Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-19 09:25:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,149 Commits 40 Branches 223 Tags 44 MiB
79739e5073
Commit Graph

1217 Commits

Author SHA1 Message Date
Herman Slatman
79739e5073
Change signature algorithm property name 2024-01-12 09:48:49 +01:00
Herman Slatman
1bf807add3
Use base64 encoded signing key format 2024-01-11 17:04:08 +01:00
Herman Slatman
1f5f756fce
Make Wire options more robust 2024-01-11 16:14:53 +01:00
Herman Slatman
6ef64b6ed6
Refactor the Wire option configuration 2024-01-11 15:08:44 +01:00
Herman Slatman
b6fc0005d5
Add verification of maximum expiry time for Wire tokens 2024-01-11 14:24:34 +01:00
Herman Slatman
acad227b25
Put Wire options in lower level wire struct 2024-01-11 13:18:43 +01:00
Herman Slatman
897688a831
Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli 2024-01-11 12:03:52 +01:00
Herman Slatman
70a2f431fa
Address review remarks 2024-01-11 11:06:39 +01:00
Herman Slatman
c7892e9cd3
Remove the rusty-jwt-cli configuration 2024-01-10 20:51:19 +01:00
Herman Slatman
8997ce1a1e
Disable wire-dpop-01 and wire-oidc-01 by default 2024-01-10 20:06:02 +01:00
Herman Slatman
bf8c17e3ec
Remove the Wire oidc and dpop from attestation formats 2024-01-10 19:12:22 +01:00
Herman Slatman
6a98fea1f3
Fix linter issues 2024-01-10 18:36:24 +01:00
Herman Slatman
e2a2e00526
Make template use DeviceId for now 2024-01-10 17:15:03 +01:00
Herman Slatman
776a839a42
Fix linter issues and improve error handling 2024-01-09 21:31:19 +01:00
beltram
39bf889925
feat: remove query parameters from OIDC issuerUrl so that it allows us to use it to carry the OAuth ClientId in the Challenge.target field without at the same time undermining the idToken verification which relies on a issuer (iss) claim without this query parameter 2024-01-08 22:10:49 +01:00
Stefan Berthold
5ceed08ae0
Reorganize parsing target 2024-01-08 21:19:54 +01:00
Stefan Berthold
83ba0bdc51
Replace field access by accessor functions 2024-01-08 21:17:57 +01:00
beltram
2b1223a080
simpler 2024-01-08 21:14:17 +01:00
beltram
036a144e09
add oidc target 2024-01-08 21:10:46 +01:00
beltram
d32a3e23f0
wip 2024-01-08 21:08:34 +01:00
Stefan Berthold
2208b03744
avoid panic when OIDC config is not provided 2024-01-08 20:37:37 +01:00
Stefan Berthold
e6dd211637
acquire DPoP signing key from provisioner 2024-01-08 20:34:58 +01:00
Stefan Berthold
8e0e35532c
Add Wire authz and challenges (OIDC+DPOP) 2024-01-08 20:27:16 +01:00
Mariano Cano
b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3 2023-12-12 16:36:48 -08:00
Max
d34f0f6a97
Fix linter warnings (#1634) 2023-11-28 20:58:58 -08:00
Herman Slatman
f082cbc421
Denormalize provisioner name in SCEP webhook 2023-11-08 20:09:52 +01:00
Herman Slatman
9ebc8779f5
Normalize SCEP provisioner name in webhook body 2023-11-08 19:52:20 +01:00
Herman Slatman
e815864ed8
Add verification of provisionerName in test 2023-11-08 19:46:29 +01:00
Herman Slatman
de45d66cdb
Add provisionerName to webhook request body 2023-11-08 19:43:13 +01:00
Mariano Cano
49045a1150
Change CommonName validator in JWK 
This commit changes the common name validator in the JWK provisioner to
accept either the token subject or any of the sans in the token.
 2023-10-31 16:44:18 -07:00
Max
9f84f7ce35
Allow for identity certificate signing (in sshSign) by skipping validators (#1572) 
- skip urisValidator for identity certificate signing. Implemented
  by building the validator with the context in a hacky way.
 2023-10-06 14:02:19 -07:00
Mariano Cano
52baf52f84
Change scep password type to string 
This commit changes the type of the decrypter key password to string to
be consistent with other passwords in the ca.json
 2023-09-26 10:36:58 -07:00
Herman Slatman
c0fbace882
Address review remarks 2023-09-26 00:00:08 +02:00
Herman Slatman
4dc5a688fd
Set SCEP authority options once 2023-09-25 22:24:13 +02:00
Herman Slatman
15c46ebbaa
Switch logic for SCEP initialization around 2023-09-25 22:00:30 +02:00
Herman Slatman
f1da256ca4
Change SCEP authority initialization 2023-09-25 21:55:19 +02:00
Herman Slatman
4554f86f16
Make SCEP decrypter properties use omitempty 2023-09-25 19:48:12 +02:00
Herman Slatman
ffe079f31b
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-09-23 00:06:56 +02:00
Mariano Cano
31da66c124
Fix webhooks signature 
This commit fixes the way webhooks signatures are created. Before this
change, the signature of an empty body was prepended by the body itself.
 2023-09-22 13:22:52 -07:00
Herman Slatman
3f3b67e05c
Merge branch 'herman/scep-provisioner-decrypter' into herman/scep-notifying-webhook 2023-09-22 12:44:11 +02:00
Herman Slatman
ba72710e2d
Address code review remarks 2023-09-22 12:40:14 +02:00
Herman Slatman
5f8e0de1c3
Fix duplicate import in SCEP provisioner 2023-09-22 11:46:51 +02:00
Herman Slatman
4fd4227b73
Use shorter SCEP decrypter property names from linkedca 2023-09-22 11:44:49 +02:00
Herman Slatman
5fd70af2c8
Make API responses aware of the new SCEP decrypter properties 2023-09-22 11:38:03 +02:00
Herman Slatman
3ade92f8d5
Support both a decrypter key URI as well as PEM 2023-09-22 11:10:22 +02:00
Herman Slatman
b6c95d7be2
Add additional properties to SCEP notify webhook request body 2023-09-21 18:12:13 +02:00
Herman Slatman
63257e0576
Add full certificate DER bytes to success notification webhook 2023-09-21 12:05:58 +02:00
Herman Slatman
52bc96760b
Add SCEP certificate issuance notification webhook 2023-09-21 12:01:03 +02:00
Herman Slatman
a3c9dd796a
Merge branch 'herman/scep-provisioner-decrypter' of github.com:smallstep/certificates into herman/scep-provisioner-decrypter 2023-09-21 09:55:18 +02:00
Herman Slatman
69a53eec33
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-09-21 09:55:07 +02:00