Mariano Cano
a627f21440
Fix AuthorizeSSHSign tests with extra SignOption
2022-05-18 18:51:36 -07:00
Mariano Cano
e7d7eb1a94
Add provisioner as a signOption for SSH
2022-05-18 18:42:42 -07:00
Mariano Cano
293586079a
Store provisioner with SignSSH
...
This change also allows to store the old certificate on renewal on
linkedca or if the db interface supports it.
2022-05-18 18:33:53 -07:00
Mariano Cano
c8d7ad7ab9
Fix store certificates methods with new interface
2022-05-18 18:33:22 -07:00
Mariano Cano
de99c3cac0
Report provisioner and parent on linkedca
2022-05-18 18:30:53 -07:00
Mariano Cano
20b2c6a201
Extract cert storer methods from AuthDB
...
To be able to extend the AuthDB with methods that also extend the
provisioner we need to either create a new method or to split the
interface. This change splits the interface so we can have a cleaner
implementation.
2022-05-18 18:27:37 -07:00
Herman Slatman
9e05cc4d51
Merge pull request #940 from smallstep/herman/improve-renew-expired-cert-error
...
Improve error message when client renews with expired certificate
2022-05-19 01:46:01 +02:00
Herman Slatman
479eda7339
Improve error message when client renews with expired certificate
...
When a client provides an expired certificate and `AllowAfterExpiry`
is not enabled, the client would get a rather generic error with
instructions to view the CA logs. Viewing the CA logs can be done
when running `step-ca`, but they can't be accessed easily in the
hosted solution.
This commit returns a slightly more informational message to the
client in this specific situation.
2022-05-19 01:25:30 +02:00
max furman
fff00aca78
Updates to issue templates
2022-05-18 15:56:40 -07:00
max furman
bfb406bf70
Fixes for PR review
2022-05-18 09:43:32 -07:00
Herman Slatman
14524d7916
Merge pull request #938 from smallstep/herman/update-crypto-0.16.2
...
Update go.step.sm/crypto to v0.16.2
2022-05-18 09:15:18 +02:00
Herman Slatman
d1ab1d5431
Merge branch 'master' into herman/update-crypto-0.16.2
2022-05-18 09:11:38 +02:00
Herman Slatman
984e4fcff8
Merge pull request #932 from smallstep/herman/pkcs7-patches
...
Use github.com/smallstep/pkcs7 fork with (selected) patches applied
2022-05-18 09:10:48 +02:00
Herman Slatman
b75ce3acbd
Update to go.step.sm/crypto v0.16.2
...
This patch release of go.step.sm/crypto fixes an issue with
not all `Subject` names being available for usage in a template
as `ExtraNames`.
2022-05-17 23:39:01 +02:00
Mariano Cano
400b1ece0b
Remove scep handler after merge.
2022-05-12 17:39:36 -07:00
Mariano Cano
898ca41268
Merge branch 'master' into context-authority
2022-05-12 17:14:46 -07:00
Herman Slatman
ea084d71fb
Merge pull request #933 from smallstep/herman/allow-deny
...
Fix check for admin not belonging to provisioner that policy applies to
2022-05-12 16:42:26 +02:00
Herman Slatman
c695b23e24
Fix check for admin not belonging to policy
2022-05-12 16:33:32 +02:00
max furman
25b8d196d8
Couple changes in response to PR
...
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
admins when not using Admin API
2022-05-11 17:04:43 -07:00
Mariano Cano
d0c0733691
Merge pull request #924 from vijayjt/vijayt/helmchart-kms
...
Allow KMS type to be specified in the helm chart values YAML
2022-05-11 14:14:25 -07:00
Herman Slatman
7030dbb7a1
Use github.com/smallstep/pkcs7 fork with patches applied
2022-05-11 21:18:47 +02:00
Herman Slatman
d51913f62a
Merge pull request #917 from smallstep/herman/scep-get
...
Add SCEP GET requests
2022-05-11 15:32:45 +02:00
Mariano Cano
8942422973
Add GetID() and add authority to initial context
2022-05-10 16:51:09 -07:00
Herman Slatman
688ae837a4
Add some tests for SCEP request decoding
2022-05-07 00:26:18 +02:00
Herman Slatman
c9a89d13ee
Merge branch 'master' into herman/scep-get
2022-05-06 23:49:53 +02:00
Mariano Cano
1e03bbb1af
Change types in the ACMEAdminResponder
2022-05-06 14:11:10 -07:00
Mariano Cano
f639bfc53b
Use contexts on the new PolicyAdminResponder
2022-05-06 14:05:08 -07:00
Mariano Cano
d461918eb0
Merge branch 'master' into context-authority
2022-05-06 13:21:41 -07:00
Herman Slatman
65090daac3
Merge pull request #788 from smallstep/herman/allow-deny
...
Add allow/deny policy for x509 SANs and SSH Principals
2022-05-06 19:11:34 +02:00
Herman Slatman
cc26a0b394
Explicitly disable wildcard Common Name constraint
2022-05-06 13:58:48 +02:00
Herman Slatman
0f4ffa504a
Fix linting issues
2022-05-06 13:23:09 +02:00
Herman Slatman
7104299119
Add full policy validation in API
2022-05-06 13:12:13 +02:00
Mariano Cano
2ea0c70344
Move acme context middleware to deprecated handler
2022-05-05 12:25:07 -07:00
Herman Slatman
ed231d29e2
Update to go.step.sm/linkedca@v0.16.1
2022-05-05 15:57:47 +02:00
Herman Slatman
105211392c
Don't rely on linkedca model stability in API response bodies
2022-05-05 14:10:52 +02:00
Herman Slatman
5e9bce508d
Unexport GetPolicy()
2022-05-05 12:32:53 +02:00
Herman Slatman
f0272dc717
Fix import replacement of linkedca
2022-05-05 11:10:21 +02:00
Herman Slatman
60d8b22d89
Change context retrievers to MustTFromContext
2022-05-05 11:05:57 +02:00
Mariano Cano
d51c6b7d83
Make step handler backward compatible
2022-05-04 19:20:34 -07:00
Mariano Cano
43ddcf2efe
Do not use deprecated AuthorizeSign
2022-05-04 17:35:34 -07:00
vijayjt
02c0ae81ac
Allow KMS type to be specified in the helm chart template if specified on the command line.
2022-05-05 00:10:59 +01:00
Mariano Cano
62d93a644e
Apply base context to test of the ca package
2022-05-02 19:39:50 -07:00
Mariano Cano
9147356d8a
Fix linter errors
2022-05-02 18:47:47 -07:00
Mariano Cano
a8a4261980
Fix authority/admin/api tests
2022-05-02 18:39:03 -07:00
Mariano Cano
2ab7dc6f9d
Fix acme tests.
2022-05-02 18:09:26 -07:00
Mariano Cano
ba499eeb2a
Fix acme/api tests.
2022-05-02 17:40:10 -07:00
Mariano Cano
6f9d847bc6
Fix panic in acme/api tests.
2022-05-02 17:35:35 -07:00
Herman Slatman
723c4c14c0
Merge branch 'master' into herman/allow-deny
2022-05-02 16:29:00 +02:00
Herman Slatman
77893ea55c
Change authority policy to use dbPolicy model
2022-05-02 15:55:26 +02:00
Herman Slatman
13173ec8a2
Fix SCEP GET requests
2022-05-01 22:29:17 +02:00