mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
1547 commits 33 branches 197 tags 41 MiB
Commit graph

1547 commits

This branch
This branch
All branches
Author SHA1 Message Date
Herman Slatman
ffdd58ea3c
Add rudimentary (and incomplete) support for SCEP 2021-02-12 12:03:08 +01:00
Max
fc93d60c5d
Merge pull request #453 from smallstep/max/csr-san-empty 
Allow empty SAN in CSR for validation ...
 2021-01-14 19:30:11 -06:00
max furman
16665c97f0 Allow empty SAN in CSR for validation ... 
- The default template will always use the SANs from the token.
- If there are any SANs they must be validated against the token.
 2021-01-14 15:26:46 -06:00
Mariano Cano
00c6f08612
Merge pull request #440 from mkkeffeler/smallstep-by-provisioner-appendedcert 
Begins to fix issue 87
 2020-12-28 17:49:00 -08:00
Miclain Keffeler
ffbfcfb1f2 format. 2020-12-28 18:46:21 -06:00
Miclain K Keffeler
7a1eb43bb1
Update options.go 2020-12-28 17:12:37 -06:00
Miclain K Keffeler
f3396bf964
Update softcas.go 2020-12-28 17:10:44 -06:00
Mariano Cano
71a8e87eec Update go.sum with new version of go-piv. 2020-12-28 14:50:33 -08:00
Mariano Cano
6598ea9d73
Merge pull request #441 from gaffneyd4/gaffneyd4/x32 
Bump go-piv to v1.7.0 for x32 overflow fix
 2020-12-28 14:49:23 -08:00
Derek Gaffney
8416bd633d Bump go-piv to v1.7.0 for x32 overflow fix 2020-12-27 20:27:39 -05:00
Miclain Keffeler
e9bfa061b8 Merge branch 'smallstep-by-provisioner-appendedcert' of https://github.com/mkkeffeler/certificates into smallstep-by-provisioner-appendedcert 2020-12-23 22:46:41 -06:00
Miclain Keffeler
cf063d1f4a Revert "Begins to fix issue 87" 
This reverts commit e2ba4159c3.
 2020-12-23 22:46:21 -06:00
Miclain Keffeler
21dc406382 Begins to fix issue 87 2020-12-23 22:46:21 -06:00
Miclain Keffeler
bfd13f1f72 Revert "Begins to fix issue 87" 
This reverts commit e2ba4159c3.
 2020-12-23 22:43:47 -06:00
Miclain Keffeler
393c43201f Merge branch 'smallstep-by-provisioner-appendedcert' of https://github.com/mkkeffeler/certificates into smallstep-by-provisioner-appendedcert 2020-12-23 22:41:36 -06:00
Miclain Keffeler
7545b4a625 leverage intermediate_ca.crt for appending certs. 2020-12-23 22:41:10 -06:00
Miclain Keffeler
e2ba4159c3 Begins to fix issue 87 2020-12-22 16:39:39 -06:00
Max
c255863816
Merge pull request #438 from smallstep/max/broken-validate-challenge-test 
Fix broken ValidateChallenge test
 2020-12-18 18:24:47 -05:00
max furman
265d49dbf8 Remove debug statement 2020-12-18 18:17:55 -05:00
max furman
1f9aa65d66 Add test case 2020-12-18 17:05:25 -05:00
max furman
20f8d950c4 Fix broken ValidateChallenge test 2020-12-18 11:18:42 -05:00
Mariano Cano
bae209741f
Merge pull request #436 from smallstep/upgrade-crypto 
Upgrade crypto and validate token id
 2020-12-17 15:12:32 -08:00
Mariano Cano
5017b7d21f Recalculate token id instead of validating it. 2020-12-17 14:52:34 -08:00
Mariano Cano
86c947babc Upgrade crypto and fix test. 2020-12-17 14:17:08 -08:00
Mariano Cano
0cf594a003 Validate payload ID. 
Related to #435
