Commit Graph

4113 Commits

Author SHA1 Message Date
Max
d34f0f6a97
Fix linter warnings (#1634) 2023-11-28 20:58:58 -08:00
Herman Slatman
26a3bb3c11
Make the Apple JWS fix more robust and catch more cases. 2023-11-29 02:30:28 +01:00
Herman Slatman
31ba1b33fb
Merge pull request #1633 from smallstep/update-changelog-20231122
Set `v0.25.1` release date
2023-11-29 01:03:48 +01:00
Herman Slatman
528aad86dd
Set v0.25.1 release date 2023-11-28 23:18:57 +01:00
Herman Slatman
3bb469274d
Merge pull request #1632 from smallstep/update-changelog-20231122
Update changelog for `v0.25.1` release
2023-11-28 09:54:57 +01:00
Herman Slatman
f01b48fdcd
Update changelog for v0.25.1 release 2023-11-27 16:39:09 +01:00
Herman Slatman
113491e7af
Remove TODO for patching other algorithms for Apple ACME client 2023-11-24 18:29:22 +01:00
Herman Slatman
06f4cbbcda
Add (temporary) fix for missing null bytes in Apple JWS signatures
Apparently the Apple macOS (and iOS?) ACME client seems to omit
leading null bytes from JWS signatures. The base64-url encoded
bytes decode to a shorter byte slice than what the JOSE library
expects (e.g. 63 bytes instead of 64 bytes for ES256), and then
results in a `jose.ErrCryptoFailure`.

This commit retries verification of the JWS in case the first
verification fails with `jose.ErrCryptoFailure`. The signatures are
checked to be of the correct length, and if not, null bytes are
prepended to the signature. Then verification is retried, which
might fail again, but for other reasons. On success, the payload
is returned.

Apple should fix this in their ACME client, but in the meantime
this commit prevents some "bad request" error cases from happening.
2023-11-24 18:21:01 +01:00
github-actions[bot]
cf6e189d7c
Merge pull request #1629 from smallstep/dependabot/go_modules/github.com/go-jose/go-jose/v3-3.0.1
Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1
2023-11-22 11:32:50 +01:00
dependabot[bot]
350ad9006c
Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-21 22:19:52 +00:00
github-actions[bot]
1dacf50776
Merge pull request #1626 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.37.0
Bump go.step.sm/crypto from 0.36.1 to 0.37.0
2023-11-21 11:23:20 +01:00
dependabot[bot]
66df354f2f
Bump go.step.sm/crypto from 0.36.1 to 0.37.0
Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.36.1 to 0.37.0.
- [Release notes](https://github.com/smallstep/crypto/releases)
- [Commits](https://github.com/smallstep/crypto/compare/v0.36.1...v0.37.0)

---
updated-dependencies:
- dependency-name: go.step.sm/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-21 10:12:12 +00:00
github-actions[bot]
c6db7673bf
Merge pull request #1628 from smallstep/dependabot/go_modules/google.golang.org/api-0.151.0
Bump google.golang.org/api from 0.150.0 to 0.151.0
2023-11-21 11:09:06 +01:00
github-actions[bot]
a36cf81d6a
Merge pull request #1627 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.28.0
Bump github.com/newrelic/go-agent/v3 from 3.27.0 to 3.28.0
2023-11-21 11:08:28 +01:00
dependabot[bot]
5b07ae7f52
Bump google.golang.org/api from 0.150.0 to 0.151.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.150.0 to 0.151.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.150.0...v0.151.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-20 15:52:17 +00:00
dependabot[bot]
74597e6fbb
Bump github.com/newrelic/go-agent/v3 from 3.27.0 to 3.28.0
Bumps [github.com/newrelic/go-agent/v3](https://github.com/newrelic/go-agent) from 3.27.0 to 3.28.0.
- [Release notes](https://github.com/newrelic/go-agent/releases)
- [Changelog](https://github.com/newrelic/go-agent/blob/master/CHANGELOG.md)
- [Commits](https://github.com/newrelic/go-agent/compare/v3.27.0...v3.28.0)

---
updated-dependencies:
- dependency-name: github.com/newrelic/go-agent/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-20 15:52:03 +00:00
github-actions[bot]
8308e1ac54
Merge pull request #1619 from smallstep/dependabot/go_modules/golang.org/x/net-0.18.0
Bump golang.org/x/net from 0.17.0 to 0.18.0
2023-11-14 12:25:15 +01:00
dependabot[bot]
6826ca9ebb
Bump golang.org/x/net from 0.17.0 to 0.18.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-14 11:17:13 +00:00
github-actions[bot]
4f6ca083aa
Merge pull request #1620 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.15.0
Bump golang.org/x/crypto from 0.14.0 to 0.15.0
2023-11-14 12:15:42 +01:00
dependabot[bot]
2eefd2ce63
Bump golang.org/x/crypto from 0.14.0 to 0.15.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-13 15:41:26 +00:00
github-actions[bot]
6ebd5264ec
Merge pull request #1621 from smallstep/dependabot/go_modules/google.golang.org/api-0.150.0
Bump google.golang.org/api from 0.149.0 to 0.150.0
2023-11-13 16:38:04 +01:00
dependabot[bot]
48d9ea188b
Bump google.golang.org/api from 0.149.0 to 0.150.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.149.0 to 0.150.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.149.0...v0.150.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-13 15:26:27 +00:00
Herman Slatman
a4b7bbf2d9
Merge pull request #1617 from smallstep/herman/scep-webhook-provisioner-name
Add `provisionerName` to SCEP webhook request body
2023-11-08 20:16:31 +01:00
Herman Slatman
f082cbc421
Denormalize provisioner name in SCEP webhook 2023-11-08 20:09:52 +01:00
Herman Slatman
9ebc8779f5
Normalize SCEP provisioner name in webhook body 2023-11-08 19:52:20 +01:00
Herman Slatman
e815864ed8
Add verification of provisionerName in test 2023-11-08 19:46:29 +01:00
Herman Slatman
de45d66cdb
Add provisionerName to webhook request body 2023-11-08 19:43:13 +01:00
Mariano Cano
a7ed79bb21
Merge pull request #1616 from smallstep/fix-1611
Use the same version for building and running
2023-11-07 16:32:55 -08:00
Mariano Cano
875512c79e
Use the same version for building and running
This commit makes sure to use the same version for building step-ca with
CGO and running it.

