Commit Graph

350 Commits

Author SHA1 Message Date
Herman Slatman
c952e9fc9d
Use NewDetailedError instead 2023-08-04 11:24:22 +02:00
Herman Slatman
f3c24fe875
Change how multiple identifiers are printed in errors 2023-08-03 14:45:00 +02:00
Herman Slatman
a0cdad335d
Add test for WithAdditionalErrorDetail 2023-07-31 13:22:00 +02:00
Herman Slatman
9a52675865
Return descriptive error when using unsupported format 2023-07-31 12:29:07 +02:00
Herman Slatman
0d3338ff3a
Return consistent ACME error types for specific cases 2023-07-31 12:11:50 +02:00
Herman Slatman
df22b8a303
Cleanup some leftover TODOs 2023-07-31 11:59:26 +02:00
Herman Slatman
dd9bf1e915
Add error details for the step format 2023-07-28 16:59:34 +02:00
Herman Slatman
9cbbd1d575
Add error details to ACME tpm format validation errors 2023-07-28 16:28:47 +02:00
Herman Slatman
d5dd8feccd
Prevent internal errors from being returned to ACME clients 2023-07-28 14:39:35 +02:00
Herman Slatman
979e0f8f51
Add error details to select error cases for apple format 2023-07-28 14:25:17 +02:00
Herman Slatman
a5801b3c74
Fix TPM simulator initialization for tests 2023-07-10 13:07:58 +02:00
Max
7731edd816
Store and verify Acme account location (#1386)
* Store and verify account location on acme requests

Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
Co-authored-by: Mariano Cano <mariano@smallstep.com>
2023-06-06 23:37:51 -07:00
Herman Slatman
e71b62e95c
Merge branch 'master' into herman/update-crypto-v0.29.4 2023-05-10 22:28:35 +02:00
max furman
8b256f0351
address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Herman Slatman
0c2b00f6a1
Depend on our fork of go-attestation 2023-05-10 00:38:40 +02:00
Herman Slatman
d9aa2c110f
Increase test coverage for AK certificate properties 2023-04-06 14:35:48 +02:00
Herman Slatman
ed1a62206e
Add additional verification of AK certificate 2023-04-05 01:02:44 +02:00
Herman Slatman
1c38e252a6
Cast alg to a valid COSEAlgorithmIdentifier 2023-04-04 12:22:58 +02:00
Herman Slatman
e25acff13c
Simplify alg validity check 2023-04-03 22:32:26 +02:00
Herman Slatman
9cd4b362f7
Extract the ParseSubjectAlternativeNames function 2023-04-03 22:21:29 +02:00
Herman Slatman
b6957358fc
Fix PR remarks
- Root CA error message improved
- Looping through intermediate certs
- Change checking unhandled extensions to using `if`
2023-04-03 11:54:22 +02:00
Herman Slatman
09bd7705cd
Fix linting issues 2023-03-31 17:41:43 +02:00
Herman Slatman
f88ef6621f
Add PermanentIdentifier SAN parsing and tests 2023-03-31 17:39:18 +02:00
Herman Slatman
52023d6083
Add tests for doTPMAttestationFormat 2023-03-31 14:57:25 +02:00
Herman Slatman
ae30f6e96b
Add failing TPM simulator test 2023-03-30 13:02:04 +02:00
Herman Slatman
bf53b394a1
Add tpm format test with simulated TPM 2023-03-29 18:58:50 +02:00
Herman Slatman
094f0521e2
Remove check for PermanentIdentifier from tpm format validation 2023-03-24 12:55:42 +01:00
Herman Slatman
589a62df74
Make validation of tpm format stricter 2023-03-14 13:59:16 +01:00
Herman Slatman
213b31bc2c
Simplify processing logic for unhandled critical extension 2023-03-14 09:48:44 +01:00
Herman Slatman
e1c7e8f00b
Return the CSR public key fingerprint for tpm format 2023-03-13 23:30:39 +01:00
Herman Slatman
6297bace1a
Merge branch 'master' into herman/acme-da-tpm 2023-03-13 17:27:40 +01:00
Herman Slatman
69489480ab
Add more complete tpm format validation 2023-03-13 17:21:09 +01:00
Mariano Cano
5ff0dde819
Remove json tag in acme.Authorization fingerprint 2023-02-10 13:58:52 -08:00
Mariano Cano
6ba20209c2
Verify CSR key fingerprint with attestation certificate key
This commit makes sure that the attestation certificate key matches the
key used on the CSR on an ACME device attestation flow.
2023-02-09 16:48:43 -08:00
Herman Slatman
3a6fc5e0b4
Remove dependency on smallstep/assert in ACME challenge tests 2023-01-31 23:49:34 +01:00
Herman Slatman
0f1c509e4b
Remove debug utility 2023-01-31 23:48:53 +01:00
Herman Slatman
0f9128c873
Fix linting issue and order of test SUT 2023-01-27 15:43:57 +01:00
Herman Slatman
2ab9beb7ed
Add tests for deviceAttest01Validate 2023-01-27 15:36:48 +01:00
Herman Slatman
ed61c5df5f
Cleanup some leftover debug statements 2023-01-26 15:36:15 +01:00
Herman Slatman
60a9e41c1c
Remove Identifier from top level ACME Errors 2023-01-26 14:59:08 +01:00
Herman Slatman
edee01c80c
Refactor debug utility 2023-01-26 13:41:01 +01:00
Herman Slatman
1c38113e44
Add ACME Subproblem for more detailed ACME client-side errors
When validating an ACME challenge (`device-attest-01` in this case,
but it's also true for others), and validation fails, the CA didn't
return a lot of information about why the challenge had failed. By
introducing the ACME `Subproblem` type, an ACME `Error` can include
some additional information about what went wrong when validating
the challenge.

This is a WIP commit. The `Subproblem` isn't created in many code
paths yet, just for the `step` format at the moment. Will probably
follow up with some more improvements to how the ACME error is
handled. Also need to cleanup some debug things (q.Q)
2023-01-26 13:29:31 +01:00
Herman Slatman
f1724ea8c5
Merge branch 'master' into herman/acme-da-tpm 2023-01-23 22:52:56 +01:00
Herman Slatman
64d9ad7b38
Validate Subject Common Name for Orders with Permanent Identifier 2023-01-20 16:54:55 +01:00
Herman Slatman
817edcbba5
Remove charset=utf-8 from ACME certificate requests 2022-11-09 19:57:50 +01:00
Herman Slatman
4cf25ede24
Merge branch 'master' into herman/acme-da-tpm 2022-11-08 12:07:46 +01:00
Herman Slatman
3eae04928f
Add tests for ACME Meta object 2022-11-07 15:35:42 +01:00
Herman Slatman
02d679e160
Merge branch 'master' into herman/ignore-empty-acme-meta 2022-11-07 14:03:01 +01:00
Mariano Cano
e27c6c529b
Add support for custom acme ports
This change adds the flags --acme-http-port, --acme-tls-port, that
combined with --insecure can be used to set custom ports for ACME
http-01 and tls-alpn-01 challenges. These flags should only be used
for testing purposes.

Fixes #1015
2022-11-03 16:58:25 -07:00
Herman Slatman
b9f238ad4d
Add additional ACME meta properties to provisioner configuration 2022-10-24 22:37:57 +02:00