Mariano Cano
|
c8d225a763
|
Use x509util from go.step.sm/crypto/x509util
|
2020-08-05 16:02:46 -07:00 |
|
Mariano Cano
|
a7b65f1e1e
|
Add authority.Sign test with custom templates.
|
2020-07-22 19:18:45 -07:00 |
|
Mariano Cano
|
6c64fb3ed2
|
Rename provisioner options structs:
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
|
2020-07-22 18:24:45 -07:00 |
|
Mariano Cano
|
ccc705cdcd
|
Use alias x509legacy to cli x509util in tls.go.
|
2020-07-21 14:20:48 -07:00 |
|
Mariano Cano
|
8f0dd811af
|
Allow to send errors from template to cli.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
4795e371bd
|
Add back the support for ca.json DN template.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
d1d9ae42d6
|
Use certificates x509util instead of cli for certificate signing.
|
2020-07-21 14:18:04 -07:00 |
|
max furman
|
fd05f3249b
|
A few last fixes and tests added for rekey/renew ...
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
|
2020-07-09 12:11:40 -07:00 |
|
Max
|
ea9bc493b8
|
Merge pull request #307 from dharanikumar-s/master
Add support for rekeying Fixes #292
|
2020-07-09 11:39:00 -07:00 |
|
dharanikumar-s
|
57fb0c80cf
|
Removed calculating SubjectKeyIdentifier on Rekey
|
2020-07-08 12:52:53 +05:30 |
|
dharanikumar-s
|
dfda497929
|
Renamed RenewOrRekey to Rekey
|
2020-07-08 11:47:59 +05:30 |
|
dharanikumar-s
|
fe73154a20
|
Corrected misspelling
|
2020-07-05 22:50:02 +05:30 |
|
dharanikumar-s
|
2479371c06
|
Added error check while marshalling public key
|
2020-07-05 22:37:29 +05:30 |
|
dharanikumar-s
|
c8c3581e2f
|
SubjectKeyIdentifier extention is calculated from public key passed to this function instead of copying from old certificate
|
2020-07-05 22:15:01 +05:30 |
|
dharanikumar-s
|
8f504483ce
|
Added RenewOrRekey function based on @maraino suggestion. RenewOrReky is called from Renew.
|
2020-07-03 15:58:15 +05:30 |
|
dharanikumar-s
|
3813f57b1a
|
Add support for rekeying Fixes #292
|
2020-07-01 19:10:13 +05:30 |
|
max furman
|
d25e7f64c2
|
wip
|
2020-06-24 09:58:40 -07:00 |
|
max furman
|
3636ba3228
|
wip
|
2020-06-23 17:13:39 -07:00 |
|
max furman
|
1951669e13
|
wip
|
2020-06-23 11:10:45 -07:00 |
|
Mariano Cano
|
bfe1f4952d
|
Rename interface to CertificateEnforcer and add tests.
|
2020-03-31 11:41:36 -07:00 |
|
Mariano Cano
|
64f26c0f40
|
Enforce a duration for identity certificates.
|
2020-03-30 17:33:04 -07:00 |
|
Mariano Cano
|
05cc1437b7
|
Remove unnecessary parse of certificate.
|
2020-02-13 17:48:43 -08:00 |
|
Mariano Cano
|
43bd8113aa
|
Remove unnecessary comments.
|
2020-02-11 14:46:18 -08:00 |
|
Mariano Cano
|
69a1b68283
|
Merge branch 'ssh' into kms
|
2020-01-27 15:41:14 -08:00 |
|
max furman
|
b265877050
|
Simplify statuscoder error generators.
|
2020-01-24 13:46:11 -08:00 |
|
max furman
|
c387b21808
|
Introduce generalized statusCoder errors and loads of ssh unit tests.
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
|
2020-01-22 17:25:23 -08:00 |
|
Mariano Cano
|
c62526b39f
|
Add wip support for kms.
|
2020-01-09 18:42:26 -08:00 |
|
Mariano Cano
|
e67ccd9e3d
|
Add fault tolerance against clock skew accross system on TLS certificates.
|
2020-01-02 17:48:28 -08:00 |
|
Mariano Cano
|
8eeb82d0ce
|
Store renew certificate in the database.
|
2019-12-10 13:10:45 -08:00 |
|
Mariano Cano
|
0c3b9ebf45
|
Fix indentation.
|
2019-11-13 11:18:05 -08:00 |
|
max furman
|
a9ea292bd4
|
sshpop provisioner + ssh renew | revoke | rekey first pass
|
2019-11-05 16:41:42 -08:00 |
|
Jozef Kralik
|
bc6074f596
|
Change api of functions Authority.Sign, Authority.Renew
Returns certificate chain instead of 2 members.
Implements #126
|
2019-10-09 22:23:00 +02:00 |
|
max furman
|
fe7973c060
|
wip
|
2019-09-19 13:17:45 -07:00 |
|
Mariano Cano
|
2127d09ef3
|
Rename context type to apiCtx.
It will conflict with the context package.
|
2019-07-29 11:56:14 -07:00 |
|
max furman
|
ab4d569f36
|
Add /revoke API with interface db backend
|
2019-04-10 13:50:35 -07:00 |
|
Mariano Cano
|
8c8547bf65
|
Remove unnecessary parse and improve tests.
|
2019-03-20 18:11:45 -07:00 |
|
Mariano Cano
|
a3e2b4a552
|
Move certificate check to the right place.
|
2019-03-20 17:36:45 -07:00 |
|
Mariano Cano
|
30a6889d1f
|
Use standard x509 instead of step one.
|
2019-03-20 17:12:52 -07:00 |
|
Mariano Cano
|
7fd737cbb1
|
Fix lint warnings.
|
2019-03-11 18:47:57 -07:00 |
|
Mariano Cano
|
1f5ff5c899
|
Fix sign and renew tests.
|
2019-03-11 18:15:24 -07:00 |
|
Mariano Cano
|
c0ef6f8dc5
|
Add missing modifier and change return codes.
|
2019-03-07 16:03:38 -08:00 |
|
Mariano Cano
|
a97ea87caa
|
Move options to provisioner so we can set the duration of the cert.
|
2019-03-07 15:14:18 -08:00 |
|
Mariano Cano
|
1671ab2590
|
Fix some tests.
|
2019-03-07 12:15:18 -08:00 |
|
Mariano Cano
|
57b705f6cf
|
Use provisioner sign options.
|
2019-03-06 17:37:49 -08:00 |
|
Mariano Cano
|
d78febec7a
|
Fix extensions copy on renew
Fixes #36
|
2019-02-14 16:44:36 -08:00 |
|
max furman
|
7e43402575
|
bug fix: don't add common name to CSR validation claims in Sign
* added unit test for this case
|
2019-02-06 16:26:25 -08:00 |
|
max furman
|
e6e8443f3c
|
allow multiple identical SANs in cert
|
2019-01-31 11:20:21 -06:00 |
|
max furman
|
f0683c2e0a
|
Enable signing certificates with custom SANs
* validate against SANs in token. must be 1:1 equivalent.
|
2019-01-30 18:21:03 -06:00 |
|
Mariano Cano
|
d6cad2a7f3
|
Add provisioner option to disable renewal.
Fixes smallstep/ca-component#108
|
2018-11-01 15:43:24 -07:00 |
|
Mariano Cano
|
d574545d94
|
Format code with gofmt -s
|
2018-10-26 15:01:02 -07:00 |
|