Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,045 Commits
40 Branches
214 Tags
92 MiB
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'herman/wrapped-listener'
${ noResults }
Commit Graph

361 Commits (herman/wrapped-listener)

Author SHA1 Message Date
Mariano Cano b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3 6 months ago
Herman Slatman f453323ba9
Merge pull request #1631 from smallstep/herman/fix-apple-acmeclient-invalid-signatures 6 months ago
Herman Slatman 405aae798c
Simplify the `copy` logic used when patching JWS signature 6 months ago
Max d34f0f6a97
Fix linter warnings (#1634) 6 months ago
Herman Slatman 26a3bb3c11
Make the Apple JWS fix more robust and catch more cases. 6 months ago
Herman Slatman 113491e7af
Remove TODO for patching other algorithms for Apple ACME client 6 months ago
Herman Slatman 06f4cbbcda
Add (temporary) fix for missing null bytes in Apple JWS signatures 
Apparently the Apple macOS (and iOS?) ACME client seems to omit
leading null bytes from JWS signatures. The base64-url encoded
bytes decode to a shorter byte slice than what the JOSE library
expects (e.g. 63 bytes instead of 64 bytes for ES256), and then
results in a `jose.ErrCryptoFailure`.

This commit retries verification of the JWS in case the first
verification fails with `jose.ErrCryptoFailure`. The signatures are
checked to be of the correct length, and if not, null bytes are
prepended to the signature. Then verification is retried, which
might fail again, but for other reasons. On success, the payload
is returned.

Apple should fix this in their ACME client, but in the meantime
this commit prevents some "bad request" error cases from happening.
 6 months ago
Dominic Evans 231b5d8406 chore(deps): upgrade github.com/go-chi/chi to v5 
Upgrade chi to the v5 module path to avoid deprecation warning about v4
and earlier on the old module path.

See https://github.com/go-chi/chi/blob/v4.1.3/go.mod#L1-L4

Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
 9 months ago
Herman Slatman f2993c4c3b
Use the legacy `tpm2` package import 9 months ago
Max 116ff8ed65
bump go.mod to go1.20 and associated linter fixes (#1518) 9 months ago
Mariano Cano d8eeebfd51
Fix error string in tests 
This commit fixes a test checking an error string from an external
dependency.
 10 months ago
Herman Slatman c952e9fc9d
Use `NewDetailedError` instead 10 months ago
Herman Slatman f3c24fe875
Change how multiple identifiers are printed in errors 10 months ago
Herman Slatman a0cdad335d
Add test for `WithAdditionalErrorDetail` 10 months ago
Herman Slatman 9a52675865
Return descriptive error when using unsupported format 10 months ago
Herman Slatman 0d3338ff3a
Return consistent ACME error types for specific cases 10 months ago
Herman Slatman df22b8a303
Cleanup some leftover TODOs 10 months ago
Herman Slatman dd9bf1e915
Add error details for the `step` format 10 months ago
Herman Slatman 9cbbd1d575
Add error details to ACME `tpm` format validation errors 10 months ago
Herman Slatman d5dd8feccd
Prevent internal errors from being returned to ACME clients 10 months ago
Herman Slatman 979e0f8f51
Add error details to select error cases for `apple` format 10 months ago
Herman Slatman a5801b3c74
Fix TPM simulator initialization for tests 11 months ago
Max 7731edd816
Store and verify Acme account location (#1386) 
* Store and verify account location on acme requests

Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
Co-authored-by: Mariano Cano <mariano@smallstep.com>
 1 year ago
Herman Slatman e71b62e95c
Merge branch 'master' into herman/update-crypto-v0.29.4 1 year ago
max furman 8b256f0351
address linter warning for go 1.19 1 year ago
Herman Slatman 0c2b00f6a1
Depend on our fork of `go-attestation` 1 year ago
Herman Slatman d9aa2c110f
Increase test coverage for AK certificate properties 1 year ago
Herman Slatman ed1a62206e
Add additional verification of AK certificate 1 year ago
Herman Slatman 1c38e252a6
Cast `alg` to a valid `COSEAlgorithmIdentifier` 1 year ago
Herman Slatman e25acff13c
Simplify `alg` validity check 1 year ago
Herman Slatman 9cd4b362f7
Extract the `ParseSubjectAlternativeNames` function 1 year ago
Herman Slatman b6957358fc
Fix PR remarks 
- Root CA error message improved
- Looping through intermediate certs
- Change checking unhandled extensions to using `if`
 1 year ago
Herman Slatman 09bd7705cd
Fix linting issues 1 year ago
Herman Slatman f88ef6621f
Add `PermanentIdentifier` SAN parsing and tests 1 year ago
Herman Slatman 52023d6083
Add tests for `doTPMAttestationFormat` 1 year ago
Herman Slatman ae30f6e96b
Add failing TPM simulator test 1 year ago
Herman Slatman bf53b394a1
Add `tpm` format test with simulated TPM 1 year ago
Herman Slatman 094f0521e2
Remove check for `PermanentIdentifier` from `tpm` format validation 1 year ago
Herman Slatman 589a62df74
Make validation of `tpm` format stricter 1 year ago
Herman Slatman 213b31bc2c
Simplify processing logic for unhandled critical extension 1 year ago
Herman Slatman e1c7e8f00b
Return the CSR public key fingerprint for `tpm` format 1 year ago
Herman Slatman 6297bace1a
Merge branch 'master' into herman/acme-da-tpm 1 year ago
Herman Slatman 69489480ab
Add more complete `tpm` format validation 1 year ago
Mariano Cano 5ff0dde819
Remove json tag in acme.Authorization fingerprint 1 year ago
Mariano Cano 6ba20209c2
Verify CSR key fingerprint with attestation certificate key 
This commit makes sure that the attestation certificate key matches the
key used on the CSR on an ACME device attestation flow.
 1 year ago
Herman Slatman 3a6fc5e0b4
Remove dependency on `smallstep/assert` in ACME challenge tests 1 year ago
Herman Slatman 0f1c509e4b
Remove debug utility 1 year ago
Herman Slatman 0f9128c873
Fix linting issue and order of test SUT 1 year ago
Herman Slatman 2ab9beb7ed
Add tests for `deviceAttest01Validate` 1 year ago
Herman Slatman ed61c5df5f
Cleanup some leftover debug statements 1 year ago