Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,284 Commits
42 Branches
214 Tags
91 MiB
mariano/log-errors
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
mariano/account-provisioner
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

74 Commits (master)

Author SHA1 Message Date
Panagiotis Siatras dd1ff9c15b
Implementation of the Prometheus endpoint (#1669) 
Implementation of the http://{metricsAddress}/metrics Prometheus endpoint.
 4 months ago
Max 9f84f7ce35
Allow for identity certificate signing (in sshSign) by skipping validators (#1572) 
- skip urisValidator for identity certificate signing. Implemented
  by building the validator with the context in a hacky way.
 7 months ago
Max b7c4ed26fb
Use provisioner name in error message (#1524) 8 months ago
max furman 8b256f0351
address linter warning for go 1.19 1 year ago
Mariano Cano c7f226bcec
Add support for renew when using stepcas 
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.

The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.

Fixes #1021 for stepcas
 2 years ago
max furman ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2 years ago
Mariano Cano 8fc4a58242 Fix nil pointer exception, missing error 2 years ago
Mariano Cano 911cec21da
Merge pull request #943 from smallstep/ssh-renew-provisioner 
Add provisioner to SSH renewals
 2 years ago
Mariano Cano 94f5b92513 Use proper context in authority package 2 years ago
Mariano Cano 1be74eca62 Merge branch 'master' into ssh-renew-provisioner 2 years ago
Mariano Cano 6b3a8f22f3 Add provisioner to SSH renewals 
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
 2 years ago
Mariano Cano 43ddcf2efe Do not use deprecated AuthorizeSign 2 years ago
Mariano Cano c066694c0c Allow renew token issuer to be the provisioner name. 
For consistency with AuthorizeAdminToken, AuthorizeRenewToken will
allow the issuer to be either the fixed string 'step-ca-client/1.0'
or the provisioner name.
 2 years ago
Mariano Cano ad5aedfa60 Fix backward compatibility in AuthorizeAdminToken 
This commit validates both new and old issuers.
 2 years ago
Mariano Cano 4e4d4e882f Use a fixed string for renewal token issuer. 2 years ago
Mariano Cano 0a5dc237df Fix typo in comment. 2 years ago
Mariano Cano 00cd0f5f21
Apply suggestions from code review 
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
 2 years ago
Mariano Cano c8c59d68f5 Allow mTLS renewals if the provisioner extension does not exists. 
This fixes a backward compatibility issue with with the new
LoadProvisionerByCertificate.
 2 years ago
Mariano Cano af8fcf5b01 Use always LoadProvisionerByCertificate on authority package 2 years ago
Mariano Cano c55b27a2fc Refactor admin token to use with RAs. 2 years ago
Mariano Cano 616490a9c6 Refactor renew after expiry token authorization 
This changes adds a new authority method that authorizes the
renew after expiry tokens.
 2 years ago
Mariano Cano 259e95947c Add support for the provisioner controller 
The claimer, audiences and custom callback methods are now managed
by the provisioner controller in an uniform way.
 2 years ago
Herman Slatman 2d357da99b
Add tests for ACME revocation 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Mariano Cano 42fde8ba28
Merge branch 'master' into linkedca 3 years ago
Mariano Cano 9e5762fe06 Allow the reuse of azure token if DisableTrustOnFirstUse is true 
Azure caches tokens for 24h and we cannot issue a new certificate
for the same instance in that period of time.

The meaning of this parameter is to allow the signing of multiple
certificate in one instance. This is possible in GCP, because we
get a new token, and is possible in AWS because we can generate
a new one. On Azure there was no other way to do it unless you
wait for 24h.

Fixes #656
 3 years ago
Mariano Cano 4ad82a2f76 Check linkedca for revocation. 3 years ago
Mariano Cano f7542a5bd9 Move check of ssh revocation from provisioner to the authority. 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
Mariano Cano d79b4e709e Create a hash of a token if a token id is empty. 4 years ago
Mariano Cano ba918100d0 Use go.step.sm/crypto/jose 
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
 4 years ago
Mariano Cano 7846696fbb Fix return sign options on ssh sign. 4 years ago
max furman 1cb8bb3ae1 Simplify statuscoder error generators. 4 years ago
max furman dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests. 
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
 4 years ago
max furman 9caadbb341 Fix authority calling wrong revoke method 4 years ago
Mariano Cano 11c8639782 Add identity certificate in ssh response. 4 years ago
max furman 29853ae016 sshpop provisioner + ssh renew | revoke | rekey first pass 4 years ago
max furman 61d52a8510 Small fixes associated with PR review 
* additions and grammar edits to documentation
* clarification of error msgs
 5 years ago
Mariano Cano 004ea12212 Allow to use custom SSH user/host key files. 5 years ago
Mariano Cano 7a64a84761 Pass the given context. 5 years ago
Mariano Cano e1cd5ee8c3 Add context to the Authorize method. 
Fix tests.
 5 years ago
Mariano Cano 2127d09ef3 Rename context type to apiCtx. 
It will conflict with the context package.
 5 years ago
Mariano Cano 54570095d4 Merge branch 'master' into cloud-identities 5 years ago
max furman 81db527f12 NoopDB -> SimpleDB 5 years ago
max furman b73fe8c157 Add used OTT to DB during authToken step 5 years ago
Mariano Cano 27c98806c0 Use GetTokenID. 5 years ago
max furman 9977eff153 bump cli dep and fix text error msg 5 years ago
max furman ab4d569f36 Add /revoke API with interface db backend 5 years ago
Mariano Cano 1812c0619a Update go-jose to 2.3.0. 
This is a dependency for smallstep/cli#105, it will be solved once
square/go-jose#224 gets merged
 5 years ago
Mariano Cano 8a05cdde52 Add audience in the error v2 5 years ago