 2020-12-17 13:35:14 -08:00
Mariano Cano
d6ea8b13ab Upgrade crypto. 
Related to #435
 2020-12-17 13:34:50 -08:00
Mariano Cano
1feb4fcb26 Merge branch 'glance--sshagentkms' 2020-11-18 17:53:15 -08:00
Mariano Cano
ccc403cf89 Fix comments, and return an error instead of fatal. 2020-11-18 17:50:21 -08:00
Mariano Cano
7d9997618f Upgrade crypto to v0.7.1 
Add basic constraints extensions if defined.
 2020-11-18 16:57:24 -08:00
max furman
19a3cd10a1 [docs] provisioners fix attr dupe and give warning about stale docs 2020-11-18 16:57:24 -08:00
Mariano Cano
2c164f39cc Fix rebase. 2020-11-18 16:57:24 -08:00
Mariano Cano
317a6b6aca Fix mispell. 2020-11-18 16:57:24 -08:00
Mariano Cano
0fcf9f8bc4 Use test/bufconn instead of a real listener. 2020-11-18 16:57:24 -08:00
Mariano Cano
a0171c221e Add missing docs. 2020-11-18 16:57:24 -08:00
Mariano Cano
74111d4432 Enable default cas implementation. 2020-11-18 16:57:24 -08:00
Mariano Cano
dfdbf493ac Add some extra tests. 2020-11-18 16:57:24 -08:00
Mariano Cano
b4795fcd28 Complete tests for softCAS. 2020-11-18 16:57:24 -08:00
Mariano Cano
1c77538d48 Fix lint error. 2020-11-18 16:57:24 -08:00
Mariano Cano
a01c3defc0 Complete CloudCAS tests. 
Upgrade cloud.google.com/go
 2020-11-18 16:57:24 -08:00
Mariano Cano
fb1f37648f Add missing files, mocks created using mockgen. 2020-11-18 16:57:24 -08:00
Mariano Cano
2611fc04d4 Add initial tests for CreateCertificateAuthority. 2020-11-18 16:57:24 -08:00
Mariano Cano
062edcdfb4 Fix unexpected error. 2020-11-18 16:57:24 -08:00
Mariano Cano
9607eddd6a Remove unused code. 2020-11-18 16:57:24 -08:00
Mariano Cano
fcaaab94a4 Add method to create a CertificateAuthorityResponse. 2020-11-18 16:57:24 -08:00
Mariano Cano
a3f729fc28 Add support for local signing or cloudCAS intermediates. 2020-11-18 16:57:24 -08:00
Mariano Cano
fe7db340b0 Update go.step.sm/crypto dependency. 2020-11-18 16:57:24 -08:00
Mariano Cano
5deca85b14 Add initial support for step ca init with cloud cas. 
Fixes smallstep/cli#363
 2020-11-18 16:57:24 -08:00
Mariano Cano
921de7e07f Upgrade crypto to v0.7.1 
Add basic constraints extensions if defined.
 2020-11-17 11:43:12 -08:00
max furman
2799ef9626 [docs] provisioners fix attr dupe and give warning about stale docs 2020-11-16 12:30:41 -05:00
Anton Lundin
3e6137110b Add support for using ssh-agent as a KMS 
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys
for issuing ssh certificates signed by a key managed by a ssh-agent. It
uses the golang.org/x/crypto package to get a native Go implementation
to talk to a ssh-agent.

This was primarly written to be able to use gpg-agent to provide the
keys stored in a YubiKeys openpgp interface, but can be used for other
setups like proxying a ssh-agent over network.

That way the signing key for ssh certificates can be kept in a
"sign-only" hsm.

This code was written for my employer Intinor AB, but for simplicity
sake gifted to me to contribute upstream.

Signed-off-by: Anton Lundin <glance@acc.umu.se>
 2020-11-04 09:06:23 +01:00