smallstep-certificates

mirror of https://github.com/smallstep/certificates.git synced 2024-10-31 03:20:16 +00:00

Author	SHA1	Message	Date
max furman	074ab7b221	[acme db interface] add linker tests	2021-03-25 12:05:46 -07:00
max furman	8d2ebcfd49	[acme db interface] more unit tests	2021-03-25 12:05:46 -07:00
max furman	20b9785d20	[acme db interface] continuing unit test work	2021-03-25 12:05:46 -07:00
max furman	291fd5d45a	[acme db interface] more unit tests	2021-03-25 12:05:46 -07:00
max furman	f71e27e787	[acme db interface] unit test progress	2021-03-25 12:05:46 -07:00
max furman	bb8d54e596	[acme db interface] unit tests compiling	2021-03-25 12:05:46 -07:00
max furman	f20fcae80e	[acme db interface] wip unit test fixing	2021-03-25 12:05:46 -07:00
max furman	fc395f4d69	[acme db interface] compiles!	2021-03-25 12:05:46 -07:00
max furman	116869ebc5	[acme db interface] wip	2021-03-25 12:05:46 -07:00
max furman	80a6640103	[acme db interface] wip	2021-03-25 12:05:46 -07:00
max furman	491c188a5e	[acme db interface] wip	2021-03-25 12:05:46 -07:00
max furman	1135ae04fc	[acme db interface] wip	2021-03-25 12:05:46 -07:00
max furman	03ba229bcb	[acme db interface] wip more errors	2021-03-25 12:05:46 -07:00
max furman	2ae43ef2dc	[acme db interface] wip errors	2021-03-25 12:05:46 -07:00
max furman	121cc34cca	[acme db interface] wip	2021-03-25 12:05:45 -07:00
max furman	461bad3fef	[acme db interface] wip	2021-03-25 12:05:45 -07:00
max furman	0368957e79	[acmedb] (wip)	2021-03-25 12:05:45 -07:00
max furman	31ad7f2e9b	[acme] Continued work on acme db interface (wip)	2021-03-25 12:05:45 -07:00
max furman	34859551ef	Add new directory structure	2021-03-25 12:05:45 -07:00
max furman	088432150d	Beginnings of acmeDB interface	2021-03-25 12:05:45 -07:00
max furman	265d49dbf8	Remove debug statement	2020-12-18 18:17:55 -05:00
max furman	1f9aa65d66	Add test case	2020-12-18 17:05:25 -05:00
max furman	20f8d950c4	Fix broken ValidateChallenge test	2020-12-18 11:18:42 -05:00
max furman	4c48048615	Use sync.Mutex as value	2020-10-20 17:56:15 -07:00
max furman	272cce522e	Fix test and change method name	2020-10-20 17:18:20 -07:00
max furman	f34fb80eb6	[acme] Use lock for ordersByAccID and type to house methods	2020-10-20 16:25:16 -07:00
Mariano Cano	c94a1c51be	Merge branch 'master' into ssh-cert-templates	2020-08-24 15:08:28 -07:00
Mariano Cano	ba918100d0	Use go.step.sm/crypto/jose Replace use of github.com/smallstep/cli/crypto with the new package go.step.sm/crypto/jose.	2020-08-24 14:44:11 -07:00
Mariano Cano	d30a95236d	Use always go.step.sm/crypto	2020-08-14 15:33:50 -07:00
Mariano Cano	aaaa7e9b4e	Merge branch 'master' into cert-templates	2020-08-14 10:45:41 -07:00
max furman	55bf5a4526	Add cert logging for acme/certificate api	2020-08-12 15:50:45 -07:00
Mariano Cano	e83e47a91e	Use sshutil and randutil from go.step.sm/crypto.	2020-08-10 11:26:51 -07:00
Mariano Cano	c8d225a763	Use x509util from go.step.sm/crypto/x509util	2020-08-05 16:02:46 -07:00
Mariano Cano	f1773489fc	Fix comment.	2020-07-31 10:45:59 -07:00
Mariano Cano	6c64fb3ed2	Rename provisioner options structs: * provisioner.ProvisionerOptions => provisioner.Options * provisioner.Options => provisioner.SignOptions * provisioner.SSHOptions => provisioner.SingSSHOptions	2020-07-22 18:24:45 -07:00
Mariano Cano	0c8376a7f6	Fix existing unit tests.	2020-07-21 14:21:54 -07:00
