Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-17 15:29:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,143 Commits 39 Branches 223 Tags 44 MiB
6ef64b6ed6
Commit Graph

89 Commits

Author SHA1 Message Date
Herman Slatman
70a2f431fa
Address review remarks 2024-01-11 11:06:39 +01:00
Herman Slatman
776a839a42
Fix linter issues and improve error handling 2024-01-09 21:31:19 +01:00
Herman Slatman
eb9893bd21
Refactor logic for processing WireID identifiers in Order 
Processing `WireID` identifiers, the Wire subject, and the Wire
DPoP and OIDC tokens is now conditional.
 2024-01-09 18:22:21 +01:00
beltram
5fdf036a4d
fix: invalid OID for display name in CSR 2024-01-08 22:03:03 +01:00
beltram
1b32957ff6
fix: verify custom display_name extension is present 2024-01-08 22:02:16 +01:00
beltram
7b5740153d
support for oidc id token 2024-01-08 22:00:29 +01:00
beltram
8888262e45
cheat by allowing also looking up for ready orders 2024-01-08 21:43:43 +01:00
beltram
0bc530c98e
log more things 2024-01-08 21:36:50 +01:00
beltram
abe86002ee
try by storing everything in db 2024-01-08 21:33:53 +01:00
beltram
76dfcb00e4
try silencing template data for dichotomies 2024-01-08 21:23:09 +01:00
beltram
a32bb66e47
trying to pass access token to template 2024-01-08 21:22:50 +01:00
beltram
b58de27675
fix: do not convert URIs to lowercase for comparison purpose 2024-01-08 21:05:41 +01:00
beltram
3576cc30c8
forward displayName in CSR with custom OID 2024-01-08 20:58:32 +01:00
beltram
4172b69816
remove displayName validation, potentially harmful 2024-01-08 20:57:35 +01:00
beltram
79501df5a2
fix: exclude displayName from SAN DNS 2024-01-08 20:56:39 +01:00
Stefan Berthold
af31a167c6
skip empty entries for uniqueSortedLowerNames 2024-01-08 20:54:17 +01:00
beltram
cc5fd0a6a5
fix san validation 2024-01-08 20:52:52 +01:00
beltram
3eb0ff43c0
fix orderNames size 2024-01-08 20:47:51 +01:00
beltram
c41a99ad75
(finalize) have both display name & domain in SANs 2024-01-08 20:47:28 +01:00
beltram
5ba0ab3e44
fix csr domain validation in finalize 2024-01-08 20:46:48 +01:00
beltram
73ec6c89d0
fix csr org validation in finalize 2024-01-08 20:46:07 +01:00
Stefan Berthold
8e0e35532c
Add Wire authz and challenges (OIDC+DPOP) 2024-01-08 20:27:16 +01:00
Mariano Cano
6ba20209c2
Verify CSR key fingerprint with attestation certificate key 
This commit makes sure that the attestation certificate key matches the
key used on the CSR on an ACME device attestation flow.
 2023-02-09 16:48:43 -08:00
Herman Slatman
64d9ad7b38
Validate Subject Common Name for Orders with Permanent Identifier 2023-01-20 16:54:55 +01:00
Andrew Reed
7101fbb0ee
Provisioner webhooks (#1001) 2022-09-29 19:16:26 -05:00
max furman
f3d1863ec6
A few more linter errors 2022-09-20 21:01:55 -07:00
Mariano Cano
f0a24bd8ca
Add acme property to enable challenges 
Fixes #1027
 2022-09-20 19:01:53 -07:00
Mariano Cano
191d9e8629
Use go.step.sm/crypto to set the permanent identifier 2022-09-20 18:57:43 -07:00
Mariano Cano
2b3b2c283a
Add attestation certificate validation for Apple devices 2022-09-20 18:51:43 -07:00
Brandon Weeks
5f5315260a
iOS 16 beta 1 support 2022-09-20 16:53:08 -07:00
Brandon Weeks
6f2b4d3042
Add ACME permanent-identifier identifier type 2022-09-20 16:48:28 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
34c6c65671 Pass attestation information to the Sign method 
Attestation information might be useful in authorizing webhooks
 2022-09-16 12:37:41 -07:00
Mariano Cano
3cd72ac72a Remove debug statements 2022-09-08 10:44:48 -07:00
Mariano Cano
54d92095ac Validate proof of possession signature 
On the step format, validate proof of possession of the private
key validating the signature in the attestation statement.
 2022-09-01 10:45:31 -07:00
Mariano Cano
59b7603d1e Use a clientAuth only cert for device-attest-01 2022-08-30 16:09:44 -07:00
Mariano Cano
2f7cb9225f Use go.step.sm/crypto to set the permanent identifier 2022-08-10 17:38:18 -07:00
Mariano Cano
66356cff43 Add attestation certificate validation for Apple devices 2022-07-14 17:10:03 -07:00
Brandon Weeks
7e1b0bebd9 iOS 16 beta 1 support 2022-06-23 05:19:36 +10:00
Brandon Weeks
2ac8b69da2 Add ACME permanent-identifier identifier type 2022-06-23 05:19:36 +10:00
Herman Slatman
80bebda69c
Fix code style issue 2021-12-20 13:40:17 +01:00
Herman Slatman
bc0875bd7b
Disallow email address and URLs in the CSR 
Before this commit `step` would allow email addresses and URLs
in the CSR. This doesn't fit nicely with the rest of ACME, in which
identifiers need to be authorized before a certificate is issued.
 2021-12-13 16:14:39 +01:00
Herman Slatman
13a31fd862
Merge branch 'master' into herman/ip-sans-improvements 2021-12-13 16:04:53 +01:00
Herman Slatman
ca707cbe05
Fix linting 2021-12-13 16:01:40 +01:00
Herman Slatman
a2c9b5cd7e
Allow IP identifiers in subject, including authorization enforcement 
To support IPs in the subject using `step-cli`, this PR ensures that
Subject Common Names that can be parsed as an IP are also checked
to have been authorized before.

The PR for `step-cli` is here: github.com/smallstep/cli/pull/576.
 2021-12-13 15:34:56 +01:00
Herman Slatman
06bb97c91e
Add logic for Account authorizations and improve tests 2021-12-02 16:25:35 +01:00
Herman Slatman
29f9730485
Satisfy golangci-lint 2021-11-12 17:13:10 +01:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Herman Slatman
8e4a4ecc1f
Refactor tests for sans 2021-06-26 00:48:40 +02:00
Herman Slatman
87b72afa25
Fix IP equality check and add more tests 2021-06-26 00:13:44 +02:00