Herman Slatman
c952e9fc9d
Use `NewDetailedError` instead
11 months ago
Mariano Cano
30ce9e65f7
Write configuration only if encoding succeeds
...
This commit fixes a problem when the ca.json is truncated if the
encoding of the configuration fails. This can happen by adding a new
provisioner with bad template data.
Related to smallstep/cli#994
11 months ago
Herman Slatman
e2e9bf5494
Clarify some SCEP properties
11 months ago
Herman Slatman
70626b157d
Merge branch 'master' into herman/scep-provisioner-decrypter
11 months ago
Mariano Cano
47d820561f
Merge pull request #1500 from smallstep/upgrade-crypto
...
Fix adding certificate templates with ASN.1 functions
11 months ago
Mariano Cano
4667060df8
Upgrade golang.org/x/net
...
This commit fixes the vulnerability GO-2023-1988, improper rendering of
text nodes in golang.org/x/net/html.
More info: https://pkg.go.dev/vuln/GO-2023-1988
11 months ago
Mariano Cano
103b4e1cf1
Fix adding certificate templates with ASN.1 functions
...
This commit upgrades go.step.sm/crypto with a fix to validate the
templates that use custom functions.
11 months ago
Herman Slatman
4186b2c2d0
Change JSON marshaling for SCEP provisioners
...
Instead of the old method that redacted sensitive information
by overriding the value of the property and changing it back
to the original, the API now uses a model specifically meant
for API responses. This prevents potential race conditions.
This may be iterated on a bit so that we don't need to rely
on the [provisioner.Interface] interface, which requires the
API model to implement unnecessary methods.
11 months ago
Herman Slatman
d754000a68
Fix SCEP provisioner API test
11 months ago
Herman Slatman
c0a1837cd9
Verify full decrypter/signer configuration at usage time
...
When changing the SCEP configuration it is possible that one
or both of the decrypter configurations required are not available
or have been provided in a way that's not usable for actual SCEP
requests.
Instead of failing hard when provisioners are loaded,
which could result in the CA not starting properly, this type of
problematic configuration errors will now be handled at usage
time instead.
11 months ago
Herman Slatman
88ed900dc3
Rely on the latest linkedca
11 months ago
Herman Slatman
0f35bb1af5
Defer missing decrypter/signer configuration errors to SCEP authority
11 months ago
Herman Slatman
afdd8d3786
Upgrade `golang.org/x/net` to `v0.13.0`
11 months ago
Herman Slatman
f3c24fe875
Change how multiple identifiers are printed in errors
11 months ago
Herman Slatman
4496830859
Merge branch 'master' into herman/acme-attestation-errors
11 months ago
Herman Slatman
fc1fb51854
Improve SCEP authority initialization and reload
11 months ago
Herman Slatman
7163c4f95f
Add helper for getting the appropriate SCEP response signer
11 months ago
Herman Slatman
59b7419dcf
Rely on latest `linkedca` commit with `SCEPDecrypter` support
11 months ago
Herman Slatman
569a1be12c
Merge branch 'master' into herman/scep-provisioner-decrypter
11 months ago
github-actions[bot]
c07124e374
Merge pull request #1499 from smallstep/dependabot/go_modules/google.golang.org/api-0.134.0
...
Bump google.golang.org/api from 0.132.0 to 0.134.0
11 months ago
dependabot[bot]
74240092e9
Bump google.golang.org/api from 0.132.0 to 0.134.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.132.0 to 0.134.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.132.0...v0.134.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
11 months ago
github-actions[bot]
edd718d89e
Merge pull request #1498 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.57.0
...
