Commit Graph

2451 Commits (808f039b0993e047bff9302d42bb03bcc15e92ad)
 

Author SHA1 Message Date
Herman Slatman 8473164b41
Merge pull request #773 from smallstep/herman/ip-sans-improvements
Improve IP SANS support
3 years ago
Herman Slatman a5f2f004e3
Change name of IP Common Name test for clarity 3 years ago
Herman Slatman f9ae875f9d
Use short if-style statements 3 years ago
Herman Slatman 80bebda69c
Fix code style issue 3 years ago
Mariano Cano f7c1a328ed
Merge pull request #777 from smallstep/pkcs11-decrypter
Implement the kms.Decrypter with PKCS#11
3 years ago
Mariano Cano d5c6572da4 Fix typo. 3 years ago
Mariano Cano 5a32401d23 Implement the kms.Decrypter with PKCS#11
This interface allows the use of SCEP with PKCS#11 modules.
3 years ago
Mariano Cano ab44fbfb3f
Merge pull request #774 from smallstep/cm-roots
Avoid doing unauthenticated requests on the SDK
3 years ago
Mariano Cano 2c63abcf52 fix grammar 3 years ago
Mariano Cano 7c4e6dcc96 Remove duplicated code in bootstrap methods 3 years ago
Mariano Cano 64c19d4264 Fix subject in test, use ip 3 years ago
Mariano Cano b0b2e77b0e Avoid doing unauthenticated requests on the SDK
When step-ca runs with mTLS required on some endpoints, the SDK
used in autocert will fail to start because the identity certificate
is missing. This certificate is only required to retrieve all roots,
in most cases there's only one, and the SDK has access to it.
3 years ago
Herman Slatman bc0875bd7b
Disallow email address and URLs in the CSR
Before this commit `step` would allow email addresses and URLs
in the CSR. This doesn't fit nicely with the rest of ACME, in which
identifiers need to be authorized before a certificate is issued.
3 years ago
Herman Slatman 13a31fd862
Merge branch 'master' into herman/ip-sans-improvements 3 years ago
Herman Slatman ca707cbe05
Fix linting 3 years ago
Herman Slatman a5d33512fe
Fix test 3 years ago
Herman Slatman a2c9b5cd7e
Allow IP identifiers in subject, including authorization enforcement
To support IPs in the subject using `step-cli`, this PR ensures that
Subject Common Names that can be parsed as an IP are also checked
to have been authorized before.

The PR for `step-cli` is here: github.com/smallstep/cli/pull/576.
3 years ago
Herman Slatman 5f224b729e
Add tests for Provisioner Admin API 3 years ago
Herman Slatman 43a78f495f
Add tests for Admin API 3 years ago
Herman Slatman bd169f505f
Add Admin API Middleware tests 3 years ago
Herman Slatman d799359917
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 63371a8fb6
Add additional tests for ACME EAB Admin 3 years ago
Herman Slatman fbd3fd2145
Merge pull request #625 from hslatman/hs/acme-revocation
ACME Certificate Revocation
3 years ago
Herman Slatman 00539d07c9
Add changelog entry for ACME revocation 3 years ago
Herman Slatman 3bc3957b06
Merge branch 'master' into hs/acme-revocation 3 years ago
Herman Slatman 0524122191
Remove authorization flow for different Account private keys
As discussed in https://github.com/smallstep/certificates/issues/767,
we opted for not including this authorization flow to prevent users
from getting OOMs. We can add the functionality back when the
underlying data store can provide access to a long list of
Authorizations more efficiently, for example when a callback is
implemented.
3 years ago
Herman Slatman 2215a05c28
Add tests for ACME EAB Admin
Refactored some of the existing bits for testing the Authority
API by creation of a new LinkedAuthority interface and changing
visibility of the MockAuthority to be usable by other packages.

At this time, not all of the functions of MockAuthority it usable
yet. Will refactor when needed or requested.
3 years ago
Carl Tashian 53ebd85327 Update star gif size 3 years ago
Carl Tashian c0255b7caa Update star gif 3 years ago
Carl Tashian accb0710a1 Star gif 3 years ago
Herman Slatman 9885d42711
Fix linting issues 3 years ago
Herman Slatman 6e11657204
Refactor creation of (raw) EAB JWS contents 3 years ago
Herman Slatman 23898e9b76
Improve EAB JWS validation and increase test coverage 3 years ago
Mariano Cano 94afec7e1f
Merge pull request #758 from smallstep/errors-forbidden
Forbidden errors and more
3 years ago
Herman Slatman d0c23973cc
Merge branch 'master' into hs/acme-eab 3 years ago
Mariano Cano e0fee84694 Add comment about public key validator. 3 years ago
Mariano Cano 0cebde3db5 Change fallback message on RekeySSH. 3 years ago
Herman Slatman 004fc054d5
Fix PR comments 3 years ago
Mariano Cano 9fd147f3da Change error message. 3 years ago
Herman Slatman 47a8a3c463
Add test case for ACME Revoke to Authority 3 years ago
Herman Slatman 06bb97c91e
Add logic for Account authorizations and improve tests 3 years ago
Herman Slatman bae1d256ee
Improve tests for JWK vs. KID revoke auth flow
The logic for both test cases is fairly similar, but with some
small differences. Made those clearer by means of some comments.
Also added some comments to the middleware logic that decided
whether to extract JWK or lookup by KID.
3 years ago
Herman Slatman a7fbbc4748
Add tests for GetCertificateBySerial 3 years ago
Herman Slatman 4d01cf8135
Increase test code coverage 3 years ago
Herman Slatman 2d357da99b
Add tests for ACME revocation 3 years ago
Herman Slatman ed295ca15d
Fix linting issue 3 years ago
Herman Slatman c9cd876a7d
Merge branch 'master' into hs/acme-revocation 3 years ago
Mariano Cano 78acf35bf4
Merge pull request #753 from scattered-network/docker-compose-go-mod-updates
Docker Example Fix: Remove Step Build
3 years ago
Mariano Cano d35848f7a9 Fix unit tests. 3 years ago
Mariano Cano c3f98fd04d Change some bad requests to forbidded.
Change in the sign options bad requests to forbidded if is the
provisioner the one adding a restriction, e.g. list of dns names,
validity, ...
3 years ago