smallstep-certificates

mirror of https://github.com/smallstep/certificates.git synced 2024-10-31 03:20:16 +00:00

Author	SHA1	Message	Date
Herman Slatman	e52836f0ab	Add `RS1` support for ACME `device-attest-01`	2024-01-07 21:25:36 +01:00
Herman Slatman	f2993c4c3b	Use the legacy `tpm2` package import	2023-09-19 12:11:46 +02:00
Herman Slatman	c952e9fc9d	Use `NewDetailedError` instead	2023-08-04 11:24:22 +02:00
Herman Slatman	f3c24fe875	Change how multiple identifiers are printed in errors	2023-08-03 14:45:00 +02:00
Herman Slatman	9a52675865	Return descriptive error when using unsupported format	2023-07-31 12:29:07 +02:00
Herman Slatman	0d3338ff3a	Return consistent ACME error types for specific cases	2023-07-31 12:11:50 +02:00
Herman Slatman	df22b8a303	Cleanup some leftover TODOs	2023-07-31 11:59:26 +02:00
Herman Slatman	dd9bf1e915	Add error details for the `step` format	2023-07-28 16:59:34 +02:00
Herman Slatman	9cbbd1d575	Add error details to ACME `tpm` format validation errors	2023-07-28 16:28:47 +02:00
Herman Slatman	979e0f8f51	Add error details to select error cases for `apple` format	2023-07-28 14:25:17 +02:00
Herman Slatman	e71b62e95c	Merge branch 'master' into herman/update-crypto-v0.29.4	2023-05-10 22:28:35 +02:00
max furman	8b256f0351	address linter warning for go 1.19	2023-05-09 23:47:28 -07:00
Herman Slatman	0c2b00f6a1	Depend on our fork of `go-attestation`	2023-05-10 00:38:40 +02:00
Herman Slatman	d9aa2c110f	Increase test coverage for AK certificate properties	2023-04-06 14:35:48 +02:00
Herman Slatman	ed1a62206e	Add additional verification of AK certificate	2023-04-05 01:02:44 +02:00
Herman Slatman	1c38e252a6	Cast `alg` to a valid `COSEAlgorithmIdentifier`	2023-04-04 12:22:58 +02:00
Herman Slatman	e25acff13c	Simplify `alg` validity check	2023-04-03 22:32:26 +02:00
Herman Slatman	9cd4b362f7	Extract the `ParseSubjectAlternativeNames` function	2023-04-03 22:21:29 +02:00
Herman Slatman	b6957358fc	Fix PR remarks - Root CA error message improved - Looping through intermediate certs - Change checking unhandled extensions to using `if`	2023-04-03 11:54:22 +02:00
Herman Slatman	09bd7705cd	Fix linting issues	2023-03-31 17:41:43 +02:00
Herman Slatman	f88ef6621f	Add `PermanentIdentifier` SAN parsing and tests	2023-03-31 17:39:18 +02:00
Herman Slatman	52023d6083	Add tests for `doTPMAttestationFormat`	2023-03-31 14:57:25 +02:00
Herman Slatman	ae30f6e96b	Add failing TPM simulator test	2023-03-30 13:02:04 +02:00
Herman Slatman	094f0521e2	Remove check for `PermanentIdentifier` from `tpm` format validation	2023-03-24 12:55:42 +01:00
Herman Slatman	589a62df74	Make validation of `tpm` format stricter	2023-03-14 13:59:16 +01:00
Herman Slatman	213b31bc2c	Simplify processing logic for unhandled critical extension	2023-03-14 09:48:44 +01:00
Herman Slatman	e1c7e8f00b	Return the CSR public key fingerprint for `tpm` format	2023-03-13 23:30:39 +01:00
Herman Slatman	6297bace1a	Merge branch 'master' into herman/acme-da-tpm	2023-03-13 17:27:40 +01:00
Herman Slatman	69489480ab	Add more complete `tpm` format validation	2023-03-13 17:21:09 +01:00
Mariano Cano	6ba20209c2	Verify CSR key fingerprint with attestation certificate key This commit makes sure that the attestation certificate key matches the key used on the CSR on an ACME device attestation flow.	2023-02-09 16:48:43 -08:00
Herman Slatman	0f9128c873	Fix linting issue and order of test SUT	2023-01-27 15:43:57 +01:00
Herman Slatman	2ab9beb7ed	Add tests for `deviceAttest01Validate`	2023-01-27 15:36:48 +01:00
Herman Slatman	ed61c5df5f	Cleanup some leftover debug statements	2023-01-26 15:36:15 +01:00
Herman Slatman	edee01c80c	Refactor debug utility	2023-01-26 13:41:01 +01:00
Herman Slatman	1c38113e44	Add ACME `Subproblem` for more detailed ACME client-side errors When validating an ACME challenge (`device-attest-01` in this case, but it's also true for others), and validation fails, the CA didn't return a lot of information about why the challenge had failed. By introducing the ACME `Subproblem` type, an ACME `Error` can include some additional information about what went wrong when validating the challenge. This is a WIP commit. The `Subproblem` isn't created in many code paths yet, just for the `step` format at the moment. Will probably follow up with some more improvements to how the ACME error is handled. Also need to cleanup some debug things (q.Q)	2023-01-26 13:29:31 +01:00
Herman Slatman	4cf25ede24	Merge branch 'master' into herman/acme-da-tpm	2022-11-08 12:07:46 +01:00
Mariano Cano	e27c6c529b	Add support for custom acme ports This change adds the flags --acme-http-port, --acme-tls-port, that combined with --insecure can be used to set custom ports for ACME http-01 and tls-alpn-01 challenges. These flags should only be used for testing purposes. Fixes #1015	2022-11-03 16:58:25 -07:00
Mariano Cano	21666ba887	Revert "Set timestamp when marking an acme challenge invalid" This reverts commit `5f130895f3`.	2022-10-03 12:56:23 -07:00
Mariano Cano	5f130895f3	Set timestamp when marking an acme challenge invalid	2022-10-03 11:35:51 -07:00
Herman Slatman	a8125846dd	Add TPM attestation	2022-09-21 14:58:03 +02:00
max furman	f3d1863ec6	A few more linter errors	2022-09-20 21:01:55 -07:00
Mariano Cano	2b3b2c283a	Add attestation certificate validation for Apple devices	2022-09-20 18:51:43 -07:00
Brandon Weeks	5f5315260a	iOS 16 beta 1 support	2022-09-20 16:53:08 -07:00
Brandon Weeks	de5b0ef5c2	Verify key authorization is contained within the TPM quote extraData field	2022-09-20 16:51:55 -07:00
max furman	ab0d2503ae	Standardize linting file and fix or ignore lots of linting errors	2022-09-20 16:35:41 -07:00
Mariano Cano	6b73a020e3	Add unit tests for apple and step attestations	2022-09-15 18:19:52 -07:00
Mariano Cano	0f651799d0	Reject not enabled attestation formats	2022-09-08 17:38:05 -07:00
Mariano Cano	08815c5e90	Reneame attestation statement error	2022-09-08 10:46:58 -07:00
Mariano Cano	3cd72ac72a	Remove debug statements	2022-09-08 10:44:48 -07:00
Mariano Cano	e75e7e7cd6	Fix linter warnings	2022-09-01 16:18:13 -07:00

1 2 3

101 Commits