max furman
66858a3870
No longer need to ignore context warnings when context in request
...
- after upgrade to golangci-lint 1.50.0
2 years ago
Raal Goff
d0e81af524
Merge branch 'master' into crl-support
2 years ago
max furman
4c7a2ce3eb
Fix errors.As linter warnings
2 years ago
max furman
7c5e5b2b87
Even more linter fixes
2 years ago
max furman
1e0ea6f958
more linting fixes
2 years ago
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2 years ago
Mariano Cano
221e756f40
Use render.Error on crl endpoint
2 years ago
Raal Goff
d2483f3a70
Merge branch 'master' into crl-support
...
# Conflicts:
# authority/config/config.go
2 years ago
Mariano Cano
23b8f45b37
Address gosec warnings
...
Most if not all false positives
2 years ago
Mariano Cano
2db15e4eb5
Remove unnecessary log entries
...
These log entries add CodeQL warnings and are not necessary because
our default http.ResponseWriter allows adding log entries.
2 years ago
max furman
1dd0d7d0ee
Update bad serial error to be more specific
2 years ago
max furman
7052a32c2c
Validate revocation serial number
2 years ago
Raal Goff
9fa5f46213
add minor doco, Test_CRLGeneration(), fix some issues from merge
2 years ago
Raal Goff
60671b07d7
Merge branch 'master' into crl-support
...
# Conflicts:
# api/api.go
# authority/config/config.go
# cas/softcas/softcas.go
# db/db.go
2 years ago
Mariano Cano
1be74eca62
Merge branch 'master' into ssh-renew-provisioner
2 years ago
Mariano Cano
6b3a8f22f3
Add provisioner to SSH renewals
...
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
2 years ago
Mariano Cano
d461918eb0
Merge branch 'master' into context-authority
2 years ago
Mariano Cano
43ddcf2efe
Do not use deprecated AuthorizeSign
2 years ago
Herman Slatman
2b7f6931f3
Change Subject Common Name verification
...
Subject Common Names can now also be configured to be allowed or
denied, similar to SANs. When a Subject Common Name is not explicitly
allowed or denied, its type will be determined and its value will be
validated according to the constraints for that type of name (i.e. URI).
3 years ago
Mariano Cano
48e2fabeb8
Add authority.MustFromContext
3 years ago
Mariano Cano
817af3d696
Fix unit tests on the api package
3 years ago
Mariano Cano
a93653ea8e
Use api.Route instead of the caHandler.
3 years ago
Mariano Cano
a6b8e65d69
Retrieve the authority from the context in api methods.
3 years ago
Herman Slatman
74a6e59b1f
Add tests for ProtoJSON and bad proto messages
3 years ago
Herman Slatman
bddd08d4b0
Remove "proto:" prefix from bad proto JSON messages
3 years ago
Herman Slatman
a2cfbe3d54
Fix (part of) PR comments
3 years ago
Herman Slatman
6532c93303
Improve read.ProtoJSON bad protobuf body error handling
3 years ago
Herman Slatman
def9438ad6
Improve handling of bad JSON protobuf bodies
3 years ago
Herman Slatman
30d5d89a13
Improve test coverage for Policy Admin API
3 years ago
Raal Goff
49c41636cc
implemented some requested changes
3 years ago
Raal Goff
53dbe2309b
implemented some requested changes
3 years ago
Raal Goff
a607ab189a
requested changes
3 years ago
Raal Goff
d417ce3232
implement changes from review
3 years ago
Raal Goff
7d024cc4cb
change GenerateCertificateRevocationList to return DER, store DER in db instead of PEM, nicer PEM encoding of CRL, add Mock stubs
3 years ago
Raal Goff
e8fdb703c9
initial support for CRL
3 years ago
Herman Slatman
571b21abbc
Fix (most) PR comments
3 years ago
Herman Slatman
628d7448de
Don't return policy in provisioner JSON
3 years ago
Herman Slatman
2fbdf7d5b0
Merge branch 'master' into herman/allow-deny
3 years ago
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages ( #860 )
...
