Commit Graph

42 Commits

Author SHA1 Message Date
max furman
8b256f0351
address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
1e03bbb1af Change types in the ACMEAdminResponder 2022-05-06 14:11:10 -07:00
Mariano Cano
d461918eb0 Merge branch 'master' into context-authority 2022-05-06 13:21:41 -07:00
Herman Slatman
60d8b22d89
Change context retrievers to MustTFromContext 2022-05-05 11:05:57 +02:00
Herman Slatman
d82e51b748
Update AllowWildcardNames configuration name 2022-04-29 15:08:19 +02:00
Mariano Cano
00f181dec3 Use contexts in admin api handlers 2022-04-27 11:59:32 -07:00
Herman Slatman
2a7620641f
Fix more PR comments 2022-04-26 10:15:17 +02:00
Herman Slatman
b72430f4ea
Block all APIs when using linked deployment mode 2022-04-21 16:18:55 +02:00
Herman Slatman
fb81407d6f
Fix ACME policy comments 2022-04-21 13:21:06 +02:00
Herman Slatman
256fe113f7
Improve tests for ACME account policy 2022-04-11 15:25:55 +02:00
Herman Slatman
571b21abbc
Fix (most) PR comments 2022-03-31 16:12:29 +02:00
Herman Slatman
bfa4d809fd
Improve middleware test coverage 2022-03-30 18:21:25 +02:00
Herman Slatman
2fbdf7d5b0
Merge branch 'master' into herman/allow-deny 2022-03-30 14:50:14 +02:00
Herman Slatman
0e052fe299
Add authority policy API 2022-03-30 14:21:39 +02:00
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages (#860)
* api/render: initial implementation of the package

* acme/api: refactored to support api/render

* authority/admin: refactored to support api/render

* ca: refactored to support api/render

* api: refactored to support api/render

* api/render: implemented Error

* api: refactored to support api/render.Error

* acme/api: refactored to support api/render.Error

* authority/admin: refactored to support api/render.Error

* ca: refactored to support api/render.Error

* ca: fixed broken tests

* api/render, api/log: moved error logging to this package

* acme: refactored Error so that it implements render.RenderableError

* authority/admin: refactored Error so that it implements render.RenderableError

* api/render: implemented RenderableError

* api/render: added test coverage for Error

* api/render: implemented statusCodeFromError

* api: refactored RootsPEM to work with render.Error

* acme, authority/admin: fixed pointer receiver name for consistency

* api/render, errs: moved StatusCoder & StackTracer to the render package
2022-03-30 11:22:22 +03:00
Herman Slatman
b49307f326
Fix ACME order tests with mock ACME CA 2022-03-24 18:34:04 +01:00
Herman Slatman
101ca6a2d3
Check admin subjects before changing policy 2022-03-21 15:53:59 +01:00
Herman Slatman
5b713a564c
Change CM link 2022-02-10 12:55:47 +01:00
Herman Slatman
d00729df0b
Refactor ACME Admin API 2022-02-08 13:26:30 +01:00
Herman Slatman
fd9845e9c7
Add cursor and limit to ACME EAB DB interface 2022-01-24 14:03:56 +01:00
Herman Slatman
ef16febf40
Refactor ACME EAB queries
The ACME EAB keys are now also indexed by the provisioner. This
solves part of the issue in which too many EAB keys may be in
memory at a given time.
2022-01-07 16:59:55 +01:00
Herman Slatman
30859d3c83
Remove server-side paging logic for ExternalAccountKeys 2022-01-06 14:09:35 +01:00
Herman Slatman
5fe9909174
Refactor AdminAuthority interface 2021-12-22 15:30:40 +01:00
Herman Slatman
f9ae875f9d
Use short if-style statements 2021-12-20 14:30:01 +01:00
Herman Slatman
63371a8fb6
Add additional tests for ACME EAB Admin 2021-12-09 13:46:47 +01:00
Herman Slatman
2215a05c28
Add tests for ACME EAB Admin
Refactored some of the existing bits for testing the Authority
API by creation of a new LinkedAuthority interface and changing
visibility of the MockAuthority to be usable by other packages.

At this time, not all of the functions of MockAuthority it usable
yet. Will refactor when needed or requested.
2021-12-08 15:19:38 +01:00
Herman Slatman
4d726d6b4c
Add pagination to ACME EAB credentials endpoint 2021-10-17 22:42:36 +02:00
Herman Slatman
bc5f0e429b
Fix gocritic remark 2021-10-17 12:53:02 +02:00
Herman Slatman
d354d55e7f
Improve handling duplicate ACME EAB references 2021-10-16 14:44:56 +02:00
Herman Slatman
dd4b4b0435
Fix remaining gocritic remarks 2021-10-11 23:34:23 +02:00
Herman Slatman
c26041f835
Add ACME EAB nosql tests 2021-10-09 01:02:00 +02:00
Herman Slatman
f34d68897a
Refactor retrieval of provisioner into middleware 2021-10-08 14:29:44 +02:00
Herman Slatman
c2bc1351c6
Add provisioner to remove endpoint and clear reference index on delete 2021-09-17 17:48:09 +02:00
Herman Slatman
746c5c9fd9
Disallow creation of EAB keys with non-unique references 2021-09-17 17:25:19 +02:00
Herman Slatman
9c0020352b
Add lookup by reference and make reference optional 2021-09-17 17:08:02 +02:00
Herman Slatman
02cd3b6b3b
Fix PR comments 2021-09-16 23:09:24 +02:00
Herman Slatman
f11c0cdc0c
Add endpoint for listing ACME EAB keys 2021-08-27 16:58:04 +02:00
Herman Slatman
9d09f5e575
Add support for deleting ACME EAB keys 2021-08-27 14:10:00 +02:00
Herman Slatman
1dba8698e3
Use LinkedCA.EABKey type in ACME EAB API 2021-08-27 12:39:37 +02:00
Herman Slatman
492256f2d7
Add first test cases for EAB and make provisioner unique per EAB
Before this commit, EAB keys could be used CA-wide, meaning that
an EAB credential could be used at any ACME provisioner. This
commit changes that behavior, so that EAB credentials are now
intended to be used with a specific ACME provisioner. I think
that makes sense, because from the perspective of an ACME client
the provisioner is like a distinct CA.

Besides that this commit also includes the first tests for EAB.
The logic for creating the EAB JWS as a client has been taken
from github.com/mholt/acmez. This logic may be moved or otherwise
sourced (i.e. from a vendor) as soon as the step client also
(needs to) support(s) EAB with ACME.
2021-08-09 10:37:32 +02:00
Herman Slatman
7dad7038c3
Fix missing ACME EAB API endpoints 2021-07-23 15:41:24 +02:00