Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,154 Commits
43 Branches
215 Tags
44 MiB
master
root-not-found-error-message
relative-paths-config
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
dependabot/go_modules/github.com/google/go-tpm-0.9.1
wire-acme-extensions
mariano/init-provisioners
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '231f03ae28'
${ noResults }
Commit Graph

84 Commits (231f03ae28ff2c8744cfa8e3091509e02c5124b5)

Author SHA1 Message Date
Herman Slatman 231f03ae28
Use a struct for the Wire DPoP token 6 months ago
Herman Slatman 776a839a42
Fix linter issues and improve error handling 6 months ago
Herman Slatman eb9893bd21
Refactor logic for processing `WireID` identifiers in Order 
Processing `WireID` identifiers, the Wire subject, and the Wire
DPoP and OIDC tokens is now conditional.
 6 months ago
Herman Slatman 01169b2483
Make the `Target` optional in `Challenge` object 
This is a non-standard property in the ACME challenge response, so
we shouldn't return it if it's not set. Also made it an optional
field in the DB.
 6 months ago
beltram 9d5c974f44
fix: PR review 6 months ago
beltram 7b5740153d
support for oidc id token 6 months ago
beltram 03dbd91418
fix dpop token json serialization to db 6 months ago
beltram 8888262e45
cheat by allowing also looking up for ready orders 6 months ago
beltram 0bc530c98e
log more things 6 months ago
beltram 2e128056dc
have updateOrder also update the update joint table [order by account] 6 months ago
beltram abe86002ee
try by storing everything in db 6 months ago
beltram 97002040a5
fix: challenge target field was not mapped to db entity 6 months ago
Max 7731edd816
Store and verify Acme account location (#1386) 
* Store and verify account location on acme requests

Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
Co-authored-by: Mariano Cano <mariano@smallstep.com>
 1 year ago
max furman 8b256f0351
address linter warning for go 1.19 1 year ago
Mariano Cano 6ba20209c2
Verify CSR key fingerprint with attestation certificate key 
This commit makes sure that the attestation certificate key matches the
key used on the CSR on an ACME device attestation flow.
 1 year ago
Herman Slatman 0f1c509e4b
Remove debug utility 1 year ago
Herman Slatman edee01c80c
Refactor debug utility 1 year ago
Herman Slatman 1c38113e44
Add ACME `Subproblem` for more detailed ACME client-side errors 
When validating an ACME challenge (`device-attest-01` in this case,
but it's also true for others), and validation fails, the CA didn't
return a lot of information about why the challenge had failed. By
introducing the ACME `Subproblem` type, an ACME `Error` can include
some additional information about what went wrong when validating
the challenge.

This is a WIP commit. The `Subproblem` isn't created in many code
paths yet, just for the `step` format at the moment. Will probably
follow up with some more improvements to how the ACME error is
handled. Also need to cleanup some debug things (q.Q)
 1 year ago
max furman ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2 years ago
Mariano Cano 226d36f66f Fix unit tests 2 years ago
Herman Slatman 2a7620641f
Fix more PR comments 2 years ago
Herman Slatman 7df52dbb76
Add ACME EAB policy 2 years ago
Herman Slatman bf21319e76
Fix PR comments and issue with empty string slices 2 years ago
Herman Slatman fd9845e9c7
Add cursor and limit to ACME EAB DB interface 2 years ago
Herman Slatman c3f2fd8ef0
Add RW locks to prevent concurrent updates to the DB 
Although this may slow certain API calls down and may not be, strictly
necessary, I think it's best to put all the ACME EAB operations behind
RW locks to prevent concurrent updates to the DB and guarantee
consistent result sets.
 2 years ago
Herman Slatman 868cc4ad7f
Increase test coverage for additional indexes 2 years ago
Herman Slatman c0eb420806
Remove special case for empty slices 2 years ago
Herman Slatman ef16febf40
Refactor ACME EAB queries 
The ACME EAB keys are now also indexed by the provisioner. This
solves part of the issue in which too many EAB keys may be in
memory at a given time.
 3 years ago
Herman Slatman 30859d3c83
Remove server-side paging logic for ExternalAccountKeys 3 years ago
Herman Slatman 11a7f01177
Simplify lookup cursor logic for ExternalAccountKeys 3 years ago
Herman Slatman f9ae875f9d
Use short if-style statements 3 years ago
Herman Slatman d799359917
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 06bb97c91e
Add logic for Account authorizations and improve tests 3 years ago
Herman Slatman a7fbbc4748
Add tests for GetCertificateBySerial 3 years ago
Herman Slatman 3151255a25
Merge branch 'master' into hs/acme-revocation 3 years ago
Herman Slatman 4d726d6b4c
Add pagination to ACME EAB credentials endpoint 3 years ago
Herman Slatman d354d55e7f
Improve handling duplicate ACME EAB references 3 years ago
Herman Slatman dd4b4b0435
Fix remaining gocritic remarks 3 years ago
Herman Slatman a4660f73fa
Fix some of the gocritic remarks 3 years ago
Herman Slatman e0b495e4c8
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman c26041f835
Add ACME EAB nosql tests 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Herman Slatman c2bc1351c6
Add provisioner to remove endpoint and clear reference index on delete 3 years ago
Herman Slatman 746c5c9fd9
Disallow creation of EAB keys with non-unique references 3 years ago
Herman Slatman 9c0020352b
Add lookup by reference and make reference optional 3 years ago
Herman Slatman 02cd3b6b3b
Fix PR comments 3 years ago
Herman Slatman f11c0cdc0c
Add endpoint for listing ACME EAB keys 3 years ago
Herman Slatman a1afbce50c
Check EAB key exists before deleting it 3 years ago
Herman Slatman 9d09f5e575
Add support for deleting ACME EAB keys 3 years ago
Herman Slatman a98fe03e80
Merge branch 'master' into hs/acme-eab 3 years ago