Fixes #1611
2023-11-07 15:36:01 -08:00
Mariano Cano
1697dc63a7
Merge pull request #1608 from smallstep/mariano/ra-template
Build RA token using SANs from the template
2023-11-07 10:46:14 -08:00
Mariano Cano
690d1c3c50
Merge pull request #1609 from smallstep/mariano/jwk-commonname
Change CommonName validator in JWK
2023-11-07 10:45:51 -08:00
github-actions[bot]
111bc1d789
Merge pull request #1613 from smallstep/dependabot/go_modules/cloud.google.com/go/longrunning-0.5.4
Bump cloud.google.com/go/longrunning from 0.5.3 to 0.5.4
2023-11-06 19:30:49 +01:00
dependabot[bot]
8c5d26e1c5
Bump cloud.google.com/go/longrunning from 0.5.3 to 0.5.4
Bumps [cloud.google.com/go/longrunning](https://github.com/googleapis/google-cloud-go) from 0.5.3 to 0.5.4.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/longrunning/v0.5.3...longrunning/v0.5.4)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/longrunning
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 18:27:22 +00:00
github-actions[bot]
444cfe2fcd
Merge pull request #1614 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.15.4
Bump cloud.google.com/go/security from 1.15.3 to 1.15.4
2023-11-06 19:26:02 +01:00
dependabot[bot]
8406f75806
Bump cloud.google.com/go/security from 1.15.3 to 1.15.4
Bumps [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go) from 1.15.3 to 1.15.4.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/kms/v1.15.3...kms/v1.15.4)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/security
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 15:25:48 +00:00
Herman Slatman
132e888f36
Merge pull request #1610 from abelgvidal/fixcontrib
Amend link to Contribution Guide in README
2023-11-02 13:48:26 +01:00
Abel Gonzalez
807c7562f5 Amend wrong link to Contribution Guide in README 2023-11-01 20:18:05 +01:00
Mariano Cano
49045a1150
Change CommonName validator in JWK
This commit changes the common name validator in the JWK provisioner to
accept either the token subject or any of the sans in the token.
2023-10-31 16:44:18 -07:00
Mariano Cano
6705b7dde4
Build RA token using SANs from the template
This commit updates the RA token to use the SANs coming from the
template instead of the CSR.

Note that this PR might break some admin tokens.
2023-10-31 15:41:59 -07:00
github-actions[bot]
ef2b43d888
Merge pull request #1604 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.15.3
Bump cloud.google.com/go/security from 1.15.2 to 1.15.3
2023-10-30 17:14:28 +01:00
dependabot[bot]
3528012614
Bump cloud.google.com/go/security from 1.15.2 to 1.15.3
Bumps [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go) from 1.15.2 to 1.15.3.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/kms/v1.15.2...kms/v1.15.3)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/security
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 15:58:06 +00:00
github-actions[bot]
a278e707e8
Merge pull request #1605 from smallstep/dependabot/go_modules/github.com/google/uuid-1.4.0
Bump github.com/google/uuid from 1.3.1 to 1.4.0
2023-10-30 16:54:37 +01:00
github-actions[bot]
7043ff1464
Merge pull request #1606 from smallstep/dependabot/go_modules/cloud.google.com/go/longrunning-0.5.3
Bump cloud.google.com/go/longrunning from 0.5.2 to 0.5.3
2023-10-30 16:53:56 +01:00
dependabot[bot]
15383bae66
Bump cloud.google.com/go/longrunning from 0.5.2 to 0.5.3
Bumps [cloud.google.com/go/longrunning](https://github.com/googleapis/google-cloud-go) from 0.5.2 to 0.5.3.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/longrunning/v0.5.2...longrunning/v0.5.3)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/longrunning
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 15:49:04 +00:00
dependabot[bot]
4c51360400
Bump github.com/google/uuid from 1.3.1 to 1.4.0
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 15:48:46 +00:00
Herman Slatman
71a4481e57
Merge pull request #1600 from smallstep/herman/use-smallstep-scep-and-pkcs7
Use Smallstep SCEP and PKCS7 libraries
2023-10-25 12:15:31 +02:00
Herman Slatman
af649018a2
Merge branch 'master' into herman/use-smallstep-scep-and-pkcs7 2023-10-24 21:50:58 +02:00
Herman Slatman
1abada69b0
Update import aliases from microscep to smallscep 2023-10-24 21:48:24 +02:00
Herman Slatman
4c17f25389
Replace MicroMDM and Mozilla libraries with Smallstep forks 2023-10-24 21:44:34 +02:00
github-actions[bot]
5e70d6fc81
Merge pull request #1597 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.27.0
Bump github.com/newrelic/go-agent/v3 from 3.26.0 to 3.27.0
2023-10-23 20:17:40 +02:00