46 -07:00
max furman
3f844c5e23 Update the way SubjectKeyId is calculated, and more ... 
- swith lint to first in line for `make all`
- update tests to conform with new subjectkeyid
 2020-07-28 12:00:07 -07:00
David Cowden
dc39eef721 aws: test badIDMS functional path 
The existing test only covers the constructor logic. Also test the live
code path that is executed when a bad IDMS version is supplied.
 2020-07-22 17:40:26 -07:00
Mariano Cano
978ad7e2b6 Fix merged tests. 2020-07-21 14:34:55 -07:00
Mariano Cano
0de15b0a42 Update cli dependency to master. 2020-07-21 14:20:27 -07:00
Mariano Cano
6736ddee69 Use smallstep/cli v0.14.6 2020-07-02 13:55:00 -07:00
max furman
e1fdd9300c go mod tidy 2020-06-30 18:01:31 -07:00
max furman
f5da56e19f Bump version of cli to v0.14.5. 2020-06-30 16:25:58 -07:00
max furman
b200e84967 Pull most recent cli and go mod tidy 2020-06-25 15:36:35 -07:00
Mariano Cano
c32abb76cd Add initial implementation to support AWS KMS. 2020-05-19 17:35:36 -07:00
Mariano Cano
6868190fff Add initial support for yubikey. 2020-05-07 18:22:09 -07:00
max furman
c1a84c1405 go mod tidy 2020-04-30 18:59:41 -07:00
max furman
1b6bf38b52 Bump cli to v0.14.3 2020-04-30 17:48:58 -07:00
max furman
30e38dc501 Bumpt the version of cli for a certificates RC. 2020-04-28 09:34:10 -07:00
Mariano Cano
df3b9f637e Use a tagged version of nosql. 2020-04-27 18:13:54 -07:00
max furman
3be95a82d0 Update version of nosql. 2020-04-21 09:27:42 -07:00
max furman
0573c00bd3 Simultaneous support for Badger V1+V2 and ... 
* valueLogLoadingMode config for low RAM badger environments
 2020-04-20 11:46:47 -07:00
max furman
fc50523779 go mod tidy 2020-04-09 20:57:04 -07:00
max furman
4b8e2f5948 Tag v0.14.2 2020-04-09 18:14:24 -07:00
max furman
e03ce33cd9 go mod tidy and verify 2020-04-09 11:21:03 -07:00
max furman
17097eb9f0 Bump cli to v0.14.1 to break dependency cycle. 2020-04-09 11:04:28 -07:00
max furman
344e7b99fb bump cli dependency 2020-04-09 09:34:20 -07:00
Mariano Cano
3480ed44c7 Upgrade github.com/x/crypto to fix a vulnerability in ssh. 
* CVE-2020-9283
 2020-03-24 14:17:44 -07:00
Mariano Cano
21bd339b86 Merge branch 'master' into kms 2020-02-11 13:20:35 -08:00
Mariano Cano
752bfeeccd Update cli dependency. 2020-01-30 10:59:28 -08:00
Mariano Cano
cbf1053255 Merge branch 'master' into kms 2020-01-28 15:49:54 -08:00
max furman
c66b183783 Update cli dep 2020-01-28 13:37:43 -08:00
Mariano Cano
3fb42935b4 Update cli dependency 2020-01-28 13:29:40 -08:00
Mariano Cano
549291c2ca Upgrade smallste/cli 2020-01-28 13:29:39 -08:00
Mariano Cano
895d3054a3 Remove the use of custom x509 package. 
Upgrade cli dependency.