Mariano Cano	a7fe0104c4	Remove ACME restrictions and add proper template support.	2020-07-21 14:18:06 -07:00
max furman	d25e7f64c2	wip	2020-06-24 09:58:40 -07:00
max furman	1951669e13	wip	2020-06-23 11:10:45 -07:00
max furman	41a1a053d8	Always convert empty list to nil when saving orderIDs index.	2020-06-01 18:04:51 -07:00
max furman	704a510a2a	Remove non-pending orders from the acme_orders_by_account index ... - Each acme account has an index in this table. Before this change, the index would grow unchecked as orders accumulate. This change removes orders that have moved out of the 'PENDING' state.	2020-06-01 12:56:50 -07:00
David Cowden	a26b5f322d	acme/api: Brush up documentation on key-change Add more specific wording describing what a 501 means and add more color explaining how official vs unofficial error types should be handled.	2020-05-28 11:22:37 -07:00
David Cowden	b26e6e42b3	acme: Return 501 for the key-change route RFC 8555 § 7.3.5 is not listed as optional but we do not currently support it. Rather than 404, return a 501 to inform clients that this functionality is not yet implemented. The notImplmented error type is not an official error registered in the ietf:params:acme:error namespace, so prefix if with step:acme:error. An ACME server is allowed to return other errors and clients should display the message detail to users. Fixes: https://github.com/smallstep/certificates/issues/209	2020-05-26 01:47:08 -07:00
max furman	6e69f99310	Always set nbf and naf for new ACME orders ... - Use the default value from the ACME provisioner if values are not defined in the request.	2020-05-22 10:31:58 -07:00
Max	ba91f4ed13	Merge pull request #260 from anxolerd/feat-force-cn-if-empty [Feature] Force CommonName for certificates from ACME provisioner	2020-05-18 14:40:01 -07:00
Oleksandr Kovalchuk	893a53793a	Modify existing tests to accept forceCNOption modifier Modify existing tests to pass with changes introduced in commit `322200b7db`. This is safe to do as tests assert exact length of modifiers, which has changed.	2020-05-17 20:27:09 +03:00
Oleksandr Kovalchuk	322200b7db	Implement modifier to set CommonName Implement modifier which sets CommonName to the certificate if CommonName is empty and forceCN is set in the config. Replace previous implementation introduced in `0218018cee` with new modifier. Closes https://github.com/smallstep/certificates/issues/259 Ref: https://github.com/smallstep/certificates/pull/260#issuecomment-628961322	2020-05-17 20:23:13 +03:00
max furman	e1409349f3	Allow relative URL for all links in ACME api ... * Pass the request context all the way down the ACME stack. * Save baseURL in context and use when generating ACME urls.	2020-05-14 17:32:54 -07:00
Oleksandr Kovalchuk	0218018cee	Generate Subject if `forceCN` and Subject is empty When `forceCN` is set in provisioner configuration and Subject.CommonName is empty, set Subject.CommonName to the first SAN from the CSR to follow the letsencrypt's boulder behavior. This is done in order to support system which require certificate's Subject field to be non-empty. N.B. certbot does not send Subject in its certificate request and relies on similar behavior of letsencrypt. Closes https://github.com/smallstep/certificates/issues/259	2020-05-14 13:23:42 +03:00
