Herman Slatman
cf8a50157f
Add a basic e2e test for `X-Request-Id` reflection
8 months ago
Herman Slatman
041b486c55
Remove usages of `Sign` without context
8 months ago
Herman Slatman
2a8b80a3e1
Merge branch 'master' into herman/webhook-request-id
8 months ago
Herman Slatman
c76dad8a22
Improve tests for CRL HTTP handler
8 months ago
Herman Slatman
d1deb7f930
Add `Expires` header to CRL response
8 months ago
Mariano Cano
b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3
10 months ago
Mariano Cano
52baf52f84
Change scep password type to string
...
This commit changes the type of the decrypter key password to string to
be consistent with other passwords in the ca.json
1 year ago
Mariano Cano
33bdae4a34
Fix redacted tests
1 year ago
Herman Slatman
ffe079f31b
Merge branch 'master' into herman/scep-provisioner-decrypter
1 year ago
Herman Slatman
5fd70af2c8
Make API responses aware of the new SCEP decrypter properties
1 year ago
Dominic Evans
231b5d8406
chore(deps): upgrade github.com/go-chi/chi to v5
...
Upgrade chi to the v5 module path to avoid deprecation warning about v4
and earlier on the old module path.
See https://github.com/go-chi/chi/blob/v4.1.3/go.mod#L1-L4
Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
1 year ago
Herman Slatman
4e06bdbc51
Add `SignWithContext` method to authority and mocks
1 year ago
Herman Slatman
d9f56cdbdc
Merge branch 'master' into herman/scep-provisioner-decrypter
1 year ago
Max
116ff8ed65
bump go.mod to go1.20 and associated linter fixes ( #1518 )
1 year ago
Herman Slatman
4186b2c2d0
Change JSON marshaling for SCEP provisioners
...
Instead of the old method that redacted sensitive information
by overriding the value of the property and changing it back
to the original, the API now uses a model specifically meant
for API responses. This prevents potential race conditions.
This may be iterated on a bit so that we don't need to rely
on the [provisioner.Interface] interface, which requires the
API model to implement unnecessary methods.
1 year ago
Herman Slatman
d754000a68
Fix SCEP provisioner API test
1 year ago
Herman Slatman
f17bfdf57d
Reformat the SSH certificate logging output for read- and parsability
1 year ago
Herman Slatman
81140f859c
Fix `valid-from` and `valid-to` times
1 year ago
Herman Slatman
39e658b527
Add test for `LogSSHCertificate`
1 year ago
Herman Slatman
c365d8580e
Move provisioner marshaling logic to api package
2 years ago
Mariano Cano
c7f226bcec
Add support for renew when using stepcas
...
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.
The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.
Fixes #1021 for stepcas
2 years ago
Raal Goff
d2483f3a70
Merge branch 'master' into crl-support
...
# Conflicts:
# authority/config/config.go
2 years ago
Mariano Cano
23b8f45b37
Address gosec warnings
...
Most if not all false positives
2 years ago
Raal Goff
9fa5f46213
add minor doco, Test_CRLGeneration(), fix some issues from merge
2 years ago
Raal Goff
60671b07d7
Merge branch 'master' into crl-support
...
# Conflicts:
# api/api.go
# authority/config/config.go
# cas/softcas/softcas.go
# db/db.go
2 years ago
Mariano Cano
43ddcf2efe
Do not use deprecated AuthorizeSign
2 years ago
Mariano Cano
817af3d696
Fix unit tests on the api package
3 years ago
Raal Goff
49c41636cc
implemented some requested changes
3 years ago
Andrew Reed
d5d70baba7
Add /roots.pem handler ( #866 )
...
* Add /roots.pem handler
* Review changes
* Remove no peer cert test case
3 years ago
Panagiotis Siatras
29092b9d8a
api: refactored to use the read package
3 years ago
Mariano Cano
616490a9c6
Refactor renew after expiry token authorization
...
This changes adds a new authority method that authorizes the
renew after expiry tokens.
3 years ago
Mariano Cano
afb5d36206
Allow to renew certificates using an x5c-like token.
3 years ago
Herman Slatman
5fe9909174
Refactor AdminAuthority interface
3 years ago
Herman Slatman
2215a05c28
Add tests for ACME EAB Admin
...
Refactored some of the existing bits for testing the Authority
API by creation of a new LinkedAuthority interface and changing
visibility of the MockAuthority to be usable by other packages.
At this time, not all of the functions of MockAuthority it usable
yet. Will refactor when needed or requested.
3 years ago
Mariano Cano
8c8db0d4b7
Modify errs.BadRequestErr() to always return an error to the client.
3 years ago
Mariano Cano
8ce807a6cb
Modify errs.BadRequest() calls to always send an error to the client.
3 years ago
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
3 years ago
max furman
933b40a02a
Introduce gocritic linter and address warnings
3 years ago
max furman
9fdef64709
Admin level API for provisioner mgmt v1
3 years ago
Mariano Cano
c1c986922b
Show Ed25519 in the public-key log field.
4 years ago
max furman
f88f58440f
add //nolint for new 1.16 deprecation warnings
...
- dsa
- pem.DecryptPEMBlock
4 years ago
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
4 years ago
Mariano Cano
4943ae58d8
Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates.
4 years ago
Mariano Cano
e83e47a91e
Use sshutil and randutil from go.step.sm/crypto.
4 years ago
Mariano Cano
6c64fb3ed2
Rename provisioner options structs:
...
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
4 years ago
max furman
fd05f3249b
A few last fixes and tests added for rekey/renew ...
...
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
4 years ago
dharanikumar-s
dfda497929
Renamed RenewOrRekey to Rekey
4 years ago
dharanikumar-s
a3b5211e0f
gofmted the code
4 years ago
dharanikumar-s
954fda657b
Added renewOrRekey to mockAuthority. Added Test_caHandler_Rekey
4 years ago
Mariano Cano
fa416336a8
Add context to tests.
5 years ago