Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,202 Commits
40 Branches
214 Tags
92 MiB
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e15b5faf7d'
${ noResults }
Commit Graph

51 Commits (e15b5faf7d184997d27ff323aaa26cf6bd721acc)

Author SHA1 Message Date
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Mariano Cano 42fde8ba28
Merge branch 'master' into linkedca 3 years ago
Mariano Cano 9e5762fe06 Allow the reuse of azure token if DisableTrustOnFirstUse is true 
Azure caches tokens for 24h and we cannot issue a new certificate
for the same instance in that period of time.

The meaning of this parameter is to allow the signing of multiple
certificate in one instance. This is possible in GCP, because we
get a new token, and is possible in AWS because we can generate
a new one. On Azure there was no other way to do it unless you
wait for 24h.

Fixes #656
 3 years ago
Mariano Cano 4ad82a2f76 Check linkedca for revocation. 3 years ago
Mariano Cano f7542a5bd9 Move check of ssh revocation from provisioner to the authority. 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
Mariano Cano d79b4e709e Create a hash of a token if a token id is empty. 4 years ago
Mariano Cano ba918100d0 Use go.step.sm/crypto/jose 
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
 4 years ago
Mariano Cano 7846696fbb Fix return sign options on ssh sign. 4 years ago
max furman 1cb8bb3ae1 Simplify statuscoder error generators. 4 years ago
max furman dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests. 
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
 4 years ago
max furman 9caadbb341 Fix authority calling wrong revoke method 4 years ago
Mariano Cano 11c8639782 Add identity certificate in ssh response. 4 years ago
max furman 29853ae016 sshpop provisioner + ssh renew | revoke | rekey first pass 4 years ago
max furman 61d52a8510 Small fixes associated with PR review 
* additions and grammar edits to documentation
* clarification of error msgs
 5 years ago
Mariano Cano 004ea12212 Allow to use custom SSH user/host key files. 5 years ago
Mariano Cano 7a64a84761 Pass the given context. 5 years ago
Mariano Cano e1cd5ee8c3 Add context to the Authorize method. 
Fix tests.
 5 years ago
Mariano Cano 2127d09ef3 Rename context type to apiCtx. 
It will conflict with the context package.
 5 years ago
Mariano Cano 54570095d4 Merge branch 'master' into cloud-identities 5 years ago
max furman 81db527f12 NoopDB -> SimpleDB 5 years ago
max furman b73fe8c157 Add used OTT to DB during authToken step 5 years ago
Mariano Cano 27c98806c0 Use GetTokenID. 5 years ago
max furman 9977eff153 bump cli dep and fix text error msg 5 years ago
max furman ab4d569f36 Add /revoke API with interface db backend 5 years ago
Mariano Cano 1812c0619a Update go-jose to 2.3.0. 
This is a dependency for smallstep/cli#105, it will be solved once
square/go-jose#224 gets merged
 5 years ago
Mariano Cano 8a05cdde52 Add audience in the error v2 5 years ago
Mariano Cano f8fba4df6b Add audience in error. 5 years ago
Mariano Cano 23e6de57a2 Address comments in code review. 5 years ago
Mariano Cano 07cdc1021c Use OIDC nonce as the reuse key. 5 years ago
Mariano Cano ef4d809ee6 Move matchesAudience and stripPort tests to provisioner package. 5 years ago
Mariano Cano af9688c419 Fix some testing errors. 5 years ago
Mariano Cano 2d00cd0933 Validate audiences in the default provisioner. 5 years ago
Mariano Cano 57b705f6cf Use provisioner sign options. 5 years ago
Mariano Cano 602a42813c Re-enable replay protection for JWK provisioner. 5 years ago
Mariano Cano ab1cca03d7 Use new provisioners in authorize methods. 5 years ago
max furman 3415a1fef8 move SplitSANs to cli 5 years ago
max furman 6937bfea7b claims.SANS -> claims.SANs 5 years ago
max furman 93f39c64a0 backwards compat only when SANS empty 5 years ago
max furman fe8c8614b2 SANS backwards compat when token missing sujbect SAN 5 years ago
max furman f0683c2e0a Enable signing certificates with custom SANs 
* validate against SANs in token. must be 1:1 equivalent.
 5 years ago
Mariano Cano 7e95fc0e45 Strip ports on audience check. 
Services might have proxies behind them so we cannot rely on them.
Fixes #17
 6 years ago
Mariano Cano d6cad2a7f3 Add provisioner option to disable renewal. 
Fixes smallstep/ca-component#108
 6 years ago
max furman 0d9dd2d14b provisioner issuer -> name 6 years ago
max furman a4a461466b withProvisionerOID and unit test 6 years ago
max furman 283dc42904 add unit tests for MatchOne (token audience) and Authority.New 6 years ago
max furman ee7db4006a change sign + authorize authority api | add provisioners 
* authorize returns []interface{}
 - operators in this list can conform to any interface the user decides
 - our implementation has a combination of certificate claim validators
 and certificate template modifiers.
* provisioners can set and enforce tls cert options
 6 years ago
Mariano Cano 1c1ac1b3fb Add disableIssuedAt check functionality 
Fixes #86
 6 years ago
Mariano Cano 69da47a727 Set audience using the sign url. 6 years ago
max furman 0b5f6487e1 change provisioners api 
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
 6 years ago