 2020-01-28 13:29:39 -08:00
Mariano Cano
53334ce1e0 Update assert package. 2020-01-28 13:29:39 -08:00
Mariano Cano
e6cafb89b6 Update cli dependency. 2020-01-28 13:29:39 -08:00
max furman
ed7ef7229f cli dep update 2020-01-28 13:29:39 -08:00
max furman
74f1c111a9 updating dependencies 2020-01-28 13:29:39 -08:00
max furman
af8b8584dd Update cli dep 2020-01-28 13:29:39 -08:00
max furman
b9f6aacb0f Move api errors to their own package and modify the typedef 2020-01-28 13:29:39 -08:00
Mariano Cano
79b408dcf7 Update dependencies. 2020-01-28 13:29:39 -08:00
Mariano Cano
3029addbf6 Use new version of nosql. 2020-01-28 13:29:39 -08:00
max furman
93320fd977 update cli dep 2020-01-28 13:29:39 -08:00
max furman
3ac388612a Use x5cInsecure token for /ssh/check-host endpoint 2020-01-28 13:29:39 -08:00
Mariano Cano
e29892e9eb Update cli dependency. 2020-01-28 13:29:39 -08:00
Mariano Cano
000885dea7 Move Option type to a new file. 2020-01-28 13:28:16 -08:00
max furman
c04f1e1bd4 sshpop first pass 2020-01-28 13:28:16 -08:00
Mariano Cano
8e794259eb Update dependencies. 2020-01-28 13:28:16 -08:00
Mariano Cano
ec90c41de6 Use nosql version with go mod. 2020-01-28 13:28:16 -08:00
Mariano Cano
d59a07ad89 Upgrade cli version. 2020-01-28 13:28:16 -08:00
Mariano Cano
bceb12a169 Upgrade go-jose to 2.4.0. 2020-01-28 13:28:16 -08:00
Mariano Cano
6489c26d4c Use github.com/Masterminds/sprig/v3 2020-01-28 13:28:16 -08:00
Mariano Cano
69a1b68283 Merge branch 'ssh' into kms 2020-01-27 15:41:14 -08:00
Mariano Cano
ec2046bba8 Add grpc dependency. 2020-01-14 18:51:05 -08:00
Mariano Cano
44eccc6bd8 Merge branch 'ssh' into kms 2020-01-10 17:49:52 -08:00
Mariano Cano
3ce267cdd6 Upgrade smallste/cli 2020-01-10 17:21:47 -08:00
Mariano Cano
085ae82163 Remove the use of custom x509 package. 
Upgrade cli dependency.
 2020-01-10 10:58:49 -08:00
Mariano Cano
995375013d Update dependencies for kms support. 2020-01-09 18:43:35 -08:00
Mariano Cano
50717b3ffa Update assert package. 2020-01-03 13:27:45 -08:00
Mariano Cano
1fa35491ea Update cli dependency. 2019-12-18 14:44:59 -08:00
max furman
6200aeaad0 cli dep update 2019-12-17 14:39:08 -08:00
Mariano Cano
ba11f6acb7 Update dependencies. 2019-12-13 13:59:11 -08:00
Mariano Cano
d210082113 Use new version of nosql. 2019-12-13 13:56:56 -08:00
max furman
623be4ef09 update cli dep 2019-12-11 14:56:50 -08:00
max furman
1e17ec7d33 Use x5cInsecure token for /ssh/check-host endpoint 2019-12-11 14:54:29 -08:00
Mariano Cano
f99d1007bc Update cli dependency. 2019-11-26 18:53:36 -08:00
Mariano Cano
43b663e0c3 Move Option type to a new file. 2019-11-14 15:29:04 -08:00
max furman
b5f15531d8 sshpop first pass 2019-11-05 16:41:17 -08:00
Mariano Cano
45d94fa4bd Update dependencies. 2019-11-05 16:41:17 -08:00
Mariano Cano
ba9eb47818 Use nosql version with go mod. 2019-11-05 16:41:17 -08:00
Mariano Cano
af64bf8d96 Upgrade cli version. 2019-11-05 16:41:17 -08:00
Mariano Cano
e8ad06ef35 Upgrade go-jose to 2.4.0. 2019-11-05 16:41:17 -08:00
Mariano Cano
f47516a15d Use github.com/Masterminds/sprig/v3 2019-11-05 16:41:17 -08:00
Mariano Cano
5cdb8f63b2 Add ignored files go.mod and go.sum 2019-10-21 18:56:48 -07:00