Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,179 Commits
38 Branches
221 Tags
44 MiB
herman/pkcs7-windows-scep-fix
master
root-not-found-error-message
relative-paths-config
herman/wire-dpop-struct
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.27.0
v0.27.1
v0.27.2
v0.27.3
v0.27.4
v0.27.4-rc1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '17578b57f2'
${ noResults }
Commit Graph

201 Commits (17578b57f2f8ba726740232a2e7000bf9ea426f9)

Author SHA1 Message Date
Mariano Cano 99299faeeb
Add AuthorizeChallenge unit tests 2 years ago
Mariano Cano 2b3b2c283a
Add attestation certificate validation for Apple devices 2 years ago
Brandon Weeks 5f5315260a
iOS 16 beta 1 support 2 years ago
max furman ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2 years ago
Mariano Cano 829530ae90 Fix linter errors 2 years ago
Mariano Cano 0f651799d0 Reject not enabled attestation formats 2 years ago
Mariano Cano fd4e96d1f4 Rename method to IsChallengeEnabled 2 years ago
Mariano Cano c77b4ff9c5 Fix linter errors 2 years ago
Mariano Cano 59c5219a07 Use a type for acme challenges 2 years ago
Mariano Cano a89bea701d Format comment 2 years ago
Mariano Cano 5df9434286 Fix old comment, device-attest-01 uses the acme payload 2 years ago
Mariano Cano 3cd72ac72a Remove debug statements 2 years ago
Mariano Cano df96b126dc Add AuthorizeChallenge unit tests 2 years ago
Mariano Cano bca311b05e Add acme property to enable challenges 
Fixes #1027
 2 years ago
Mariano Cano ae8d4d8757 Fix unit test 2 years ago
Mariano Cano 693dc39481 Merge branch 'master' into device-attestation 2 years ago
max furman c040e4b459 Add unit tests 2 years ago
max furman b7c2f6c482 Check for DNS name validity 2 years ago
Mariano Cano 66356cff43 Add attestation certificate validation for Apple devices 2 years ago
Brandon Weeks 7e1b0bebd9 iOS 16 beta 1 support 2 years ago
Brandon Weeks 2ac8b69da2 Add ACME permanent-identifier identifier type 2 years ago
Brandon Weeks aacd6f4cc6 Add device-attest-01 challenge type 2 years ago
Shulhan fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19) 
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
 2 years ago
Herman Slatman abfbbc8d49
Merge pull request #946 from smallstep/herman/acme-csr-padding 
Strip base64-url padding from ACME CSR
 2 years ago
Herman Slatman fd546287ac
Strip base64-url padding from ACME CSR 
This commit strips the padding from a base64-url encoded CSR
submitted by a client that doesn't use raw base64-url encoding.
 2 years ago
Mariano Cano e7f4eaf6c4 Remove explicit deprecation notice 
This will avoid linter errors on other projects for now.
 2 years ago
Mariano Cano d461918eb0 Merge branch 'master' into context-authority 2 years ago
Mariano Cano 2ea0c70344 Move acme context middleware to deprecated handler 2 years ago
Mariano Cano 9147356d8a Fix linter errors 2 years ago
Mariano Cano ba499eeb2a Fix acme/api tests. 2 years ago
Mariano Cano 6f9d847bc6 Fix panic in acme/api tests. 2 years ago
Mariano Cano d1f75f1720 Refactor ACME api. 2 years ago
Mariano Cano fddd6f7d95 Move linker to the acme package. 2 years ago
Mariano Cano 55b0f72821 Add context methods for the acme linker. 2 years ago
Mariano Cano bb8d85a201 Fix unit tests - work in progress 2 years ago
Mariano Cano 42435ace64 Use scep authority from context 
This commit also converts all the methods from the handler to
functions.
 2 years ago
Mariano Cano d13537d426 Use context in the acme handlers. 2 years ago
Herman Slatman 6e1f8dd7ab
Refactor policy engines into container 2 years ago
Herman Slatman 2a7620641f
Fix more PR comments 2 years ago
Herman Slatman fb81407d6f
Fix ACME policy comments 2 years ago
Herman Slatman a9f033ece5
Fix JSON property name for ACME policy 3 years ago
Herman Slatman 256fe113f7
Improve tests for ACME account policy 3 years ago
Herman Slatman 7df52dbb76
Add ACME EAB policy 3 years ago
Herman Slatman 2fbdf7d5b0
Merge branch 'master' into herman/allow-deny 3 years ago
Panagiotis Siatras 00634fb648
api/render, api/log: initial implementation of the packages (#860) 
* api/render: initial implementation of the package

