Herman Slatman
877fc9ae8c
Add tests for CreateDecrypter
2021-05-07 15:32:07 +02:00
Mariano Cano
26e7cc6177
Allow to use the SDK with ed25519 keys.
2021-05-06 18:10:12 -07:00
Mariano Cano
c1c986922b
Show Ed25519 in the public-key log field.
2021-05-06 18:09:40 -07:00
Herman Slatman
a3ec890e71
Fix small typo in divisible
2021-05-07 00:31:34 +02:00
Herman Slatman
54610e890b
Improve error logging
2021-05-07 00:23:09 +02:00
Herman Slatman
d0a9cbc797
Change fmt to errors package for formatting errors
2021-05-07 00:22:06 +02:00
Herman Slatman
ff1b46c95d
Add configuration option for specifying the minimum public key length
...
Instead of using the defaultPublicKeyValidator a new validator called
publicKeyMinimumLengthValidator has been implemented that uses a
configurable minimum length for public keys in CSRs.
It's also an option to alter the defaultPublicKeyValidator to also
take a parameter, but that would touch quite some lines of code. This
might be a viable option after merging SCEP support.
2021-05-06 22:56:28 +02:00
Herman Slatman
c04f556dc2
Merge branch 'master' into hs/scep
2021-05-06 22:00:29 +02:00
Mariano Cano
5a6517ca5b
Merge pull request #561 from LecrisUT/master
...
Check admin privileges from group membership
2021-05-05 16:57:13 -07:00
Cristian Le
d7eec869c2
Fix the previous tests
2021-05-05 10:37:30 +09:00
Cristian Le
c2d30f7260
gofmt everything
2021-05-05 10:29:47 +09:00
Cristian Le
f38a72a62b
Leftover from previous commit
2021-05-05 10:17:08 +09:00
Cristian Le
1d2445e1d8
Removed the variadic username
...
Could be useful later on, but for the current PR changes should be minimized
2021-05-05 10:12:38 +09:00
Cristian Le
9e00b82bdf
Revert oidc_test.go
...
Moving the `preferred_username` to a separate PR
2021-05-05 08:49:03 +09:00
Cristian Le
cd67d64eec
Merge remote-tracking branch 'origin/master'
2021-05-05 08:16:14 +09:00
Cristian Le
decf0fc8ce
Revert using preferred_username
...
It might present a security issue if the users can change this value for themselves. Needs further investigation
2021-05-05 08:15:26 +09:00
Cristian Le
21732f213b
Fix shadow issue in CI
2021-05-05 08:15:26 +09:00
Mariano Cano
08e5ec6ad1
Fix IsAdminGroup comment.
2021-05-05 08:15:26 +09:00
Mariano Cano
46c1dc80fb
Use map[string]struct{} instead of map[string]bool
2021-05-05 08:15:26 +09:00
Mariano Cano
aafac179a5
Add test for oidc with preferred usernames.
2021-05-05 08:15:26 +09:00
Cristian Le
f730c0bec4
Sanitize usernames
2021-05-05 08:15:26 +09:00
Cristian Le
48666792c7
Draft: adding usernames to GetIdentityFunc
2021-05-05 08:15:26 +09:00
Cristian Le
79eec83f3e
Rename and reformat to PreferredUsername
2021-05-05 08:15:26 +09:00
Cristian Le
09a21fef26
Implement #550
...
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
2021-05-05 08:15:26 +09:00
Cristian Le
bb1e051b27
Revert using preferred_username
...
It might present a security issue if the users can change this value for themselves. Needs further investigation
2021-05-05 08:12:17 +09:00
Max
1ee288f9fb
Merge pull request #565 from smallstep/max/load-init
...
Init config on load | Add wrapper for cli
2021-05-04 15:02:41 -07:00
max furman
8c709fe3c2
Init config on load | Add wrapper for cli
2021-05-04 14:45:11 -07:00
max furman
9a156d2210
Remove distribution doc.
2021-05-04 12:30:05 -07:00
max furman
bc4bf224e8
[action] Add needs-triage labeler
2021-05-04 11:30:20 -07:00
Cristian Le
e5b206c1de
Fix shadow issue in CI
2021-05-04 13:47:17 +09:00
Carl Tashian
0295280c20
Merge branch 'master' of https://github.com/smallstep/certificates
2021-05-03 16:19:47 -07:00
Carl Tashian
25325b6970
Revert systemd renewer unit change that was incorrect
...
This reverts commit 75f24a103a
.
2021-05-03 16:19:36 -07:00
Mariano Cano
484b30d0a1
Fix IsAdminGroup comment.
2021-04-29 18:47:17 -07:00
Mariano Cano
9cc410b308
Use map[string]struct{} instead of map[string]bool
2021-04-29 18:40:04 -07:00
Mariano Cano
c8eb771a8e
Add test for oidc with preferred usernames.
2021-04-29 18:37:48 -07:00
Cristian Le
8b1ab30212
Sanitize usernames
2021-04-30 09:41:06 +09:00
Cristian Le
bf364f0a5f
Draft: adding usernames to GetIdentityFunc
2021-04-30 09:14:28 +09:00
Cristian Le
861ef80e0d
Rename and reformat to PreferredUsername
2021-04-30 08:44:41 +09:00
Mariano Cano
b9b1ac04d1
Merge pull request #562 from smallstep/renew-db-interface
...
Renew DB interface and Rekey
2021-04-29 16:28:46 -07:00
Mariano Cano
5846314f88
Add missing Rekey method to the ca.Client
...
Fixes #315
2021-04-29 16:06:45 -07:00
Mariano Cano
2cbaee9c1d
Allow to use an alternative interface to store renewed certs.
...
This can be useful to know if a certificate has been renewed and
link one certificate with the 'parent'.
2021-04-29 15:55:22 -07:00
Herman Slatman
68d5f6d0d2
Merge branch 'master' into hs/scep
2021-04-29 22:18:00 +02:00
Cristian Le
55fbcfb3be
Implement #550
...
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
2021-04-29 15:44:21 +09:00
Joe Julian
0369151bfa
use InsecureSkipVerify for validation
...
The server will not yet have a valid certificate so we need to disable
certificate validation in the HTTPGetter.
2021-04-27 08:18:35 -07:00
Mariano Cano
582d6b161d
Merge pull request #531 from smallstep/tls-tunnel
...
Add experimental support for a TLS over TLS tunnel.
2021-04-26 18:51:33 -07:00
Mariano Cano
1328aa3e47
Fix review comments.
2021-04-26 18:45:46 -07:00
Mariano Cano
d3c6bcbcce
Merge pull request #553 from smallstep/store-chain
...
Add extension of db.AuthDB to store the fullchain
2021-04-26 14:37:05 -07:00
Mariano Cano
e6833ecee3
Add extension of db.AuthDB to store the fullchain.
...
Add a temporary solution to allow an extension of an db.AuthDB
interface that logs the fullchain of certificates instead of just
the leaf.
2021-04-26 12:28:51 -07:00
Mariano Cano
50b9aaec57
Add new identity tests.
2021-04-21 18:07:59 -07:00
Mariano Cano
e414d0c8ea
Fix unit tests.
2021-04-21 16:20:53 -07:00