smallstep-certificates

Commit Graph

Author	SHA1	Message	Date
Herman Slatman	22ff90f655	Merge branch 'master' into hs/acme-eab	2 years ago
Herman Slatman	a5f2f004e3	Change name of IP Common Name test for clarity	2 years ago
Herman Slatman	f9ae875f9d	Use short if-style statements	2 years ago
Herman Slatman	80bebda69c	Fix code style issue	2 years ago
Herman Slatman	bc0875bd7b	Disallow email address and URLs in the CSR Before this commit `step` would allow email addresses and URLs in the CSR. This doesn't fit nicely with the rest of ACME, in which identifiers need to be authorized before a certificate is issued.	3 years ago
Herman Slatman	13a31fd862	Merge branch 'master' into herman/ip-sans-improvements	3 years ago
Herman Slatman	ca707cbe05	Fix linting	3 years ago
Herman Slatman	a5d33512fe	Fix test	3 years ago
Herman Slatman	a2c9b5cd7e	Allow IP identifiers in subject, including authorization enforcement To support IPs in the subject using `step-cli`, this PR ensures that Subject Common Names that can be parsed as an IP are also checked to have been authorized before. The PR for `step-cli` is here: github.com/smallstep/cli/pull/576.	3 years ago
Herman Slatman	d799359917	Merge branch 'master' into hs/acme-eab	3 years ago
Herman Slatman	63371a8fb6	Add additional tests for ACME EAB Admin	3 years ago
Herman Slatman	0524122191	Remove authorization flow for different Account private keys As discussed in https://github.com/smallstep/certificates/issues/767, we opted for not including this authorization flow to prevent users from getting OOMs. We can add the functionality back when the underlying data store can provide access to a long list of Authorizations more efficiently, for example when a callback is implemented.	3 years ago
Herman Slatman	2215a05c28	Add tests for ACME EAB Admin Refactored some of the existing bits for testing the Authority API by creation of a new LinkedAuthority interface and changing visibility of the MockAuthority to be usable by other packages. At this time, not all of the functions of MockAuthority it usable yet. Will refactor when needed or requested.	3 years ago
Herman Slatman	9885d42711	Fix linting issues	3 years ago
Herman Slatman	6e11657204	Refactor creation of (raw) EAB JWS contents	3 years ago
Herman Slatman	23898e9b76	Improve EAB JWS validation and increase test coverage	3 years ago
Herman Slatman	d0c23973cc	Merge branch 'master' into hs/acme-eab	3 years ago
Herman Slatman	004fc054d5	Fix PR comments	3 years ago
Herman Slatman	06bb97c91e	Add logic for Account authorizations and improve tests	3 years ago
Herman Slatman	bae1d256ee	Improve tests for JWK vs. KID revoke auth flow The logic for both test cases is fairly similar, but with some small differences. Made those clearer by means of some comments. Also added some comments to the middleware logic that decided whether to extract JWK or lookup by KID.	3 years ago
Herman Slatman	a7fbbc4748	Add tests for GetCertificateBySerial	3 years ago
Herman Slatman	4d01cf8135	Increase test code coverage	3 years ago
Herman Slatman	2d357da99b	Add tests for ACME revocation	3 years ago
Herman Slatman	ed295ca15d	Fix linting issue	3 years ago
Herman Slatman	2d50c96d99	Merge branch 'master' into hs/acme-revocation	3 years ago
Herman Slatman	e7a988b2cd	Pin golangci-lint to v1.43.0 and fix issues	3 years ago
Herman Slatman	29f9730485	Satisfy golangci-lint	3 years ago
Herman Slatman	c7a9c13060	Add tests for extractOrLookupJWK middleware	3 years ago
