Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-19 09:25:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,154 Commits 40 Branches 223 Tags 44 MiB
2c27e865cb
Commit Graph

4154 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Herman Slatman
2c27e865cb
Fix linting issue 2024-01-12 12:04:04 +01:00
Herman Slatman
9bb1b24bf1
Change kid and dpop validation 2024-01-12 10:44:49 +01:00
Herman Slatman
3f37feae78
Merge pull request #1671 from smallstep/herman/wire-configuration-refactor 
Wire ACME extension configuration refactor
 2024-01-12 10:26:14 +01:00
Herman Slatman
c8160caacd
Fix test; reworded error message 2024-01-12 10:22:25 +01:00
Herman Slatman
24795720e1
Perform initialization of DPoP and OIDC options once 2024-01-12 10:16:02 +01:00
Herman Slatman
79739e5073
Change signature algorithm property name 2024-01-12 09:48:49 +01:00
Herman Slatman
7eacb68361
Merge branch 'herman/remove-rusty-cli' into herman/wire-configuration-refactor 2024-01-11 21:29:15 +01:00
Herman Slatman
44721a7d58
Remove debug err print 2024-01-11 21:24:39 +01:00
Herman Slatman
348363abce
Add Wire DPoP proof claims verification 2024-01-11 21:19:24 +01:00
Herman Slatman
1bf807add3
Use base64 encoded signing key format 2024-01-11 17:04:08 +01:00
Herman Slatman
1f5f756fce
Make Wire options more robust 2024-01-11 16:14:53 +01:00
Herman Slatman
6ef64b6ed6
Refactor the Wire option configuration 2024-01-11 15:08:44 +01:00
Herman Slatman
b6fc0005d5
Add verification of maximum expiry time for Wire tokens 2024-01-11 14:24:34 +01:00
Herman Slatman
b964c97750
Add validation of handle and token to Wire verification 2024-01-11 13:47:17 +01:00
Herman Slatman
acad227b25
Put Wire options in lower level wire struct 2024-01-11 13:18:43 +01:00
Herman Slatman
cd9480ab14
Fix test for parseAndVerifyWireAccessToken 2024-01-11 12:45:29 +01:00
Herman Slatman
897688a831
Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli 2024-01-11 12:03:52 +01:00
Herman Slatman
ca8855767d
Fix and add more tests to Wire order identifier validation 2024-01-11 11:47:06 +01:00
Herman Slatman
70a2f431fa
Address review remarks 2024-01-11 11:06:39 +01:00
Herman Slatman
de25740567
Change name of test for Wire Order 2024-01-10 21:16:04 +01:00
Herman Slatman
c7892e9cd3
Remove the rusty-jwt-cli configuration 2024-01-10 20:51:19 +01:00
Herman Slatman
a423151207
Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli 2024-01-10 20:48:55 +01:00
Herman Slatman
ffd887f8cc
Fix tests for ACME Wire provisioner 2024-01-10 20:23:01 +01:00
Herman Slatman
8997ce1a1e
Disable wire-dpop-01 and wire-oidc-01 by default 2024-01-10 20:06:02 +01:00
Herman Slatman
bf8c17e3ec
Remove the Wire oidc and dpop from attestation formats 2024-01-10 19:12:22 +01:00
Herman Slatman
033aef9f9d
Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli 2024-01-10 18:57:51 +01:00
Herman Slatman
6a98fea1f3
Fix linter issues 2024-01-10 18:36:24 +01:00
Herman Slatman
8faf26c593
Change KeyAuth back to old behavior (for now) 2024-01-10 18:32:18 +01:00
beltram
bf5f1201ea
fix: keyauth was not bound to the id token 2024-01-10 17:15:54 +01:00
Herman Slatman
e2a2e00526
Make template use DeviceId for now 2024-01-10 17:15:03 +01:00
Herman Slatman
29fa6621b1
Remove the Wire CLI invocatation 2024-01-10 15:12:28 +01:00
Herman Slatman
7a464cdb17
Use require to check for errors in Wire integration test 2024-01-09 21:52:00 +01:00
Herman Slatman
776a839a42
Fix linter issues and improve error handling 2024-01-09 21:31:19 +01:00
Herman Slatman
f5a2f436df
Fix missing DPoP and OIDC tokens for Wire integration test 2024-01-09 18:24:37 +01:00
Herman Slatman
eb9893bd21
Refactor logic for processing WireID identifiers in Order 
Processing `WireID` identifiers, the Wire subject, and the Wire
DPoP and OIDC tokens is now conditional.
 2024-01-09 18:22:21 +01:00
Herman Slatman
40668ae09e
Refactor WireID target processing a bit 2024-01-09 16:52:09 +01:00
Herman Slatman
01169b2483
Make the Target optional in Challenge object 
This is a non-standard property in the ACME challenge response, so
we shouldn't return it if it's not set. Also made it an optional
field in the DB.
 2024-01-09 16:43:18 +01:00
Herman Slatman
85309bb8ec
Fix the integration test 2024-01-09 00:33:01 +01:00
Herman Slatman
fdea5e7db3
Fix tests for new ACME orders with Wire IDs 2024-01-08 23:16:31 +01:00
Herman Slatman
c1a7acc306
Make it compile with Go 1.20 again 2024-01-08 22:21:27 +01:00
beltram
84e9682476
feat: change the separator between user-id & device-id in a client-id. Use '!' instead of ':' 2024-01-08 22:12:13 +01:00
beltram
90b5347887
feat: try using the new ClientId & Handle format (i.e. plain URIs) 2024-01-08 22:11:37 +01:00
beltram
39bf889925
feat: remove query parameters from OIDC issuerUrl so that it allows us to use it to carry the OAuth ClientId in the Challenge.target field without at the same time undermining the idToken verification which relies on a issuer (iss) claim without this query parameter 2024-01-08 22:10:49 +01:00
beltram
d6ceebba94
feat: update the protocol by including team & handle in the client dpop token, verifying the handle in the dpop challenge 2024-01-08 22:09:51 +01:00
beltram
6ffd913e28
feat: remove custom hardcoded OIDC challenge for Google 2024-01-08 22:08:37 +01:00
beltram
2be77385f6
fix: same issue as with oidc challenge 2024-01-08 22:07:59 +01:00
beltram
ff07fdc0fd
fix: oups 2024-01-08 22:07:43 +01:00
beltram
13df461e97
fix: could not reuse a signing key otherwise it would create in accounts & orders and fail the OIDC challenge. The OIDC challenge was not retryable 2024-01-08 22:07:29 +01:00
beltram
83f76433a8
b64 encode the kid since apparently it wasn't 2024-01-08 22:06:52 +01:00
beltram
8fd0192da3
print kid for debugging 2024-01-08 22:06:42 +01:00