Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-11 07:11:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,295 Commits 37 Branches 223 Tags 44 MiB
99ce13a4ea
Commit Graph

377 Commits

Author SHA1 Message Date
Mariano Cano
192e90eea7
Merge branch 'master' into mariano/account-provisioner 2024-05-16 14:25:57 -07:00
Mariano Cano
8673818980
Split provisioner check in two cases 2024-05-15 16:12:15 -07:00
Mariano Cano
f3f484cee2
Log errors using slog.Logger 
This commit allows logging errors in a slog.Logger injected in the
context. This type of logger is not currently used directly in step-ca,
but this will change in the future.
 2024-05-15 15:40:40 -07:00
Mariano Cano
5fa5a63de8
Verify provisioner with id if available 
This commit allows verifying the account provisioner with the request
provisioner using the ID instead of the name. When the provisioner are
stored in the DB, the provisioner ID is not mutable but the name is.
 2024-05-13 17:07:33 -07:00
Mariano Cano
b1e31b1726
Use always acme.IsErrNotFound 
This commit replaces the comparisons with acme.ErrNotFound and always
uses acme.IsErrNotFound.
 2024-05-06 15:11:58 -07:00
Mariano Cano
d037ed6ff2
Add provisioner id to acme accounts 
This commit adds a new field that allows to have a reference to
a provisioner id in the acme account.
 2024-05-06 11:58:22 -07:00
Mariano Cano
296ac4e207
Make ISErrNotFound more flexible 
This commit allows to use the standard error sql.ErrNoRows for not found
errors.
 2024-04-29 16:15:08 -07:00
verytrap
db92404342 chore: fix function names in comment 
Signed-off-by: verytrap <wangqiuyue@outlook.com>
 2024-04-10 10:35:39 +08:00
Mariano Cano
10f6a901ec
Let the CA determine the RA lifetime 
When the RA mode with StepCAS is used, let the CA decide which lifetime
the RA should get instead of requiring always 24h.

This commit also fixes linter warnings.

Related to #1094
 2024-03-12 14:29:55 -07:00
Herman Slatman
041b486c55
Remove usages of Sign without context 2024-02-27 14:16:21 +01:00
Herman Slatman
2a8b80a3e1
Merge branch 'master' into herman/webhook-request-id 2024-02-27 12:17:10 +01:00
Herman Slatman
e52836f0ab
Add RS1 support for ACME device-attest-01 2024-01-07 21:25:36 +01:00
Herman Slatman
c59d293d26
Add support for HTTP_PROXY and HTTPS_PROXY to ACME solver client 2024-01-03 15:09:24 +01:00
Mariano Cano
b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3 2023-12-12 16:36:48 -08:00
Herman Slatman
f453323ba9
Merge pull request #1631 from smallstep/herman/fix-apple-acmeclient-invalid-signatures 2023-12-01 09:48:37 +01:00
Herman Slatman
405aae798c
Simplify the copy logic used when patching JWS signature 2023-11-30 14:27:32 +01:00
Max
d34f0f6a97
Fix linter warnings (#1634) 2023-11-28 20:58:58 -08:00
Herman Slatman
26a3bb3c11
Make the Apple JWS fix more robust and catch more cases. 2023-11-29 02:30:28 +01:00
Herman Slatman
113491e7af
Remove TODO for patching other algorithms for Apple ACME client 2023-11-24 18:29:22 +01:00
Herman Slatman
06f4cbbcda
Add (temporary) fix for missing null bytes in Apple JWS signatures 
Apparently the Apple macOS (and iOS?) ACME client seems to omit
leading null bytes from JWS signatures. The base64-url encoded
bytes decode to a shorter byte slice than what the JOSE library
expects (e.g. 63 bytes instead of 64 bytes for ES256), and then
results in a `jose.ErrCryptoFailure`.

This commit retries verification of the JWS in case the first
verification fails with `jose.ErrCryptoFailure`. The signatures are
checked to be of the correct length, and if not, null bytes are
prepended to the signature. Then verification is retried, which
might fail again, but for other reasons. On success, the payload
is returned.

Apple should fix this in their ACME client, but in the meantime
this commit prevents some "bad request" error cases from happening.
 2023-11-24 18:21:01 +01:00
Dominic Evans
231b5d8406 chore(deps): upgrade github.com/go-chi/chi to v5 
Upgrade chi to the v5 module path to avoid deprecation warning about v4
and earlier on the old module path.

See https://github.com/go-chi/chi/blob/v4.1.3/go.mod#L1-L4

Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
 2023-09-20 11:26:32 +01:00
Herman Slatman
4ef093dc4b
Fix broken tests relying on Sign in mocks 2023-09-19 16:55:59 +02:00
Herman Slatman
9e3807eaa3
Use SignWithContext in the critical paths 2023-09-19 16:34:29 +02:00
Herman Slatman
4e06bdbc51
Add SignWithContext method to authority and mocks 2023-09-19 16:30:53 +02:00
Herman Slatman
f2993c4c3b
Use the legacy tpm2 package import 2023-09-19 12:11:46 +02:00
Max
116ff8ed65
bump go.mod to go1.20 and associated linter fixes (#1518) 2023-08-29 11:52:13 -07:00
Mariano Cano
d8eeebfd51
Fix error string in tests 
This commit fixes a test checking an error string from an external
dependency.
 2023-08-17 12:03:16 -07:00
Herman Slatman
c952e9fc9d
Use NewDetailedError instead 2023-08-04 11:24:22 +02:00
Herman Slatman
f3c24fe875
Change how multiple identifiers are printed in errors 2023-08-03 14:45:00 +02:00
Herman Slatman
a0cdad335d
Add test for WithAdditionalErrorDetail 2023-07-31 13:22:00 +02:00
Herman Slatman
9a52675865
Return descriptive error when using unsupported format 2023-07-31 12:29:07 +02:00
Herman Slatman
0d3338ff3a
Return consistent ACME error types for specific cases 2023-07-31 12:11:50 +02:00
Herman Slatman
df22b8a303
Cleanup some leftover TODOs 2023-07-31 11:59:26 +02:00
Herman Slatman
dd9bf1e915
Add error details for the step format 2023-07-28 16:59:34 +02:00
Herman Slatman
9cbbd1d575
Add error details to ACME tpm format validation errors 2023-07-28 16:28:47 +02:00
Herman Slatman
d5dd8feccd
Prevent internal errors from being returned to ACME clients 2023-07-28 14:39:35 +02:00
Herman Slatman
979e0f8f51
Add error details to select error cases for apple format 2023-07-28 14:25:17 +02:00
Herman Slatman
a5801b3c74
Fix TPM simulator initialization for tests 2023-07-10 13:07:58 +02:00
Max
7731edd816
Store and verify Acme account location (#1386) 
* Store and verify account location on acme requests

Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
Co-authored-by: Mariano Cano <mariano@smallstep.com>
 2023-06-06 23:37:51 -07:00
Herman Slatman
e71b62e95c
Merge branch 'master' into herman/update-crypto-v0.29.4 2023-05-10 22:28:35 +02:00
max furman
8b256f0351
address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Herman Slatman
0c2b00f6a1
Depend on our fork of go-attestation 2023-05-10 00:38:40 +02:00
Herman Slatman
d9aa2c110f
Increase test coverage for AK certificate properties 2023-04-06 14:35:48 +02:00
Herman Slatman
ed1a62206e
Add additional verification of AK certificate 2023-04-05 01:02:44 +02:00
Herman Slatman
1c38e252a6
Cast alg to a valid COSEAlgorithmIdentifier 2023-04-04 12:22:58 +02:00
Herman Slatman
e25acff13c
Simplify alg validity check 2023-04-03 22:32:26 +02:00
Herman Slatman
9cd4b362f7
Extract the ParseSubjectAlternativeNames function 2023-04-03 22:21:29 +02:00
Herman Slatman
b6957358fc
Fix PR remarks 
- Root CA error message improved
- Looping through intermediate certs
- Change checking unhandled extensions to using `if`
 2023-04-03 11:54:22 +02:00
Herman Slatman
09bd7705cd
Fix linting issues 2023-03-31 17:41:43 +02:00
Herman Slatman
f88ef6621f
Add PermanentIdentifier SAN parsing and tests 2023-03-31 17:39:18 +02:00