Herman Slatman	3151255a25	Merge branch 'master' into hs/acme-revocation	3 years ago
Herman Slatman	4d726d6b4c	Add pagination to ACME EAB credentials endpoint	3 years ago
Herman Slatman	d354d55e7f	Improve handling duplicate ACME EAB references	3 years ago
Herman Slatman	dd4b4b0435	Fix remaining gocritic remarks	3 years ago
Herman Slatman	a4660f73fa	Fix some of the gocritic remarks	3 years ago
Herman Slatman	e0b495e4c8	Merge branch 'master' into hs/acme-eab	3 years ago
Herman Slatman	c26041f835	Add ACME EAB nosql tests	3 years ago
max furman	933b40a02a	Introduce gocritic linter and address warnings	3 years ago
Herman Slatman	0afea2e957	Improve tests for already bound EAB keys	3 years ago
Herman Slatman	c2bc1351c6	Add provisioner to remove endpoint and clear reference index on delete	3 years ago
Herman Slatman	746c5c9fd9	Disallow creation of EAB keys with non-unique references	3 years ago
Herman Slatman	9c0020352b	Add lookup by reference and make reference optional	3 years ago
Herman Slatman	02cd3b6b3b	Fix PR comments	3 years ago
Herman Slatman	f11c0cdc0c	Add endpoint for listing ACME EAB keys	3 years ago
Herman Slatman	a1afbce50c	Check EAB key exists before deleting it	3 years ago
Herman Slatman	9d09f5e575	Add support for deleting ACME EAB keys	3 years ago
Herman Slatman	a98fe03e80	Merge branch 'master' into hs/acme-eab	3 years ago
Herman Slatman	1dba8698e3	Use LinkedCA.EABKey type in ACME EAB API	3 years ago
Mariano Cano	470b546d59	Merge pull request #557 from joejulian/http01-isv use InsecureSkipVerify for validation	3 years ago
max furman	a3028bbc0e	Add test for updateAddOrderIDs	3 years ago
Mariano Cano	dc5205cc72	Extract the tls error code and fail accordingly.	3 years ago
Mariano Cano	ae58a0ee4e	Make tests compatible with Go 1.17. With Go 1.17 tls.Dial will fail if the client and server configured protocols do not overlap. See https://golang.org/doc/go1.17#ALPN	3 years ago
Herman Slatman	f31ca4f6a4	Add tests for validateExternalAccountBinding	3 years ago
Herman Slatman	492256f2d7	Add first test cases for EAB and make provisioner unique per EAB Before this commit, EAB keys could be used CA-wide, meaning that an EAB credential could be used at any ACME provisioner. This commit changes that behavior, so that EAB credentials are now intended to be used with a specific ACME provisioner. I think that makes sense, because from the perspective of an ACME client the provisioner is like a distinct CA. Besides that this commit also includes the first tests for EAB. The logic for creating the EAB JWS as a client has been taken from github.com/mholt/acmez. This logic may be moved or otherwise sourced (i.e. from a vendor) as soon as the step client also (needs to) support(s) EAB with ACME.	3 years ago
Herman Slatman	c6bfc6eac2	Fix PR comments	3 years ago
Herman Slatman	d669f3cb14	Fix misspelling	3 years ago
Herman Slatman	540d5fbbdc	Fix marshaling -> marshalling	3 years ago
Herman Slatman	2110c7722f	Fix JWK payload key equality check	3 years ago
Herman Slatman	d44cd18b96	Add External Accounting Binding key "BoundAt" marking	3 years ago
Herman Slatman	f81d49d963	Add first working version of External Account Binding	3 years ago
Herman Slatman	258efca0fa	Improve revocation authorization	3 years ago
Herman Slatman	97165f1844	Fix test mocking for CreateCertificate	3 years ago
Herman Slatman	2b15230aa4	Add Serial to Cert ID ACME table and lookup	3 years ago
Herman Slatman	8f7e700f09	Merge branch 'master' into hs/acme-revocation	3 years ago
