smallstep-certificates

mirror of https://github.com/smallstep/certificates.git synced 2024-11-19 09:25:37 +00:00

Author	SHA1	Message	Date
beltram	7c9f8020d5	fix: add URI prefix to handle	2024-01-08 21:04:23 +01:00
beltram	680b6ea08f	adapt google demo for wire's special handle format "{firstname}_wire"	2024-01-08 21:03:54 +01:00
beltram	a97991aa83	infer domain from google email address	2024-01-08 21:01:50 +01:00
beltram	49ad2d9967	fix google id token matching in oidc challenge	2024-01-08 21:01:30 +01:00
beltram	a49966f4c9	try using google oidc for demo purpose	2024-01-08 20:59:09 +01:00
beltram	b6ec4422b4	feat: adapt to dex and pass the 'keyauth' in payload instead of in id_token. Also have a different mapping for id_token claims name	2024-01-08 20:54:54 +01:00
beltram	b3dd169190	cleanup my mess	2024-01-08 20:52:32 +01:00
beltram	ca01c74333	avoid manipulating the key PEM format and take a plain PEM key as input	2024-01-08 20:42:52 +01:00
beltram	74ddad69dc	fix: challenge is '.token' and not '.id'	2024-01-08 20:39:27 +01:00
beltram	83f6be1f58	print oidc options	2024-01-08 20:38:26 +01:00
beltram	1fe61bee7b	better observability	2024-01-08 20:36:37 +01:00
Stefan Berthold	e6dd211637	acquire DPoP signing key from provisioner	2024-01-08 20:34:58 +01:00
beltram	227e932624	use json struct for challenge request payload otherwise it's a hell to craft from client side	2024-01-08 20:33:46 +01:00
Stefan Berthold	5ca744567c	simplify OIDC verification	2024-01-08 20:32:44 +01:00
Stefan Berthold	da1e64aa53	update wire challenges' status on happy end	2024-01-08 20:28:37 +01:00
Stefan Berthold	8e0e35532c	Add Wire authz and challenges (OIDC+DPOP)	2024-01-08 20:27:16 +01:00
Herman Slatman	e52836f0ab	Add `RS1` support for ACME `device-attest-01`	2024-01-07 21:25:36 +01:00
Herman Slatman	f2993c4c3b	Use the legacy `tpm2` package import	2023-09-19 12:11:46 +02:00
Herman Slatman	c952e9fc9d	Use `NewDetailedError` instead	2023-08-04 11:24:22 +02:00
Herman Slatman	f3c24fe875	Change how multiple identifiers are printed in errors	2023-08-03 14:45:00 +02:00
Herman Slatman	9a52675865	Return descriptive error when using unsupported format	2023-07-31 12:29:07 +02:00
Herman Slatman	0d3338ff3a	Return consistent ACME error types for specific cases	2023-07-31 12:11:50 +02:00
Herman Slatman	df22b8a303	Cleanup some leftover TODOs	2023-07-31 11:59:26 +02:00
Herman Slatman	dd9bf1e915	Add error details for the `step` format	2023-07-28 16:59:34 +02:00
Herman Slatman	9cbbd1d575	Add error details to ACME `tpm` format validation errors	2023-07-28 16:28:47 +02:00
Herman Slatman	979e0f8f51	Add error details to select error cases for `apple` format	2023-07-28 14:25:17 +02:00
Herman Slatman	e71b62e95c	Merge branch 'master' into herman/update-crypto-v0.29.4	2023-05-10 22:28:35 +02:00
max furman	8b256f0351	address linter warning for go 1.19	2023-05-09 23:47:28 -07:00
Herman Slatman	0c2b00f6a1	Depend on our fork of `go-attestation`	2023-05-10 00:38:40 +02:00
Herman Slatman	d9aa2c110f	Increase test coverage for AK certificate properties	2023-04-06 14:35:48 +02:00
Herman Slatman	ed1a62206e	Add additional verification of AK certificate	2023-04-05 01:02:44 +02:00
Herman Slatman	1c38e252a6	Cast `alg` to a valid `COSEAlgorithmIdentifier`	2023-04-04 12:22:58 +02:00
Herman Slatman	e25acff13c	Simplify `alg` validity check	2023-04-03 22:32:26 +02:00
Herman Slatman	9cd4b362f7	Extract the `ParseSubjectAlternativeNames` function	2023-04-03 22:21:29 +02:00
Herman Slatman	b6957358fc	Fix PR remarks - Root CA error message improved - Looping through intermediate certs - Change checking unhandled extensions to using `if`	2023-04-03 11:54:22 +02:00
Herman Slatman	09bd7705cd	Fix linting issues	2023-03-31 17:41:43 +02:00
Herman Slatman	f88ef6621f	Add `PermanentIdentifier` SAN parsing and tests	2023-03-31 17:39:18 +02:00
Herman Slatman	52023d6083	Add tests for `doTPMAttestationFormat`	2023-03-31 14:57:25 +02:00
Herman Slatman	ae30f6e96b	Add failing TPM simulator test	2023-03-30 13:02:04 +02:00
Herman Slatman	094f0521e2	Remove check for `PermanentIdentifier` from `tpm` format validation	2023-03-24 12:55:42 +01:00
Herman Slatman	589a62df74	Make validation of `tpm` format stricter	2023-03-14 13:59:16 +01:00
Herman Slatman	213b31bc2c	Simplify processing logic for unhandled critical extension	2023-03-14 09:48:44 +01:00
Herman Slatman	e1c7e8f00b	Return the CSR public key fingerprint for `tpm` format	2023-03-13 23:30:39 +01:00
Herman Slatman	6297bace1a	Merge branch 'master' into herman/acme-da-tpm	2023-03-13 17:27:40 +01:00
Herman Slatman	69489480ab	Add more complete `tpm` format validation	2023-03-13 17:21:09 +01:00
Mariano Cano	6ba20209c2	Verify CSR key fingerprint with attestation certificate key This commit makes sure that the attestation certificate key matches the key used on the CSR on an ACME device attestation flow.	2023-02-09 16:48:43 -08:00
Herman Slatman	0f9128c873	Fix linting issue and order of test SUT	2023-01-27 15:43:57 +01:00
Herman Slatman	2ab9beb7ed	Add tests for `deviceAttest01Validate`	2023-01-27 15:36:48 +01:00
Herman Slatman	ed61c5df5f	Cleanup some leftover debug statements	2023-01-26 15:36:15 +01:00
Herman Slatman	edee01c80c	Refactor debug utility	2023-01-26 13:41:01 +01:00

1 2 3

117 Commits