Max
d34f0f6a97
Fix linter warnings ( #1634 )
10 months ago
Herman Slatman
1abada69b0
Update import aliases from `microscep` to `smallscep`
11 months ago
Herman Slatman
4c17f25389
Replace MicroMDM and Mozilla libraries with Smallstep forks
11 months ago
Herman Slatman
25f4b4014d
Add `base64` to the raw message decoding error
1 year ago
Herman Slatman
965d7aa7f4
Fix linting issues
1 year ago
Herman Slatman
cd78b9fd43
Implement workaround for weird macOS SCEP message in query
...
Apparently the macOS SCEP client sends a SCEP message in the query
that's not fully escaped. Only the base64 padding is escaped, the
'+' and '/' characters aren't.
This is a bit of a special case, because the macOS SCEP client
will default to using HTTP POST for the PKIOperation. But if the
CA is configured without the POSTPKIOperation capability, the
macOS SCEP client will use HTTP GET instead. This behavior might
be the same on iOS.
1 year ago
Herman Slatman
3c12b4f5ad
Improve decoding SCEP requests
1 year ago
Herman Slatman
ffe079f31b
Merge branch 'master' into herman/scep-provisioner-decrypter
1 year ago
Herman Slatman
ba72710e2d
Address code review remarks
1 year ago
Herman Slatman
6d2d21e989
Fix undefined and unused variables
...
Forgot to save the latest version...
1 year ago
Herman Slatman
b6c95d7be2
Add additional properties to SCEP notify webhook request body
1 year ago
Herman Slatman
52bc96760b
Add SCEP certificate issuance notification webhook
1 year ago
Dominic Evans
231b5d8406
chore(deps): upgrade github.com/go-chi/chi to v5
...
Upgrade chi to the v5 module path to avoid deprecation warning about v4
and earlier on the old module path.
See https://github.com/go-chi/chi/blob/v4.1.3/go.mod#L1-L4
Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
1 year ago
Herman Slatman
36f1dd70bf
Add CSR to `SCEPCHALLENGE` webhook request body
1 year ago
Herman Slatman
d9f56cdbdc
Merge branch 'master' into herman/scep-provisioner-decrypter
1 year ago
Herman Slatman
9d3b78ae49
Add `excludeIntermediate` to SCEP provisioner
1 year ago
Max
116ff8ed65
bump go.mod to go1.20 and associated linter fixes ( #1518 )
1 year ago
Herman Slatman
0d09f3e202
Prevent data races with multiple PKCS7 encryption operations
1 year ago
Herman Slatman
e2e9bf5494
Clarify some SCEP properties
1 year ago
Herman Slatman
c0a1837cd9
Verify full decrypter/signer configuration at usage time
...
When changing the SCEP configuration it is possible that one
or both of the decrypter configurations required are not available
or have been provided in a way that's not usable for actual SCEP
requests.
Instead of failing hard when provisioners are loaded,
which could result in the CA not starting properly, this type of
problematic configuration errors will now be handled at usage
time instead.
1 year ago
Herman Slatman
0f35bb1af5
Defer missing decrypter/signer configuration errors to SCEP authority
1 year ago
Herman Slatman
fc1fb51854
Improve SCEP authority initialization and reload
1 year ago
Herman Slatman
7163c4f95f
Add helper for getting the appropriate SCEP response signer
1 year ago
Herman Slatman
567fc25404
Use the RSA decryption configuration for signing responses too
1 year ago
Herman Slatman
557672bb4b
Add some notes for SCEP provisioners
1 year ago
Herman Slatman
b2bf2c330b
Simplify SCEP provisioner context handling
1 year ago
Herman Slatman
8fc3a46387
Refactor the SCEP authority initialization
...
Instead of relying on an intermediate `scep.Service` struct,
initialize the `scep.Authority` directly. This removes one redundant
layer of indirection.
1 year ago
Herman Slatman
6985b4be62
Clean up the SCEP authority and provisioner
1 year ago
Herman Slatman
180162bd6a
Refactor SCEP provisioner and decrypter
1 year ago
Herman Slatman
0377fe559b
Add basic version of provisioner specific SCEP decrypter
1 year ago
max furman
8b256f0351
address linter warning for go 1.19
1 year ago
Herman Slatman
e8c1e8719d
Refactor SCEP webhook validation
1 year ago
Herman Slatman
668ff9b515
Cleanup some comments and tests
1 year ago
Herman Slatman
5f0f0f4bcc
Add SCEP webhook validation tests
1 year ago
Herman Slatman
ad4d8e6c68
Add `SCEPCHALLENGE` as valid webhook type in admin API
1 year ago
Herman Slatman
419478d1e5
Make SCEP webhook validation look better
1 year ago
Herman Slatman
27cdcaf5ee
Integrate the SCEP webhook with the existing webhook logic
1 year ago
Herman Slatman
05f7ab979f
Create basic webhook for SCEP challenge validation
1 year ago
Andrew Reed
7101fbb0ee
Provisioner webhooks ( #1001 )
2 years ago
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2 years ago
Mariano Cano
400b1ece0b
Remove scep handler after merge.
2 years ago
Mariano Cano
898ca41268
Merge branch 'master' into context-authority
2 years ago
Herman Slatman
688ae837a4
Add some tests for SCEP request decoding
2 years ago
Mariano Cano
d51c6b7d83
Make step handler backward compatible
2 years ago
Mariano Cano
9147356d8a
Fix linter errors
2 years ago
Herman Slatman
13173ec8a2
Fix SCEP GET requests
2 years ago
Mariano Cano
42435ace64
Use scep authority from context
...
This commit also converts all the methods from the handler to
functions.
2 years ago
Mariano Cano
688f9ceb56
Add scep authority to context.
2 years ago
Panagiotis Siatras
e27124b037
scep: remove Interface and the dependency to pkg/errors ( #872 )
...
* scep: documented the package
* scep/api: removed some top level constants
* scep: removed dependency to pkg/errors
* scep/api: documented the package
3 years ago
Panagiotis Siatras
b98f86a515
scep: minor cleanup ( #867 )
...
* api, scep: removed scep.Error
* scep/api: replaced nextHTTP with http.HandlerFunc
* scep/api: renamed writeSCEPResponse to writeResponse
* scep/api: renamed decodeSCEPRequest to decodeRequest
* scep/api: renamed writeError to fail
* scep/api: replaced pkg/errors with errors
* scep/api: formatted imports
* scep/api: do not export SCEPRequest & SCEPResponse
* scep/api: do not export Handler
* api: flush errors better
3 years ago