* acme/api: refactored to support api/render

* authority/admin: refactored to support api/render

* ca: refactored to support api/render

* api: refactored to support api/render

* api/render: implemented Error

* api: refactored to support api/render.Error

* acme/api: refactored to support api/render.Error

* authority/admin: refactored to support api/render.Error

* ca: refactored to support api/render.Error

* ca: fixed broken tests

* api/render, api/log: moved error logging to this package

* acme: refactored Error so that it implements render.RenderableError

* authority/admin: refactored Error so that it implements render.RenderableError

* api/render: implemented RenderableError

* api/render: added test coverage for Error

* api/render: implemented statusCodeFromError

* api: refactored RootsPEM to work with render.Error

* acme, authority/admin: fixed pointer receiver name for consistency

* api/render, errs: moved StatusCoder & StackTracer to the render package
 3 years ago
Herman Slatman b49307f326
Fix ACME order tests with mock ACME CA 3 years ago
Herman Slatman 9e0edc7b50
Add early authority policy evaluation to ACME order API 3 years ago
Herman Slatman 101ca6a2d3
Check admin subjects before changing policy 3 years ago
Herman Slatman 3ec9a7310c
Fix ACME order identifier allow/deny check 3 years ago
Herman Slatman af53a17bb4
Merge branch 'master' into herman/allow-deny 3 years ago
Herman Slatman b6f6bd879c
Fix PR comment and add tests for ACME prerequisites checker 3 years ago
Herman Slatman e47dd0a666
Add ACME configuration prerequisites check 3 years ago
Herman Slatman c3c6f3da72
Merge branch 'master' into herman/allow-deny 3 years ago
Herman Slatman bfa2245abb
Merge branch 'master' into herman/normalize-ipv6-dns-names 3 years ago
Herman Slatman 1fe7362bee
Normalize IPv6 addresses in ACME linker 3 years ago
Herman Slatman c1424036bf
Merge branch 'master' into herman/allow-deny 3 years ago
Herman Slatman fd9845e9c7
Add cursor and limit to ACME EAB DB interface 3 years ago
Herman Slatman 6440870a80
Clean up, improve test cases and coverage 3 years ago
Herman Slatman ef16febf40
Refactor ACME EAB queries 
The ACME EAB keys are now also indexed by the provisioner. This
solves part of the issue in which too many EAB keys may be in
memory at a given time.
 3 years ago
Herman Slatman 9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine 3 years ago
Herman Slatman f9ae875f9d
Use short if-style statements 3 years ago
Herman Slatman d799359917
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 0524122191
Remove authorization flow for different Account private keys 
As discussed in https://github.com/smallstep/certificates/issues/767,
we opted for not including this authorization flow to prevent users
from getting OOMs. We can add the functionality back when the
underlying data store can provide access to a long list of
Authorizations more efficiently, for example when a callback is
implemented.
 3 years ago
Herman Slatman 2215a05c28
Add tests for ACME EAB Admin 
Refactored some of the existing bits for testing the Authority
API by creation of a new LinkedAuthority interface and changing
visibility of the MockAuthority to be usable by other packages.

At this time, not all of the functions of MockAuthority it usable
yet. Will refactor when needed or requested.
 3 years ago
Herman Slatman 9885d42711
Fix linting issues 3 years ago
Herman Slatman 6e11657204
Refactor creation of (raw) EAB JWS contents 3 years ago
Herman Slatman 23898e9b76
Improve EAB JWS validation and increase test coverage 3 years ago
Herman Slatman d0c23973cc
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 004fc054d5
Fix PR comments 3 years ago
Herman Slatman 06bb97c91e
Add logic for Account authorizations and improve tests 3 years ago
Herman Slatman bae1d256ee
Improve tests for JWK vs. KID revoke auth flow 
The logic for both test cases is fairly similar, but with some
small differences. Made those clearer by means of some comments.
Also added some comments to the middleware logic that decided
whether to extract JWK or lookup by KID.
 3 years ago
Herman Slatman a7fbbc4748
Add tests for GetCertificateBySerial 3 years ago
Herman Slatman 4d01cf8135
Increase test code coverage 3 years ago
Herman Slatman 2d357da99b
Add tests for ACME revocation 3 years ago
Herman Slatman ed295ca15d
Fix linting issue 3 years ago
Herman Slatman 2d50c96d99
Merge branch 'master' into hs/acme-revocation 3 years ago
Herman Slatman e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 3 years ago
Herman Slatman c7a9c13060
Add tests for extractOrLookupJWK middleware 3 years ago
Herman Slatman 3151255a25
Merge branch 'master' into hs/acme-revocation 3 years ago
Herman Slatman dd4b4b0435
Fix remaining gocritic remarks 3 years ago
Herman Slatman e0b495e4c8
Merge branch 'master' into hs/acme-eab 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Herman Slatman 0afea2e957
Improve tests for already bound EAB keys 3 years ago
Herman Slatman 02cd3b6b3b
Fix PR comments 3 years ago
Herman Slatman a98fe03e80
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 1dba8698e3
Use LinkedCA.EABKey type in ACME EAB API 3 years ago
Mariano Cano 470b546d59
Merge pull request #557 from joejulian/http01-isv 
use InsecureSkipVerify for validation
 3 years ago
Herman Slatman f31ca4f6a4
Add tests for validateExternalAccountBinding 3 years ago
Herman Slatman 492256f2d7
Add first test cases for EAB and make provisioner unique per EAB 
Before this commit, EAB keys could be used CA-wide, meaning that
an EAB credential could be used at any ACME provisioner. This
commit changes that behavior, so that EAB credentials are now
intended to be used with a specific ACME provisioner. I think
that makes sense, because from the perspective of an ACME client
the provisioner is like a distinct CA.

Besides that this commit also includes the first tests for EAB.
The logic for creating the EAB JWS as a client has been taken
from github.com/mholt/acmez. This logic may be moved or otherwise
sourced (i.e. from a vendor) as soon as the step client also
(needs to) support(s) EAB with ACME.
 3 years ago
Herman Slatman c6bfc6eac2
Fix PR comments 3 years ago
Herman Slatman d669f3cb14
Fix misspelling 3 years ago
Herman Slatman 540d5fbbdc
Fix marshaling -> marshalling 3 years ago
Herman Slatman 2110c7722f
Fix JWK payload key equality check 3 years ago
Herman Slatman d44cd18b96
Add External Accounting Binding key "BoundAt" marking 3 years ago
Herman Slatman f81d49d963
Add first working version of External Account Binding 3 years ago
Herman Slatman 258efca0fa
Improve revocation authorization 3 years ago
Herman Slatman 2b15230aa4
Add Serial to Cert ID ACME table and lookup 3 years ago
Herman Slatman 8f7e700f09
Merge branch 'master' into hs/acme-revocation 3 years ago
max furman 857a50434c Merge branch 'master' into max/cert-mgr-crud 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago