Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-15 18:12:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,790 Commits 39 Branches 223 Tags 44 MiB
c0a1837cd9
Commit Graph

72 Commits

Author SHA1 Message Date
Herman Slatman
c0a1837cd9
Verify full decrypter/signer configuration at usage time 
When changing the SCEP configuration it is possible that one
or both of the decrypter configurations required are not available
or have been provided in a way that's not usable for actual SCEP
requests.

Instead of failing hard when provisioners are loaded,
which could result in the CA not starting properly, this type of
problematic configuration errors will now be handled at usage
time instead.
 2023-08-03 16:09:51 +02:00
Herman Slatman
0f35bb1af5
Defer missing decrypter/signer configuration errors to SCEP authority 2023-08-03 15:34:20 +02:00
Herman Slatman
fc1fb51854
Improve SCEP authority initialization and reload 2023-08-02 18:35:38 +02:00
Herman Slatman
7163c4f95f
Add helper for getting the appropriate SCEP response signer 2023-08-02 16:01:58 +02:00
Herman Slatman
567fc25404
Use the RSA decryption configuration for signing responses too 2023-07-27 00:55:39 +02:00
Herman Slatman
557672bb4b
Add some notes for SCEP provisioners 2023-07-26 19:11:51 +02:00
Herman Slatman
b2bf2c330b
Simplify SCEP provisioner context handling 2023-06-01 16:22:00 +02:00
Herman Slatman
8fc3a46387
Refactor the SCEP authority initialization 
Instead of relying on an intermediate `scep.Service` struct,
initialize the `scep.Authority` directly. This removes one redundant
layer of indirection.
 2023-06-01 15:50:51 +02:00
Herman Slatman
6985b4be62
Clean up the SCEP authority and provisioner 2023-06-01 14:43:32 +02:00
Herman Slatman
180162bd6a
Refactor SCEP provisioner and decrypter 2023-06-01 12:10:54 +02:00
Herman Slatman
0377fe559b
Add basic version of provisioner specific SCEP decrypter 2023-05-26 23:52:49 +02:00
max furman
8b256f0351
address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Herman Slatman
e8c1e8719d
Refactor SCEP webhook validation 2023-05-01 22:09:42 +02:00
Herman Slatman
668ff9b515
Cleanup some comments and tests 2023-05-01 11:55:05 +02:00
Herman Slatman
5f0f0f4bcc
Add SCEP webhook validation tests 2023-05-01 11:14:50 +02:00
Herman Slatman
ad4d8e6c68
Add SCEPCHALLENGE as valid webhook type in admin API 2023-04-29 01:40:03 +02:00
Herman Slatman
419478d1e5
Make SCEP webhook validation look better 2023-04-29 01:15:39 +02:00
Herman Slatman
27cdcaf5ee
Integrate the SCEP webhook with the existing webhook logic 2023-04-28 17:15:05 +02:00
Herman Slatman
05f7ab979f
Create basic webhook for SCEP challenge validation 2023-04-28 15:47:22 +02:00
Andrew Reed
7101fbb0ee
Provisioner webhooks (#1001) 2022-09-29 19:16:26 -05:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
400b1ece0b Remove scep handler after merge. 2022-05-12 17:39:36 -07:00
Mariano Cano
898ca41268 Merge branch 'master' into context-authority 2022-05-12 17:14:46 -07:00
Herman Slatman
688ae837a4
Add some tests for SCEP request decoding 2022-05-07 00:26:18 +02:00
Mariano Cano
d51c6b7d83 Make step handler backward compatible 2022-05-04 19:20:34 -07:00
Mariano Cano
9147356d8a Fix linter errors 2022-05-02 18:47:47 -07:00
Herman Slatman
13173ec8a2
Fix SCEP GET requests 2022-05-01 22:29:17 +02:00
Mariano Cano
42435ace64 Use scep authority from context 
This commit also converts all the methods from the handler to
functions.
 2022-04-27 18:06:53 -07:00
Mariano Cano
688f9ceb56 Add scep authority to context. 2022-04-27 18:02:37 -07:00
Panagiotis Siatras
e27124b037
scep: remove Interface and the dependency to pkg/errors (#872) 
* scep: documented the package

* scep/api: removed some top level constants

* scep: removed dependency to pkg/errors

* scep/api: documented the package
 2022-03-24 17:08:23 +02:00
Panagiotis Siatras
b98f86a515
scep: minor cleanup (#867) 
* api, scep: removed scep.Error

* scep/api: replaced nextHTTP with http.HandlerFunc

* scep/api: renamed writeSCEPResponse to writeResponse

* scep/api: renamed decodeSCEPRequest to decodeRequest

* scep/api: renamed writeError to fail

* scep/api: replaced pkg/errors with errors

* scep/api: formatted imports

* scep/api: do not export SCEPRequest & SCEPResponse

* scep/api: do not export Handler

* api: flush errors better
 2022-03-24 14:58:50 +02:00
Panagiotis Siatras
80abda22ee
api/log: initial implementation of the package (#859) 
* api/log: initial implementation of the package

* api: refactored to support api/log

* scep/api: refactored to support api/log

* api/log: documented the package

* api: moved log-related tests to api/log
 2022-03-22 14:31:18 +02:00
Herman Slatman
15477f6d7b
Make custom SCEP CA paths automagic 2022-03-15 23:28:56 +01:00
Herman Slatman
a3cda9c3d7
Add configuration for custom path segment 
To support SCEP clients that expect a specific path segment in
a SCEP URL, a new "customPath" option was added to the SCEP
provisioner configuration. The configuration can be used to set
a specific path (segment) that the SCEP provisioner will respond to.
 2022-03-07 13:24:26 +01:00
Herman Slatman
5f42ae0bce
Remove unused function LoadProvisionerByID from SCEP 2022-01-27 21:06:55 +01:00
Herman Slatman
3b72d241e0
Add LinkedCA integration for improved SCEP provisioner 2022-01-21 16:07:50 +01:00
Herman Slatman
64680bb16d
Fix PR comments 2022-01-19 11:31:33 +01:00
Herman Slatman
3612eefc31
Cleanup 2022-01-18 15:54:18 +01:00
Herman Slatman
9c6580ccd2
Fix macOS SCEP client issues 
Fixes #746
 2022-01-14 10:48:23 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Herman Slatman
54610e890b
Improve error logging 2021-05-07 00:23:09 +02:00
Herman Slatman
c3d9cef497
Update to v2.0.0 of github.com/micromdm/scep 2021-03-26 22:04:18 +01:00
Herman Slatman
9bda3c465a
Add more template data 2021-03-26 16:11:35 +01:00
Herman Slatman
b815478981
Make serving SCEP endpoints optional 
Only when a SCEP provisioner is enabled, the SCEP endpoints
will now be available.

The SCEP endpoints will be served on an "insecure" server,
without TLS, only when an additional "insecureAddress" and a
SCEP provisioner are configured for the CA.
 2021-03-26 16:05:33 +01:00
Herman Slatman
69d701062a
Fix typo 2021-03-26 15:24:27 +01:00
Herman Slatman
65aab963c9
Add validation to SCEP Options 2021-03-26 15:22:04 +01:00
Herman Slatman
b97f024f8a
Remove superfluous call to StoreCertificate 2021-03-26 14:02:52 +01:00
Herman Slatman
583d60dc0d
Address (most) PR comments 2021-03-21 16:42:41 +01:00
Herman Slatman
a4844fee7b
Make tests green 2021-03-12 16:58:52 +01:00