Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-19 09:25:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,314 Commits 40 Branches 223 Tags 44 MiB
364566bb01
Commit Graph

75 Commits

Author SHA1 Message Date
Herman Slatman
5d7e53303b
Add validation of name in DPoP token 2024-02-06 21:54:29 +01:00
Herman Slatman
19dbd02451
Add audience validation to access, dpop and id token 2024-01-17 16:04:58 +01:00
Herman Slatman
2f3819aa4e
Use key authorization from ID token and handle -> preferred_username 2024-01-17 14:13:55 +01:00
Herman Slatman
f221232a80
Fix ACME Validate test for Wire DPoP challenge 2024-01-17 11:38:54 +01:00
Herman Slatman
0f0f060149
Improve access and dpop token validation 2024-01-17 00:09:24 +01:00
Herman Slatman
7520736f5b
Improve test coverage for wireDPOP01Validate 2024-01-16 14:01:48 +01:00
Herman Slatman
a24b2a5c84
Add test case for validateWireOIDCClaims 2024-01-16 10:15:32 +01:00
Herman Slatman
8f129a6ced
Add test for wireDPOP01Validate 2024-01-15 22:36:31 +01:00
Herman Slatman
d84abac4df
Add test for wireOIDC01Validate 2024-01-15 21:59:20 +01:00
Herman Slatman
d5b0d92bce
Fix Wire ID token test comment 2024-01-12 17:03:55 +01:00
Herman Slatman
0ad381b092
Add OIDC token template transformation 2024-01-12 16:48:21 +01:00
Herman Slatman
2c27e865cb
Fix linting issue 2024-01-12 12:04:04 +01:00
Herman Slatman
9bb1b24bf1
Change kid and dpop validation 2024-01-12 10:44:49 +01:00
Herman Slatman
24795720e1
Perform initialization of DPoP and OIDC options once 2024-01-12 10:16:02 +01:00
Herman Slatman
79739e5073
Change signature algorithm property name 2024-01-12 09:48:49 +01:00
Herman Slatman
7eacb68361
Merge branch 'herman/remove-rusty-cli' into herman/wire-configuration-refactor 2024-01-11 21:29:15 +01:00
Herman Slatman
348363abce
Add Wire DPoP proof claims verification 2024-01-11 21:19:24 +01:00
Herman Slatman
1bf807add3
Use base64 encoded signing key format 2024-01-11 17:04:08 +01:00
Herman Slatman
b964c97750
Add validation of handle and token to Wire verification 2024-01-11 13:47:17 +01:00
Herman Slatman
cd9480ab14
Fix test for parseAndVerifyWireAccessToken 2024-01-11 12:45:29 +01:00
Herman Slatman
897688a831
Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli 2024-01-11 12:03:52 +01:00
Herman Slatman
29fa6621b1
Remove the Wire CLI invocatation 2024-01-10 15:12:28 +01:00
Mariano Cano
b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3 2023-12-12 16:36:48 -08:00
Mariano Cano
d8eeebfd51
Fix error string in tests 
This commit fixes a test checking an error string from an external
dependency.
 2023-08-17 12:03:16 -07:00
Herman Slatman
c952e9fc9d
Use NewDetailedError instead 2023-08-04 11:24:22 +02:00
Herman Slatman
f3c24fe875
Change how multiple identifiers are printed in errors 2023-08-03 14:45:00 +02:00
Herman Slatman
9a52675865
Return descriptive error when using unsupported format 2023-07-31 12:29:07 +02:00
Herman Slatman
0d3338ff3a
Return consistent ACME error types for specific cases 2023-07-31 12:11:50 +02:00
Herman Slatman
dd9bf1e915
Add error details for the step format 2023-07-28 16:59:34 +02:00
Herman Slatman
9cbbd1d575
Add error details to ACME tpm format validation errors 2023-07-28 16:28:47 +02:00
max furman
8b256f0351
address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Herman Slatman
d9aa2c110f
Increase test coverage for AK certificate properties 2023-04-06 14:35:48 +02:00
Mariano Cano
6ba20209c2
Verify CSR key fingerprint with attestation certificate key 
This commit makes sure that the attestation certificate key matches the
key used on the CSR on an ACME device attestation flow.
 2023-02-09 16:48:43 -08:00
Herman Slatman
3a6fc5e0b4
Remove dependency on smallstep/assert in ACME challenge tests 2023-01-31 23:49:34 +01:00
Herman Slatman
0f9128c873
Fix linting issue and order of test SUT 2023-01-27 15:43:57 +01:00
Herman Slatman
2ab9beb7ed
Add tests for deviceAttest01Validate 2023-01-27 15:36:48 +01:00
Mariano Cano
e27c6c529b
Add support for custom acme ports 
This change adds the flags --acme-http-port, --acme-tls-port, that
combined with --insecure can be used to set custom ports for ACME
http-01 and tls-alpn-01 challenges. These flags should only be used
for testing purposes.

Fixes #1015
 2022-11-03 16:58:25 -07:00
Mariano Cano
a7e597450a
Update acme/challenge_test.go 
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
 2022-10-11 10:04:42 -07:00
Mariano Cano
7a78c76199
Add test simulating YubiKey v5.2.4 
There are YubiKeys v5.2.4 where the attestation intermediate (f9)
does not have a basic constraint extension, so that certificate
is not marked as a CA. The test and CA in this commit imitates
that use case. Currently the test case returns an error as we
don't support it. But if we change the verification to support
this use case, the test should change accordingly.
 2022-10-10 18:27:11 -07:00
Mariano Cano
21666ba887
Revert "Set timestamp when marking an acme challenge invalid" 
This reverts commit 5f130895f3.
 2022-10-03 12:56:23 -07:00
Mariano Cano
5f130895f3
Set timestamp when marking an acme challenge invalid 2022-10-03 11:35:51 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
498549c95c Extract common function used in tests 2022-09-16 10:02:10 -07:00
Mariano Cano
829530ae90 Fix linter errors 2022-09-15 18:24:43 -07:00
Mariano Cano
6b73a020e3 Add unit tests for apple and step attestations 2022-09-15 18:19:52 -07:00
Brandon Weeks
aacd6f4cc6 Add device-attest-01 challenge type 2022-06-23 05:19:36 +10:00
Mariano Cano
2ab7dc6f9d Fix acme tests. 2022-05-02 18:09:26 -07:00
Herman Slatman
479c6d2bf5
Fix ACME IPv6 HTTP-01 challenges 
Fixes #890
 2022-04-07 12:37:34 +02:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00