Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,289 Commits
40 Branches
214 Tags
92 MiB
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd83ca96d2a'
${ noResults }
Commit Graph

124 Commits (d83ca96d2a37f3846280c739637b994cb7cfb8c6)

Author SHA1 Message Date
Herman Slatman e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 3 years ago
Mariano Cano 7ec1424cb6 Fix help. 3 years ago
Mariano Cano 8366b7ddf1 Revert "Remove extractable from StoreCertificate." 
This reverts commit 614ee79489.
 3 years ago
Mariano Cano 614ee79489 Remove extractable from StoreCertificate. 3 years ago
Mariano Cano fa11e82b67 Add tests with extractable property. 3 years ago
Mariano Cano 886b9a1d8d Store the certificate passed. 3 years ago
Mariano Cano aa80bf9f07 Merge branch 'smallstep_master' into extractable 3 years ago
Mariano Cano 6be383da34 Refactor pkcs#11 extractable certs and keys. 3 years ago
Mariano Cano bef50bd7d9 Fix typo in variable name. 3 years ago
Mariano Cano ead394fba7 Add strategy to retry the sign operation if the key is not yet ready 3 years ago
Mariano Cano edd475b81b Allow to configure azurekms using the URI 
With an URI, azurekms can be configured with client credentials,
and it can define a default vault and protection level.
 3 years ago
Mariano Cano 44f0d61354 Fix typo. 3 years ago
Mariano Cano a2b03083c8 Fix gocritic warnings. 3 years ago
Mariano Cano 2aee71b4c0 Fix typo. 3 years ago
Mariano Cano e15b5faf7d Merge branch 'master' into keyvault 3 years ago
Mariano Cano 5d0bd7d155 Fix grammar in comments. 3 years ago
max furman 5fc24c697c Fix a few more linter warnings and remove GOFLAGS from make lint 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Mariano Cano f6e69bf826 Fix typo. 3 years ago
Mariano Cano c638c282d8 Add omitempty to KMS options. 3 years ago
Mariano Cano 822a1e3bdb Add variable with the default implementation. 3 years ago
Mariano Cano 2240ebbadc Add NameValidator interface and implement it for azurekms. 3 years ago
Mariano Cano abdb56065d Allow o specify an hsm using the uri. 3 years ago
Mariano Cano f1ef3fb351 Add GetBool(s string) bool to URI type. 3 years ago
Mariano Cano 500b540406 Remove unused code. 3 years ago
Mariano Cano 2026787ce4 Add some extra coverage. 3 years ago
Mariano Cano 08c9902f29 Add new alias in the kms package. 3 years ago
Mariano Cano 505b1f3678 Add new test case with a version in the opaque string. 3 years ago
Mariano Cano d2581489a3 Redefine uris and set proper type. 
URIs will now have the form:

  - azurekms:name=my-key;vault=my-vault
  - azurekms:name=my-key;vault=my-vault?version=my-version
 3 years ago
Mariano Cano 656099c4f0 Add type for azurekms. 3 years ago
Mariano Cano 56c3559e52 Add some extra coverage. 3 years ago
Mariano Cano 6389100325 Add unit tests for azurekms. 3 years ago
Mariano Cano 97d08a1b61 Fix typos. 3 years ago
Mariano Cano 392a18465f Add initial implementation of Azure Key Vault KMS. 
Fixes #462
 3 years ago
Mariano Cano 6d644880bd Allow to kms signers to define the SignatureAlgorithm 
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.

On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
 3 years ago
max furman 8ba9013f5d gofmt linting errors 3 years ago
max furman 8bec473f8e fix gofmt linting errors 3 years ago
Mariano Cano abd78e2d2a Make kms uri compatible with Go 1.17. 
Go 1.17 introduces a change in the net/url package disallowing the
use of semicolon (;) in URL queries. We used url.ParseQuery to
decode the opaque string that is semicolon separated. This change
replaces the semicolon with ampersands before decoding it.
 3 years ago
Mariano Cano a864f0134d Fix key version when SHA512WithRSA is used. 
There was a typo creating RSA keys with SHA256 digests instead of
SHA512
 3 years ago
Gary Belvin 22b471acf9 Extractable certs 3 years ago
Gary Belvin be89459524 Set key export bit 3 years ago
Mariano Cano c4d0c8a18e Fix credentials file parameter on awskms 3 years ago
Herman Slatman 877fc9ae8c
Add tests for CreateDecrypter 3 years ago
Herman Slatman 68d5f6d0d2
Merge branch 'master' into hs/scep 3 years ago
Mariano Cano 180b5c3e3c Fix typo. 3 years ago
Herman Slatman 583d60dc0d
Address (most) PR comments 3 years ago
Herman Slatman 8c5b12e21d
Add non-TLS server and improve crypto.Decrypter interface 
A server without TLS was added to serve the SCEP endpoints. According
to the RFC, SCEP has to be served via HTTP. The `sscep` client, for
example, will stop any URL that does not start with `http://` from
being used, so serving SCEP seems to be the right way to do it.

This commit adds a second server for which no TLS configuration is
configured. A distinct field in the configuration, `insecureAddress`
was added to specify the address for the insecure server.

The SCEP endpoints will also still be served via HTTPS. Some clients
may be able to work with that.

This commit also improves how the crypto.Decrypter interface is
handled for the different types of KMSes supported by step. The
apiv1.Decrypter interface was added. Currently only SoftKMS
implements this interface, providing a crypto.Decrypter required
for SCEP operations.
 3 years ago
Herman Slatman 7948f65ac0
Merge branch 'master' into hs/scep 3 years ago
Herman Slatman 7ad90d10b3
Refactor initialization of SCEP authority 3 years ago
Max 8ead310d24
Merge pull request #485 from smallstep/max/actions 
Convert to github actions
 3 years ago