Commit graph

2110 commits

Author SHA1 Message Date
Carl Tashian
8e1343224c Add arm6 to goreleaser 2021-05-10 09:59:33 -07:00
FibreFoX
9607691f9c
Added missing hints for running step-ca on Raspberry Pi
See #351, #344, #279
2021-05-08 22:28:22 +02:00
Mariano Cano
1788d09b44
Merge pull request #566 from smallstep/ed25519-improvements
Ed25519 improvements
2021-05-07 10:05:46 -07:00
Herman Slatman
877fc9ae8c
Add tests for CreateDecrypter 2021-05-07 15:32:07 +02:00
Mariano Cano
26e7cc6177 Allow to use the SDK with ed25519 keys. 2021-05-06 18:10:12 -07:00
Mariano Cano
c1c986922b Show Ed25519 in the public-key log field. 2021-05-06 18:09:40 -07:00
Herman Slatman
a3ec890e71
Fix small typo in divisible 2021-05-07 00:31:34 +02:00
Herman Slatman
54610e890b
Improve error logging 2021-05-07 00:23:09 +02:00
Herman Slatman
d0a9cbc797
Change fmt to errors package for formatting errors 2021-05-07 00:22:06 +02:00
Herman Slatman
ff1b46c95d
Add configuration option for specifying the minimum public key length
Instead of using the defaultPublicKeyValidator a new validator called
publicKeyMinimumLengthValidator has been implemented that uses a
configurable minimum length for public keys in CSRs.

It's also an option to alter the defaultPublicKeyValidator to also
take a parameter, but that would touch quite some lines of code. This
might be a viable option after merging SCEP support.
2021-05-06 22:56:28 +02:00
Herman Slatman
c04f556dc2
Merge branch 'master' into hs/scep 2021-05-06 22:00:29 +02:00
Mariano Cano
5a6517ca5b
Merge pull request #561 from LecrisUT/master
Check admin privileges from group membership
2021-05-05 16:57:13 -07:00
Cristian Le
d7eec869c2 Fix the previous tests 2021-05-05 10:37:30 +09:00
Cristian Le
c2d30f7260 gofmt everything 2021-05-05 10:29:47 +09:00
Cristian Le
f38a72a62b Leftover from previous commit 2021-05-05 10:17:08 +09:00
Cristian Le
1d2445e1d8 Removed the variadic username
Could be useful later on, but for the current PR changes should be minimized
2021-05-05 10:12:38 +09:00
Cristian Le
9e00b82bdf Revert oidc_test.go
Moving the `preferred_username` to a separate PR
2021-05-05 08:49:03 +09:00
Cristian Le
cd67d64eec Merge remote-tracking branch 'origin/master' 2021-05-05 08:16:14 +09:00
Cristian Le
decf0fc8ce Revert using preferred_username
It might present a security issue if the users can change this value for themselves. Needs further investigation
2021-05-05 08:15:26 +09:00
Cristian Le
21732f213b Fix shadow issue in CI 2021-05-05 08:15:26 +09:00
Mariano Cano
08e5ec6ad1 Fix IsAdminGroup comment. 2021-05-05 08:15:26 +09:00
Mariano Cano
46c1dc80fb Use map[string]struct{} instead of map[string]bool 2021-05-05 08:15:26 +09:00
Mariano Cano
aafac179a5 Add test for oidc with preferred usernames. 2021-05-05 08:15:26 +09:00
Cristian Le
f730c0bec4 Sanitize usernames 2021-05-05 08:15:26 +09:00
Cristian Le
48666792c7 Draft: adding usernames to GetIdentityFunc 2021-05-05 08:15:26 +09:00
Cristian Le
79eec83f3e Rename and reformat to PreferredUsername 2021-05-05 08:15:26 +09:00
Cristian Le
09a21fef26 Implement #550
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
2021-05-05 08:15:26 +09:00
Cristian Le
bb1e051b27 Revert using preferred_username
It might present a security issue if the users can change this value for themselves. Needs further investigation
2021-05-05 08:12:17 +09:00
Max
1ee288f9fb
Merge pull request #565 from smallstep/max/load-init
Init config on load | Add wrapper for cli
2021-05-04 15:02:41 -07:00
max furman
8c709fe3c2 Init config on load | Add wrapper for cli 2021-05-04 14:45:11 -07:00
max furman
9a156d2210 Remove distribution doc. 2021-05-04 12:30:05 -07:00
max furman
bc4bf224e8 [action] Add needs-triage labeler 2021-05-04 11:30:20 -07:00
Cristian Le
e5b206c1de Fix shadow issue in CI 2021-05-04 13:47:17 +09:00
Carl Tashian
0295280c20 Merge branch 'master' of https://github.com/smallstep/certificates 2021-05-03 16:19:47 -07:00
Carl Tashian
25325b6970 Revert systemd renewer unit change that was incorrect
This reverts commit 75f24a103a.
2021-05-03 16:19:36 -07:00
Mariano Cano
484b30d0a1 Fix IsAdminGroup comment. 2021-04-29 18:47:17 -07:00
Mariano Cano
9cc410b308 Use map[string]struct{} instead of map[string]bool 2021-04-29 18:40:04 -07:00
Mariano Cano
c8eb771a8e Add test for oidc with preferred usernames. 2021-04-29 18:37:48 -07:00
Cristian Le
8b1ab30212 Sanitize usernames 2021-04-30 09:41:06 +09:00
Cristian Le
bf364f0a5f Draft: adding usernames to GetIdentityFunc 2021-04-30 09:14:28 +09:00
Cristian Le
861ef80e0d Rename and reformat to PreferredUsername 2021-04-30 08:44:41 +09:00
Mariano Cano
b9b1ac04d1
Merge pull request #562 from smallstep/renew-db-interface
Renew DB interface and Rekey
2021-04-29 16:28:46 -07:00
Mariano Cano
5846314f88 Add missing Rekey method to the ca.Client
Fixes #315
2021-04-29 16:06:45 -07:00
Mariano Cano
2cbaee9c1d Allow to use an alternative interface to store renewed certs.
This can be useful to know if a certificate has been renewed and
link one certificate with the 'parent'.
2021-04-29 15:55:22 -07:00
Herman Slatman
68d5f6d0d2
Merge branch 'master' into hs/scep 2021-04-29 22:18:00 +02:00
Cristian Le
55fbcfb3be Implement #550
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
2021-04-29 15:44:21 +09:00
Joe Julian
0369151bfa
use InsecureSkipVerify for validation
The server will not yet have a valid certificate so we need to disable
certificate validation in the HTTPGetter.
2021-04-27 08:18:35 -07:00
Mariano Cano
582d6b161d
Merge pull request #531 from smallstep/tls-tunnel
Add experimental support for a TLS over TLS tunnel.
2021-04-26 18:51:33 -07:00
Mariano Cano
1328aa3e47 Fix review comments. 2021-04-26 18:45:46 -07:00
Mariano Cano
d3c6bcbcce
Merge pull request #553 from smallstep/store-chain
Add extension of db.AuthDB to store the fullchain
2021-04-26 14:37:05 -07:00