Herman Slatman
776a839a42
Fix linter issues and improve error handling
9 months ago
Herman Slatman
eb9893bd21
Refactor logic for processing `WireID` identifiers in Order
...
Processing `WireID` identifiers, the Wire subject, and the Wire
DPoP and OIDC tokens is now conditional.
9 months ago
Herman Slatman
01169b2483
Make the `Target` optional in `Challenge` object
...
This is a non-standard property in the ACME challenge response, so
we shouldn't return it if it's not set. Also made it an optional
field in the DB.
9 months ago
beltram
9d5c974f44
fix: PR review
9 months ago
beltram
7b5740153d
support for oidc id token
9 months ago
beltram
03dbd91418
fix dpop token json serialization to db
9 months ago
beltram
8888262e45
cheat by allowing also looking up for ready orders
9 months ago
beltram
0bc530c98e
log more things
9 months ago
beltram
2e128056dc
have updateOrder also update the update joint table [order by account]
9 months ago
beltram
abe86002ee
try by storing everything in db
9 months ago
beltram
97002040a5
fix: challenge target field was not mapped to db entity
9 months ago
Max
7731edd816
Store and verify Acme account location ( #1386 )
...
* Store and verify account location on acme requests
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
Co-authored-by: Mariano Cano <mariano@smallstep.com>
1 year ago
max furman
8b256f0351
address linter warning for go 1.19
1 year ago
Mariano Cano
6ba20209c2
Verify CSR key fingerprint with attestation certificate key
...
This commit makes sure that the attestation certificate key matches the
key used on the CSR on an ACME device attestation flow.
2 years ago
Herman Slatman
0f1c509e4b
Remove debug utility
2 years ago
Herman Slatman
edee01c80c
Refactor debug utility
2 years ago
Herman Slatman
1c38113e44
Add ACME `Subproblem` for more detailed ACME client-side errors
...
When validating an ACME challenge (`device-attest-01` in this case,
but it's also true for others), and validation fails, the CA didn't
return a lot of information about why the challenge had failed. By
introducing the ACME `Subproblem` type, an ACME `Error` can include
some additional information about what went wrong when validating
the challenge.
This is a WIP commit. The `Subproblem` isn't created in many code
paths yet, just for the `step` format at the moment. Will probably
follow up with some more improvements to how the ACME error is
handled. Also need to cleanup some debug things (q.Q)
2 years ago
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2 years ago
Mariano Cano
226d36f66f
Fix unit tests
2 years ago
Herman Slatman
2a7620641f
Fix more PR comments
2 years ago
Herman Slatman
7df52dbb76
Add ACME EAB policy
3 years ago
Herman Slatman
bf21319e76
Fix PR comments and issue with empty string slices
3 years ago
Herman Slatman
fd9845e9c7
Add cursor and limit to ACME EAB DB interface
3 years ago
Herman Slatman
c3f2fd8ef0
Add RW locks to prevent concurrent updates to the DB
...
Although this may slow certain API calls down and may not be, strictly
necessary, I think it's best to put all the ACME EAB operations behind
RW locks to prevent concurrent updates to the DB and guarantee
consistent result sets.
3 years ago
Herman Slatman
868cc4ad7f
Increase test coverage for additional indexes
3 years ago
Herman Slatman
c0eb420806
Remove special case for empty slices
3 years ago
Herman Slatman
ef16febf40
Refactor ACME EAB queries
...
The ACME EAB keys are now also indexed by the provisioner. This
solves part of the issue in which too many EAB keys may be in
memory at a given time.
3 years ago
Herman Slatman
30859d3c83
Remove server-side paging logic for ExternalAccountKeys
3 years ago
Herman Slatman
11a7f01177
Simplify lookup cursor logic for ExternalAccountKeys
3 years ago
Herman Slatman
f9ae875f9d
Use short if-style statements
3 years ago
Herman Slatman
d799359917
Merge branch 'master' into hs/acme-eab
3 years ago
Herman Slatman
06bb97c91e
Add logic for Account authorizations and improve tests
3 years ago
Herman Slatman
a7fbbc4748
Add tests for GetCertificateBySerial
3 years ago
Herman Slatman
3151255a25
Merge branch 'master' into hs/acme-revocation
3 years ago
Herman Slatman
4d726d6b4c
Add pagination to ACME EAB credentials endpoint
3 years ago
Herman Slatman
d354d55e7f
Improve handling duplicate ACME EAB references
3 years ago
Herman Slatman
dd4b4b0435
Fix remaining gocritic remarks
3 years ago
Herman Slatman
a4660f73fa
Fix some of the gocritic remarks
3 years ago
Herman Slatman
e0b495e4c8
Merge branch 'master' into hs/acme-eab
3 years ago
Herman Slatman
c26041f835
Add ACME EAB nosql tests
3 years ago
max furman
933b40a02a
Introduce gocritic linter and address warnings
3 years ago
Herman Slatman
c2bc1351c6
Add provisioner to remove endpoint and clear reference index on delete
3 years ago
Herman Slatman
746c5c9fd9
Disallow creation of EAB keys with non-unique references
3 years ago
Herman Slatman
9c0020352b
Add lookup by reference and make reference optional
3 years ago
Herman Slatman
02cd3b6b3b
Fix PR comments
3 years ago
Herman Slatman
f11c0cdc0c
Add endpoint for listing ACME EAB keys
3 years ago
Herman Slatman
a1afbce50c
Check EAB key exists before deleting it
3 years ago
Herman Slatman
9d09f5e575
Add support for deleting ACME EAB keys
3 years ago
Herman Slatman
a98fe03e80
Merge branch 'master' into hs/acme-eab
3 years ago
max furman
a3028bbc0e
Add test for updateAddOrderIDs
3 years ago