* api/render: initial implementation of the package
* acme/api: refactored to support api/render
* authority/admin: refactored to support api/render
* ca: refactored to support api/render
* api: refactored to support api/render
* api/render: implemented Error
* api: refactored to support api/render.Error
* acme/api: refactored to support api/render.Error
* authority/admin: refactored to support api/render.Error
* ca: refactored to support api/render.Error
* ca: fixed broken tests
* api/render, api/log: moved error logging to this package
* acme: refactored Error so that it implements render.RenderableError
* authority/admin: refactored Error so that it implements render.RenderableError
* api/render: implemented RenderableError
* api/render: added test coverage for Error
* api/render: implemented statusCodeFromError
* api: refactored RootsPEM to work with render.Error
* acme, authority/admin: fixed pointer receiver name for consistency
* api/render, errs: moved StatusCoder & StackTracer to the render package
3 years ago
Andrew Reed
d5d70baba7
Add /roots.pem handler ( #866 )
...
* Add /roots.pem handler
* Review changes
* Remove no peer cert test case
3 years ago
Herman Slatman
23676d3bcc
Merge branch 'master' into herman/allow-deny
3 years ago
Panagiotis Siatras
b98f86a515
scep: minor cleanup ( #867 )
...
* api, scep: removed scep.Error
* scep/api: replaced nextHTTP with http.HandlerFunc
* scep/api: renamed writeSCEPResponse to writeResponse
* scep/api: renamed decodeSCEPRequest to decodeRequest
* scep/api: renamed writeError to fail
* scep/api: replaced pkg/errors with errors
* scep/api: formatted imports
* scep/api: do not export SCEPRequest & SCEPResponse
* scep/api: do not export Handler
* api: flush errors better
3 years ago
Herman Slatman
613c99f00f
Fix linting issues
3 years ago
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
3 years ago
Herman Slatman
6b620c8e9c
Improve protobuf unmarshaling error handling
3 years ago
Panagiotis Siatras
80abda22ee
api/log: initial implementation of the package ( #859 )
...
* api/log: initial implementation of the package
* api: refactored to support api/log
* scep/api: refactored to support api/log
* api/log: documented the package
* api: moved log-related tests to api/log
3 years ago
Panagiotis Siatras
df89ed5acb
api: moved read-related tests to api/read
3 years ago
Panagiotis Siatras
29092b9d8a
api: refactored to use the read package
3 years ago
Panagiotis Siatras
7fb8acda27
api/read: initial implementation of the package
3 years ago
Herman Slatman
81b0c6c37c
Add API implementation for authority and provisioner policy
3 years ago
Mariano Cano
f8df6a1acc
Change variable name for consistency
3 years ago
Mariano Cano
616490a9c6
Refactor renew after expiry token authorization
...
This changes adds a new authority method that authorizes the
renew after expiry tokens.
3 years ago
Mariano Cano
afb5d36206
Allow to renew certificates using an x5c-like token.
3 years ago
Herman Slatman
5fe9909174
Refactor AdminAuthority interface
3 years ago
Herman Slatman
5f224b729e
Add tests for Provisioner Admin API
3 years ago
Herman Slatman
d799359917
Merge branch 'master' into hs/acme-eab
3 years ago
Herman Slatman
2215a05c28
Add tests for ACME EAB Admin
...
Refactored some of the existing bits for testing the Authority
API by creation of a new LinkedAuthority interface and changing
visibility of the MockAuthority to be usable by other packages.
At this time, not all of the functions of MockAuthority it usable
yet. Will refactor when needed or requested.
3 years ago
Mariano Cano
0cebde3db5
Change fallback message on RekeySSH.
3 years ago
Mariano Cano
9fd147f3da
Change error message.
3 years ago
Mariano Cano
b5db3f5706
Modify errs.ForbiddenErr to always return an error to the cli.
