mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
1900 commits 33 branches 197 tags 41 MiB
Commit graph

1900 commits

This branch
This branch
All branches
Author SHA1 Message Date
Herman Slatman
ff1b46c95d
Add configuration option for specifying the minimum public key length 
Instead of using the defaultPublicKeyValidator a new validator called
publicKeyMinimumLengthValidator has been implemented that uses a
configurable minimum length for public keys in CSRs.

It's also an option to alter the defaultPublicKeyValidator to also
take a parameter, but that would touch quite some lines of code. This
might be a viable option after merging SCEP support.
 2021-05-06 22:56:28 +02:00
Herman Slatman
c04f556dc2
Merge branch 'master' into hs/scep 2021-05-06 22:00:29 +02:00
Mariano Cano
5a6517ca5b
Merge pull request #561 from LecrisUT/master 
Check admin privileges from group membership
 2021-05-05 16:57:13 -07:00
Cristian Le
d7eec869c2 Fix the previous tests 2021-05-05 10:37:30 +09:00
Cristian Le
c2d30f7260 gofmt everything 2021-05-05 10:29:47 +09:00
Cristian Le
f38a72a62b Leftover from previous commit 2021-05-05 10:17:08 +09:00
Cristian Le
1d2445e1d8 Removed the variadic username 
Could be useful later on, but for the current PR changes should be minimized
 2021-05-05 10:12:38 +09:00
Cristian Le
9e00b82bdf Revert oidc_test.go 
Moving the `preferred_username` to a separate PR
 2021-05-05 08:49:03 +09:00
Cristian Le
cd67d64eec Merge remote-tracking branch 'origin/master' 2021-05-05 08:16:14 +09:00
Cristian Le
decf0fc8ce Revert using preferred_username 
It might present a security issue if the users can change this value for themselves. Needs further investigation
 2021-05-05 08:15:26 +09:00
Cristian Le
21732f213b Fix shadow issue in CI 2021-05-05 08:15:26 +09:00
Mariano Cano
08e5ec6ad1 Fix IsAdminGroup comment. 2021-05-05 08:15:26 +09:00
Mariano Cano
46c1dc80fb Use map[string]struct{} instead of map[string]bool 2021-05-05 08:15:26 +09:00
Mariano Cano
aafac179a5 Add test for oidc with preferred usernames. 2021-05-05 08:15:26 +09:00
Cristian Le
f730c0bec4 Sanitize usernames 2021-05-05 08:15:26 +09:00
Cristian Le
48666792c7 Draft: adding usernames to GetIdentityFunc 2021-05-05 08:15:26 +09:00
Cristian Le
79eec83f3e Rename and reformat to PreferredUsername 2021-05-05 08:15:26 +09:00
Cristian Le
09a21fef26 Implement #550 
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
 2021-05-05 08:15:26 +09:00
Cristian Le
bb1e051b27 Revert using preferred_username 
It might present a security issue if the users can change this value for themselves. Needs further investigation
 2021-05-05 08:12:17 +09:00
Max
1ee288f9fb
Merge pull request #565 from smallstep/max/load-init 
Init config on load | Add wrapper for cli
 2021-05-04 15:02:41 -07:00
max furman
8c709fe3c2 Init config on load | Add wrapper for cli 2021-05-04 14:45:11 -07:00
max furman
9a156d2210 Remove distribution doc. 2021-05-04 12:30:05 -07:00
max furman
bc4bf224e8 [action] Add needs-triage labeler 2021-05-04 11:30:20 -07:00
Cristian Le
e5b206c1de Fix shadow issue in CI 2021-05-04 13:47:17 +09:00
Carl Tashian
0295280c20 Merge branch 'master' of https://github.com/smallstep/certificates 2021-05-03 16:19:47 -07:00
Carl Tashian
25325b6970 Revert systemd renewer unit change that was incorrect 
This reverts commit 75f24a103a.
 2021-05-03 16:19:36 -07:00
Mariano Cano
484b30d0a1 Fix IsAdminGroup comment. 2021-04-29 18:47:17 -07:00
Mariano Cano
9cc410b308 Use map[string]struct{} instead of map[string]bool 2021-04-29 18:40:04 -07:00
Mariano Cano
c8eb771a8e Add test for oidc with preferred usernames. 2021-04-29 18:37:48 -07:00
Cristian Le
8b1ab30212 Sanitize usernames 2021-04-30 09:41:06 +09:00
Cristian Le
bf364f0a5f Draft: adding usernames to GetIdentityFunc 2021-04-30 09:14:28 +09:00
Cristian Le
861ef80e0d Rename and reformat to PreferredUsername 2021-04-30 08:44:41 +09:00
Mariano Cano
b9b1ac04d1
Merge pull request #562 from smallstep/renew-db-interface 
Renew DB interface and Rekey
 2021-04-29 16:28:46 -07:00
Mariano Cano
5846314f88 Add missing Rekey method to the ca.Client 
Fixes #315
 2021-04-29 16:06:45 -07:00
Mariano Cano
2cbaee9c1d Allow to use an alternative interface to store renewed certs. 
This can be useful to know if a certificate has been renewed and
link one certificate with the 'parent'.
 2021-04-29 15:55:22 -07:00
Herman Slatman
68d5f6d0d2
Merge branch 'master' into hs/scep 2021-04-29 22:18:00 +02:00
Cristian Le
55fbcfb3be Implement #550 
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
 2021-04-29 15:44:21 +09:00
Mariano Cano
582d6b161d
Merge pull request #531 from smallstep/tls-tunnel 
Add experimental support for a TLS over TLS tunnel.
 2021-04-26 18:51:33 -07:00
Mariano Cano
1328aa3e47 Fix review comments. 2021-04-26 18:45:46 -07:00
Mariano Cano
d3c6bcbcce
Merge pull request #553 from smallstep/store-chain 
Add extension of db.AuthDB to store the fullchain
 2021-04-26 14:37:05 -07:00
Mariano Cano
e6833ecee3 Add extension of db.AuthDB to store the fullchain. 
Add a temporary solution to allow an extension of an db.AuthDB
interface that logs the fullchain of certificates instead of just
the leaf.
 2021-04-26 12:28:51 -07:00
Mariano Cano
50b9aaec57 Add new identity tests. 2021-04-21 18:07:59 -07:00
Mariano Cano
e414d0c8ea Fix unit tests. 2021-04-21 16:20:53 -07:00
Mariano Cano
c5234e9c61 Refactor tls tunnel connections. 
New method will use an identity-like file with the configuration
used to create the (m)TLS connection to the tunnel.
 2021-04-21 16:20:53 -07:00
Mariano Cano
180b5c3e3c Fix typo. 2021-04-21 16:20:53 -07:00
Mariano Cano
e75a9409a5 Add experimental support for a TLS over TLS tunnel. 2021-04-21 16:20:53 -07:00
Carl Tashian
75f24a103a Sync cert renewer service with docs 2021-04-20 17:04:18 -07:00
Carl Tashian
e50c5bc4b1 Remove pronoun 2021-04-19 12:08:42 -07:00
Mariano Cano
3769a2760a
Merge pull request #543 from smallstep/no-nonce-on-get 
Remove the creation on nonce on get acme directory
 2021-04-16 13:20:06 -07:00
Herman Slatman
2336936b5c
Fix typo 2021-04-16 15:49:33 +02:00