Mariano Cano
c8e65abfb1
Fix linter warnings
2024-06-12 16:03:01 -07:00
Mariano Cano
b4616ee8f1
Upgrade linkedca
...
This commit upgrades go.step.sm/linkedca with dependencies required by
smallstep/certificates#1802 . It also fixes some linter warnings.
2024-06-12 15:54:17 -07:00
Mariano Cano
192e90eea7
Merge branch 'master' into mariano/account-provisioner
2024-05-16 14:25:57 -07:00
Mariano Cano
8673818980
Split provisioner check in two cases
2024-05-15 16:12:15 -07:00
Mariano Cano
f3f484cee2
Log errors using slog.Logger
...
This commit allows logging errors in a slog.Logger injected in the
context. This type of logger is not currently used directly in step-ca,
but this will change in the future.
2024-05-15 15:40:40 -07:00
Mariano Cano
5fa5a63de8
Verify provisioner with id if available
...
This commit allows verifying the account provisioner with the request
provisioner using the ID instead of the name. When the provisioner are
stored in the DB, the provisioner ID is not mutable but the name is.
2024-05-13 17:07:33 -07:00
Mariano Cano
b1e31b1726
Use always acme.IsErrNotFound
...
This commit replaces the comparisons with acme.ErrNotFound and always
uses acme.IsErrNotFound.
2024-05-06 15:11:58 -07:00
Mariano Cano
d037ed6ff2
Add provisioner id to acme accounts
...
This commit adds a new field that allows to have a reference to
a provisioner id in the acme account.
2024-05-06 11:58:22 -07:00
Mariano Cano
296ac4e207
Make ISErrNotFound more flexible
...
This commit allows to use the standard error sql.ErrNoRows for not found
errors.
2024-04-29 16:15:08 -07:00
verytrap
db92404342
chore: fix function names in comment
...
Signed-off-by: verytrap <wangqiuyue@outlook.com>
2024-04-10 10:35:39 +08:00
Mariano Cano
10f6a901ec
Let the CA determine the RA lifetime
...
When the RA mode with StepCAS is used, let the CA decide which lifetime
the RA should get instead of requiring always 24h.
This commit also fixes linter warnings.
Related to #1094
2024-03-12 14:29:55 -07:00
Herman Slatman
041b486c55
Remove usages of Sign
without context
2024-02-27 14:16:21 +01:00
Herman Slatman
2a8b80a3e1
Merge branch 'master' into herman/webhook-request-id
2024-02-27 12:17:10 +01:00
Herman Slatman
e52836f0ab
Add RS1
support for ACME device-attest-01
2024-01-07 21:25:36 +01:00
Herman Slatman
c59d293d26
Add support for HTTP_PROXY
and HTTPS_PROXY
to ACME solver client
2024-01-03 15:09:24 +01:00
Mariano Cano
b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3
2023-12-12 16:36:48 -08:00
Herman Slatman
f453323ba9
Merge pull request #1631 from smallstep/herman/fix-apple-acmeclient-invalid-signatures
2023-12-01 09:48:37 +01:00
Herman Slatman
405aae798c
Simplify the copy
logic used when patching JWS signature
2023-11-30 14:27:32 +01:00
Max
d34f0f6a97
Fix linter warnings ( #1634 )
2023-11-28 20:58:58 -08:00
Herman Slatman
26a3bb3c11
Make the Apple JWS fix more robust and catch more cases.
2023-11-29 02:30:28 +01:00
Herman Slatman
113491e7af
Remove TODO for patching other algorithms for Apple ACME client
2023-11-24 18:29:22 +01:00
Herman Slatman
06f4cbbcda
Add (temporary) fix for missing null bytes in Apple JWS signatures
...
Apparently the Apple macOS (and iOS?) ACME client seems to omit
leading null bytes from JWS signatures. The base64-url encoded
bytes decode to a shorter byte slice than what the JOSE library
expects (e.g. 63 bytes instead of 64 bytes for ES256), and then
results in a `jose.ErrCryptoFailure`.
This commit retries verification of the JWS in case the first
verification fails with `jose.ErrCryptoFailure`. The signatures are
checked to be of the correct length, and if not, null bytes are
prepended to the signature. Then verification is retried, which
might fail again, but for other reasons. On success, the payload
is returned.