Clive Jevons	639993bd09	Read host and protocol information from request for links When constructing links we want to read the required host and protocol information in a dynamic manner from the request for constructing ACME links such as the directory information. This way, if the server is running behind a proxy, and we don't know what the exposed URL should be at runtime, we can construct the required information from the host, tls and X-Forwarded-Proto fields in the HTTP request. Inspired by the LetsEncrypt Boulder project (web/relative.go).	2020-05-12 16:58:12 -07:00
max furman	4cb777bdc1	ACME accountUpdate ignore fields not recognized by the server.	2020-05-08 11:52:30 -07:00
Ivan Bertona	cb46a8b741	Small test fixes.	2020-02-11 09:57:28 -05:00
Ivan Bertona	10bc548c6e	Remove leftover file.	2020-02-10 14:58:16 -05:00
Ivan Bertona	200cfd2433	Add test for missing TLS certificates in response.	2020-02-10 14:50:13 -05:00
Ivan Bertona	157686e338	Tiny finishes.	2020-02-07 19:57:29 -05:00
Ivan Bertona	6843408d42	Reject obsolete id-pe-acmeIdentifier.	2020-02-07 19:26:18 -05:00
Ivan Bertona	6b5a2b17b5	Add challenge unmarshal test cases.	2020-02-07 15:25:27 -05:00
Ivan Bertona	b8208ec401	Add test case for failed came-tls/1 protocol negotiation.	2020-02-07 15:14:08 -05:00
Ivan Bertona	4b473732d9	Add support for TLS-ALPN-01 challenge.	2020-02-07 14:37:13 -05:00
max furman	c255274572	Should be returning status code 400 for ACME Account Not Found. Issue #173	2020-02-01 17:35:41 -08:00
Mariano Cano	0a890a5c16	Add the commonName as a DNSName to match RFC. Normalize names and remove the use of reflection.	2020-01-28 15:34:01 -08:00
max furman	432ed0090f	Use _'s in table names.	2020-01-28 13:29:40 -08:00
max furman	967e86a48b	Simplify trimming *. prefix of domain in acme dns validation.	2019-12-20 13:32:44 -08:00
Oleksandr Kovalchuk	ec8ff0bced	Add testcase which ensures we pass correct domain to lookupTxt Make sure we do not pass domains with asterisk (wildcard) in the middle, like _acme-challenge.*.example.com to lookupTxt function, but preprocess domain and remove leading wildcard so we lookup for _acme-challenge.example.com.	2019-12-20 22:54:41 +02:00
Oleksandr Kovalchuk	46832bb9b3	Remove superflurous Printf statement The statement was used for debug purposes and should not be included in the final build	2019-12-20 22:22:12 +02:00
Oleksandr Kovalchuk	a995cca418	Perform domain normalization for wildcard domains Perform domain normalization for wildcard domains, so we do query TXT records for _acme-challenge.example.domain instead of _acme-challenge.*.example.domain when performing DNS-01 challenge. In this way the behavior is consistent with letsencrypt and records queried are in sync with the ones that are shown in certbot manual mode.	2019-12-20 19:17:53 +02:00
Max	0a96062b76	Merge pull request #128 from jkralik/returnCertChain Change api of functions Authority.Sign, Authority.Renew	2019-10-18 14:00:18 -07:00
max furman	d368791606	Add x5c provisioner capabilities	2019-10-14 14:51:37 -07:00
max furman	7aec7c2612	Create ACME database tables when initializing ACME autority.	2019-10-14 14:51:03 -07:00
Jozef Kralik	bc6074f596	Change api of functions Authority.Sign, Authority.Renew Returns certificate chain instead of 2 members. Implements #126	2019-10-09 22:23:00 +02:00
max furman	e92dfb2516	Fix authz shadow declarations	2019-09-30 11:49:15 -07:00
max furman	fe7973c060	wip	2019-09-19 13:17:45 -07:00
max furman	e3826dd1c3	Add ACME CA capabilities	2019-09-13 15:48:33 -07:00

1 2 3

123 Commits