max furman	857a50434c	Merge branch 'master' into max/cert-mgr-crud	3 years ago
max furman	9fdef64709	Admin level API for provisioner mgmt v1	3 years ago
Herman Slatman	16fe07d4dc	Fix mockSignAuth	3 years ago
Herman Slatman	0e56932e76	Add support for revocation using JWK	3 years ago
Herman Slatman	84e7d468f2	Improve handling of ACME revocation	3 years ago
Herman Slatman	d53bcaf830	Add base logic for ACME revoke-cert	3 years ago
Herman Slatman	8e4a4ecc1f	Refactor tests for sans	3 years ago
Herman Slatman	87b72afa25	Fix IP equality check and add more tests	3 years ago
Herman Slatman	a6d33b7d06	Add tests for sans()	3 years ago
Herman Slatman	64c15fde7e	Add tests for canonicalize function	3 years ago
Herman Slatman	c514a187b2	Fix Fail() -_-b	3 years ago
Herman Slatman	135e912ac8	Improve coverage for TLS-ALPN-01 challenge	3 years ago
Herman Slatman	218a2adb9f	Add tests for IP Order validations	3 years ago
Herman Slatman	523ae96749	Change identifier and challenge types to consts	3 years ago
Herman Slatman	84ea8bd67a	Fix PR comments	3 years ago
Herman Slatman	af4803b8b8	Fix tests	3 years ago
Herman Slatman	0c79914d0d	Improve check for single IP in TLS-ALPN-01 challenge	3 years ago
Herman Slatman	a6405e98a9	Remove fmt.	3 years ago
Herman Slatman	2f40011da8	Add support for TLS-ALPN-01 challenge	3 years ago
Herman Slatman	76dcf542d4	Fix mixed DNS and IP SANs in Order	3 years ago
Herman Slatman	af615db6b5	Support DNS and IPs as SANs in single Order	3 years ago
Herman Slatman	a0e92f8e99	Verify IP identifier contains valid IP	3 years ago
Herman Slatman	6486e6016b	Make logic for which challenge types to use clearer	3 years ago
Herman Slatman	3e36522329	Add preliminary support for TLS-ALPN-01 challenge for IP identifiers	3 years ago
Herman Slatman	6d9710c88d	Add initial support for ACME IP validation	3 years ago
max furman	7b5d6968a5	first commit	3 years ago
Joe Julian	0369151bfa	use InsecureSkipVerify for validation The server will not yet have a valid certificate so we need to disable certificate validation in the HTTPGetter.	3 years ago
Mariano Cano	2e1524ec2f	Remove the creation on nonce on get acme directory. According to RFC 8555, the replay nonces are only required in POST requests. And of course in the new-nonce request.	3 years ago
max furman	93c3c2bf2e	Error handle non existent provisioner downstream and disable debug route logging	3 years ago
max furman	497ec0c79b	Fix linter issues	3 years ago
max furman	b1888fd34d	Use different method for unescpaed paths for the router	3 years ago
max furman	6cfb9b790c	Remove check of deprecated value - NegotiatedProtocolIsMutual is always true: Deprecated according to golang docs	3 years ago
max furman	63ec2e35b0	Change Clock to empty struct in nosql/nosql \| truncate > round - saves space -	3 years ago
max furman	672e3f976e	Few ACME fixes ... - always URL escape linker output - validateJWS should accept RSAPSS - GetUpdateAccount -> GetOrUpdateAccount	3 years ago
max furman	2e0e62bc4c	add WriteError method for acme api	3 years ago
max furman	9aef84b9af	remove unused nonce.clone method	3 years ago
max furman	440678cb62	Add markInvalid arg to storeError for invalidating challenge	3 years ago
max furman	6b8585c702	PR review fixes / updates	3 years ago
max furman	bdace1e53f	Add failure scenarios to db.CreateOrder unit tests	3 years ago
max furman	fd447c5b54	Fix small nbf->naf bug in db.CreateOrder - still needs unit test	3 years ago
max furman	a785131d09	Fix lint issues	3 years ago