Apple should fix this in their ACME client, but in the meantime
this commit prevents some "bad request" error cases from happening.
2023-11-24 18:21:01 +01:00
Dominic Evans
231b5d8406
chore(deps): upgrade github.com/go-chi/chi to v5
...
Upgrade chi to the v5 module path to avoid deprecation warning about v4
and earlier on the old module path.
See https://github.com/go-chi/chi/blob/v4.1.3/go.mod#L1-L4
Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
2023-09-20 11:26:32 +01:00
Herman Slatman
4ef093dc4b
Fix broken tests relying on Sign
in mocks
2023-09-19 16:55:59 +02:00
Herman Slatman
9e3807eaa3
Use SignWithContext
in the critical paths
2023-09-19 16:34:29 +02:00
Herman Slatman
4e06bdbc51
Add SignWithContext
method to authority and mocks
2023-09-19 16:30:53 +02:00
Herman Slatman
f2993c4c3b
Use the legacy tpm2
package import
2023-09-19 12:11:46 +02:00
Max
116ff8ed65
bump go.mod to go1.20 and associated linter fixes ( #1518 )
2023-08-29 11:52:13 -07:00
Mariano Cano
d8eeebfd51
Fix error string in tests
...
This commit fixes a test checking an error string from an external
dependency.
2023-08-17 12:03:16 -07:00
Herman Slatman
c952e9fc9d
Use NewDetailedError
instead
2023-08-04 11:24:22 +02:00
Herman Slatman
f3c24fe875
Change how multiple identifiers are printed in errors
2023-08-03 14:45:00 +02:00
Herman Slatman
a0cdad335d
Add test for WithAdditionalErrorDetail
2023-07-31 13:22:00 +02:00
Herman Slatman
9a52675865
Return descriptive error when using unsupported format
2023-07-31 12:29:07 +02:00
Herman Slatman
0d3338ff3a
Return consistent ACME error types for specific cases
2023-07-31 12:11:50 +02:00
Herman Slatman
df22b8a303
Cleanup some leftover TODOs
2023-07-31 11:59:26 +02:00
Herman Slatman
dd9bf1e915
Add error details for the step
format
2023-07-28 16:59:34 +02:00
Herman Slatman
9cbbd1d575
Add error details to ACME tpm
format validation errors
2023-07-28 16:28:47 +02:00
Herman Slatman
d5dd8feccd
Prevent internal errors from being returned to ACME clients
2023-07-28 14:39:35 +02:00
Herman Slatman
979e0f8f51
Add error details to select error cases for apple
format
2023-07-28 14:25:17 +02:00
Herman Slatman
a5801b3c74
Fix TPM simulator initialization for tests
2023-07-10 13:07:58 +02:00
Max
7731edd816
Store and verify Acme account location ( #1386 )
...
* Store and verify account location on acme requests
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
Co-authored-by: Mariano Cano <mariano@smallstep.com>
2023-06-06 23:37:51 -07:00
Herman Slatman
e71b62e95c
Merge branch 'master' into herman/update-crypto-v0.29.4
2023-05-10 22:28:35 +02:00
max furman
8b256f0351
address linter warning for go 1.19
2023-05-09 23:47:28 -07:00
Herman Slatman
0c2b00f6a1
Depend on our fork of go-attestation
2023-05-10 00:38:40 +02:00
Herman Slatman
d9aa2c110f
Increase test coverage for AK certificate properties
2023-04-06 14:35:48 +02:00
Herman Slatman
ed1a62206e
Add additional verification of AK certificate
2023-04-05 01:02:44 +02:00
Herman Slatman
1c38e252a6
Cast alg
to a valid COSEAlgorithmIdentifier
2023-04-04 12:22:58 +02:00
Herman Slatman
e25acff13c
Simplify alg
validity check
2023-04-03 22:32:26 +02:00
Herman Slatman
9cd4b362f7
Extract the ParseSubjectAlternativeNames
function
2023-04-03 22:21:29 +02:00
Herman Slatman
b6957358fc
Fix PR remarks
...
- Root CA error message improved
- Looping through intermediate certs
- Change checking unhandled extensions to using `if`
2023-04-03 11:54:22 +02:00