3 years ago
Mariano Cano
668d3ea6c7
Modify errs.Wrap() with bad request to send messages to users.
3 years ago
Mariano Cano
8c8db0d4b7
Modify errs.BadRequestErr() to always return an error to the client.
3 years ago
Mariano Cano
8ce807a6cb
Modify errs.BadRequest() calls to always send an error to the client.
3 years ago
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
3 years ago
max furman
933b40a02a
Introduce gocritic linter and address warnings
3 years ago
Mariano Cano
833d28cb6a
Clone the certificate in case we need to look at it later.
3 years ago
Mariano Cano
568fce201a
Enforce identity cert to match ssh cert on renewals.
3 years ago
Mariano Cano
4aa529605d
Merge pull request #641 from hillu/quote-serial
...
Log certificate's serial number as stringified decimal number
3 years ago
Herman Slatman
9210a6740b
Fix logging provisioner name as string
3 years ago
Hilko Bengen
edb01bc9f2
Log certificate's serial number as stringified decimal number
...
Using a JSON string fixes a common issue with JSON parsers that
deserialize all numbers to a 64-bit IEEE-754 floats. (Certificate
serial numbers are usually 128 bit values.)
This change is consistent with existing log entries for revocation
requests.
See also: #630 , #631
3 years ago
max furman
77fdfc9fa3
Merge branch 'master' into max/cert-mgr-crud
3 years ago
max furman
9fdef64709
Admin level API for provisioner mgmt v1
3 years ago
Mariano Cano
65dacc2795
Replace golint with revive
3 years ago
Herman Slatman
a191319da9
Improve SCEP API logic and error handling
3 years ago
Herman Slatman
bc2bb53009
Merge branch 'master' into hs/scep
3 years ago
max furman
4f3e5ef64d
wip
3 years ago
max furman
5d09d04d14
wip
3 years ago
max furman
7b5d6968a5
first commit
3 years ago
Mariano Cano
c1c986922b
Show Ed25519 in the public-key log field.
4 years ago
Herman Slatman
0487686f69
Merge branch 'master' into hs/scep
4 years ago
max furman
2e0e62bc4c
add WriteError method for acme api
4 years ago
max furman
fd447c5b54
Fix small nbf->naf bug in db.CreateOrder
...
- still needs unit test
4 years ago
max furman
1135ae04fc
[acme db interface] wip
4 years ago
Herman Slatman
2fc5a7f22e
Improve SCEP API logic and error handling
4 years ago
max furman
f88f58440f
add //nolint for new 1.16 deprecation warnings
...
- dsa
- pem.DecryptPEMBlock
4 years ago
Mariano Cano
c94a1c51be
Merge branch 'master' into ssh-cert-templates
4 years ago
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
4 years ago
Mariano Cano
aaaa7e9b4e
Merge branch 'master' into cert-templates
4 years ago
max furman
8e3481a8ef
[logger map] small optimization
...
Rather than doing two key writes and one lookup, just write once.
4 years ago
max furman
55bf5a4526
Add cert logging for acme/certificate api
4 years ago
Mariano Cano
4943ae58d8
Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates.
4 years ago
Mariano Cano
e83e47a91e
Use sshutil and randutil from go.step.sm/crypto.
4 years ago
Mariano Cano
3b19bb9796
Add TemplateData to SSHSignRequest.
...
Add some omitempty tags.
4 years ago
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
4 years ago
Mariano Cano
068bafe5a3
Add templateData to api sign request.
4 years ago
max furman
fd05f3249b
A few last fixes and tests added for rekey/renew ...
...
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
4 years ago
dharanikumar-s
dfda497929
Renamed RenewOrRekey to Rekey
4 years ago
dharanikumar-s
a3b5211e0f
gofmted the code
4 years ago
dharanikumar-s
954fda657b
Added renewOrRekey to mockAuthority. Added Test_caHandler_Rekey
4 years ago
dharanikumar-s
01a6469d25
Moved peer certificate check to the first line
4 years ago