Bump google.golang.org/grpc from 1.56.2 to 1.57.0
11 months ago
dependabot[bot]
a8b67cd9e6
Bump google.golang.org/grpc from 1.56.2 to 1.57.0
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.56.2 to 1.57.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.56.2...v1.57.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
11 months ago
Herman Slatman
a0cdad335d
Add test for `WithAdditionalErrorDetail`
11 months ago
Herman Slatman
9a52675865
Return descriptive error when using unsupported format
11 months ago
Herman Slatman
0d3338ff3a
Return consistent ACME error types for specific cases
11 months ago
Herman Slatman
df22b8a303
Cleanup some leftover TODOs
11 months ago
Mariano Cano
d8a9c69eaa
Merge pull request #1484 from smallstep/fix-620
...
Add support for the disableSmallstepExtensions claim
11 months ago
Herman Slatman
dd9bf1e915
Add error details for the `step` format
11 months ago
Herman Slatman
9cbbd1d575
Add error details to ACME `tpm` format validation errors
11 months ago
Herman Slatman
d5dd8feccd
Prevent internal errors from being returned to ACME clients
11 months ago
Herman Slatman
979e0f8f51
Add error details to select error cases for `apple` format
11 months ago
Mariano Cano
d0fd9ebe42
Update Makefile preparing for a new release
11 months ago
Mariano Cano
cce7d9e839
Address comments from code review
11 months ago
Mariano Cano
c7c7decd5e
Add support for the disableSmallstepExtensions claim
...
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.
Fixes #620
11 months ago
Mariano Cano
d7efceadb1
Merge pull request #1493 from smallstep/steppath
...
Remove automatic initialization of the STEPPATH
11 months ago
Mariano Cano
7429008599
Use tagged versions of crypto and cli-utils
11 months ago
Herman Slatman
1ce80cf740
Merge branch 'master' into herman/scep-provisioner-decrypter
11 months ago
Herman Slatman
567fc25404
Use the RSA decryption configuration for signing responses too
11 months ago
Mariano Cano
7061147885
Use step.Abs to load the certificate templates
...
step.Abs has been removed from crypto and they need to be set when those
methods are used
11 months ago
Mariano Cano
40a2f53589
Remove automatic initialization of the STEPPATH
...
This commit upgrades cli-utils and crypto packages that remove the
automatic initialization of the STEPPATH.
11 months ago
Herman Slatman
557672bb4b
Add some notes for SCEP provisioners
11 months ago
Mariano Cano
95887ebf40
Merge pull request #1481 from smallstep/remove-user-regex
...
Remove OIDC user regexp check
11 months ago
Josh Drake
a1350b14fb
Merge pull request #1489 from smallstep/josh/authorization-principal-in-webhook
...
Include authorization principal in provisioner webhooks.
11 months ago
Mariano Cano
c9df65ebae
Merge pull request #1490 from smallstep/dry-run-migration
...
Add option to dry-run the migration
11 months ago
Mariano Cano
d9d7c52997
Add option to dry-run the migration
...
This commit adds an option that runs the migration on a virtual database
that doesn't do anything. This option can be used to see how many rows
there are.
11 months ago
Josh Drake
ff424fa944
Fix tests.
11 months ago
github-actions[bot]
7282245e88
Merge pull request #1488 from smallstep/dependabot/go_modules/go.step.sm/linkedca-0.20.0
...
Bump go.step.sm/linkedca from 0.19.1 to 0.20.0
11 months ago
github-actions[bot]
9a7582d1d3
Merge pull request #1487 from smallstep/dependabot/go_modules/google.golang.org/api-0.132.0
...
Bump google.golang.org/api from 0.131.0 to 0.132.0
11 months ago
dependabot[bot]
7796ad8f90
Bump go.step.sm/linkedca from 0.19.1 to 0.20.0
...
Bumps [go.step.sm/linkedca](https://github.com/smallstep/linkedca ) from 0.19.1 to 0.20.0.
- [Release notes](https://github.com/smallstep/linkedca/releases )
- [Commits](https://github.com/smallstep/linkedca/compare/v0.19.1...v0.20.0 )
---
updated-dependencies:
- dependency-name: go.step.sm/linkedca
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
11 months ago