max furman	80c8567d99	change errnotfound type for getAccount - more generalized NotFound type rather than the nosql one we were using - if the error is not recognized then the logic in create account will break.	3 years ago
max furman	1831920363	Finish order unit tests and remove unused mocklinker	3 years ago
max furman	b6ebc0fd25	more unit tests	3 years ago
max furman	df05340521	fixing broken unit tests	3 years ago
max furman	bdf4c0f836	add acme order unit tests	3 years ago
max furman	c0a9f24798	add authorization and order unit tests	3 years ago
max furman	a58466589f	add tls-alpn-01 validate unit tests	3 years ago
max furman	a8e4bbf715	start Validate unit tests	3 years ago
max furman	1fb0f1d7d9	add storeError unit tests	3 years ago
max furman	8b4a5a6d8b	add unit tests for dns01 validate	3 years ago
max furman	3612a0b990	gethttp01 validate unit tests working	3 years ago
max furman	7f9ffbd514	adding more acme nosql unit tests	3 years ago
max furman	88e6f00347	nosql account db unit tests	3 years ago
max furman	ce13d09dcb	add `at` to time attributes in dbAccount	3 years ago
max furman	f72b2ff2c2	[acme db interface] nosql authz unit tests	3 years ago
max furman	206909b12e	[acme db interface] unit tests for challenge nosql db	3 years ago
max furman	4b1dda5bb6	[acme db interface] tests	3 years ago
max furman	074ab7b221	[acme db interface] add linker tests	3 years ago
max furman	8d2ebcfd49	[acme db interface] more unit tests	3 years ago
max furman	20b9785d20	[acme db interface] continuing unit test work	3 years ago
max furman	291fd5d45a	[acme db interface] more unit tests	3 years ago
max furman	f71e27e787	[acme db interface] unit test progress	3 years ago
max furman	bb8d54e596	[acme db interface] unit tests compiling	3 years ago
max furman	f20fcae80e	[acme db interface] wip unit test fixing	3 years ago
max furman	fc395f4d69	[acme db interface] compiles!	3 years ago
max furman	116869ebc5	[acme db interface] wip	3 years ago
max furman	80a6640103	[acme db interface] wip	3 years ago
max furman	491c188a5e	[acme db interface] wip	3 years ago
max furman	1135ae04fc	[acme db interface] wip	3 years ago
max furman	03ba229bcb	[acme db interface] wip more errors	3 years ago
max furman	2ae43ef2dc	[acme db interface] wip errors	3 years ago
max furman	121cc34cca	[acme db interface] wip	3 years ago
max furman	461bad3fef	[acme db interface] wip	3 years ago
max furman	0368957e79	[acmedb] (wip)	3 years ago
max furman	31ad7f2e9b	[acme] Continued work on acme db interface (wip)	3 years ago
max furman	34859551ef	Add new directory structure	3 years ago
max furman	088432150d	Beginnings of acmeDB interface	3 years ago
max furman	265d49dbf8	Remove debug statement	4 years ago
max furman	1f9aa65d66	Add test case	4 years ago
max furman	20f8d950c4	Fix broken ValidateChallenge test	4 years ago
max furman	4c48048615	Use sync.Mutex as value	4 years ago
max furman	272cce522e	Fix test and change method name	4 years ago
max furman	f34fb80eb6	[acme] Use lock for ordersByAccID and type to house methods	4 years ago
Mariano Cano	c94a1c51be	Merge branch 'master' into ssh-cert-templates	4 years ago
Mariano Cano	ba918100d0	Use go.step.sm/crypto/jose Replace use of github.com/smallstep/cli/crypto with the new package go.step.sm/crypto/jose.	4 years ago
Mariano Cano	d30a95236d	Use always go.step.sm/crypto	4 years ago
Mariano Cano	aaaa7e9b4e	Merge branch 'master' into cert-templates	4 years ago

1 2 3 4 5 ...

293 Commits (7101fbb0ee939d24756695508845e78e41a1cb59)