Mariano Cano
10f6a901ec
Let the CA determine the RA lifetime
...
When the RA mode with StepCAS is used, let the CA decide which lifetime
the RA should get instead of requiring always 24h.
This commit also fixes linter warnings.
Related to #1094
7 months ago
Herman Slatman
041b486c55
Remove usages of `Sign` without context
7 months ago
Herman Slatman
2a8b80a3e1
Merge branch 'master' into herman/webhook-request-id
7 months ago
Herman Slatman
e52836f0ab
Add `RS1` support for ACME `device-attest-01`
9 months ago
Herman Slatman
c59d293d26
Add support for `HTTP_PROXY` and `HTTPS_PROXY` to ACME solver client
9 months ago
Mariano Cano
b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3
10 months ago
Herman Slatman
f453323ba9
Merge pull request #1631 from smallstep/herman/fix-apple-acmeclient-invalid-signatures
10 months ago
Herman Slatman
405aae798c
Simplify the `copy` logic used when patching JWS signature
10 months ago
Max
d34f0f6a97
Fix linter warnings ( #1634 )
10 months ago
Herman Slatman
26a3bb3c11
Make the Apple JWS fix more robust and catch more cases.
10 months ago
Herman Slatman
113491e7af
Remove TODO for patching other algorithms for Apple ACME client
10 months ago
Herman Slatman
06f4cbbcda
Add (temporary) fix for missing null bytes in Apple JWS signatures
...
Apparently the Apple macOS (and iOS?) ACME client seems to omit
leading null bytes from JWS signatures. The base64-url encoded
bytes decode to a shorter byte slice than what the JOSE library
expects (e.g. 63 bytes instead of 64 bytes for ES256), and then
results in a `jose.ErrCryptoFailure`.
This commit retries verification of the JWS in case the first
verification fails with `jose.ErrCryptoFailure`. The signatures are
checked to be of the correct length, and if not, null bytes are
prepended to the signature. Then verification is retried, which
might fail again, but for other reasons. On success, the payload
is returned.
Apple should fix this in their ACME client, but in the meantime
this commit prevents some "bad request" error cases from happening.
10 months ago
Dominic Evans
231b5d8406
chore(deps): upgrade github.com/go-chi/chi to v5
...
Upgrade chi to the v5 module path to avoid deprecation warning about v4
and earlier on the old module path.
See https://github.com/go-chi/chi/blob/v4.1.3/go.mod#L1-L4
Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
1 year ago
Herman Slatman
4ef093dc4b
Fix broken tests relying on `Sign` in mocks
1 year ago
Herman Slatman
9e3807eaa3
Use `SignWithContext` in the critical paths
1 year ago
Herman Slatman
4e06bdbc51
Add `SignWithContext` method to authority and mocks
1 year ago
Herman Slatman
f2993c4c3b
Use the legacy `tpm2` package import
1 year ago
Max
116ff8ed65
bump go.mod to go1.20 and associated linter fixes ( #1518 )
1 year ago
Mariano Cano
d8eeebfd51
Fix error string in tests
...
This commit fixes a test checking an error string from an external
dependency.
1 year ago
Herman Slatman
c952e9fc9d
Use `NewDetailedError` instead
1 year ago
Herman Slatman
f3c24fe875
Change how multiple identifiers are printed in errors
1 year ago
Herman Slatman
a0cdad335d
Add test for `WithAdditionalErrorDetail`
1 year ago
Herman Slatman
9a52675865
Return descriptive error when using unsupported format
1 year ago
Herman Slatman
0d3338ff3a
Return consistent ACME error types for specific cases
1 year ago
Herman Slatman
df22b8a303
Cleanup some leftover TODOs
1 year ago
Herman Slatman
dd9bf1e915
Add error details for the `step` format
1 year ago
Herman Slatman
9cbbd1d575
Add error details to ACME `tpm` format validation errors
1 year ago
Herman Slatman
d5dd8feccd
Prevent internal errors from being returned to ACME clients
1 year ago
Herman Slatman
979e0f8f51
Add error details to select error cases for `apple` format
1 year ago
Herman Slatman
a5801b3c74
Fix TPM simulator initialization for tests
1 year ago
Max
7731edd816
Store and verify Acme account location ( #1386 )
...
* Store and verify account location on acme requests
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
Co-authored-by: Mariano Cano <mariano@smallstep.com>
1 year ago
Herman Slatman
e71b62e95c
Merge branch 'master' into herman/update-crypto-v0.29.4
1 year ago
max furman
8b256f0351
address linter warning for go 1.19
1 year ago
Herman Slatman
0c2b00f6a1
Depend on our fork of `go-attestation`
1 year ago
Herman Slatman
d9aa2c110f
Increase test coverage for AK certificate properties
2 years ago
Herman Slatman
ed1a62206e
Add additional verification of AK certificate
2 years ago
Herman Slatman
1c38e252a6
Cast `alg` to a valid `COSEAlgorithmIdentifier`
2 years ago
Herman Slatman
e25acff13c
Simplify `alg` validity check
2 years ago
Herman Slatman
9cd4b362f7
Extract the `ParseSubjectAlternativeNames` function
2 years ago
Herman Slatman
b6957358fc
Fix PR remarks
...
- Root CA error message improved
- Looping through intermediate certs
- Change checking unhandled extensions to using `if`
2 years ago
Herman Slatman
09bd7705cd
Fix linting issues
2 years ago
Herman Slatman
f88ef6621f
Add `PermanentIdentifier` SAN parsing and tests
2 years ago
Herman Slatman
52023d6083
Add tests for `doTPMAttestationFormat`
2 years ago
Herman Slatman
ae30f6e96b
Add failing TPM simulator test
2 years ago
Herman Slatman
bf53b394a1
Add `tpm` format test with simulated TPM
2 years ago
Herman Slatman
094f0521e2
Remove check for `PermanentIdentifier` from `tpm` format validation
2 years ago
Herman Slatman
589a62df74
Make validation of `tpm` format stricter
2 years ago
Herman Slatman
213b31bc2c
Simplify processing logic for unhandled critical extension
2 years ago
Herman Slatman
e1c7e8f00b
Return the CSR public key fingerprint for `tpm` format
2 years ago
Herman Slatman
6297bace1a
Merge branch 'master' into herman/acme-da-tpm
2 years ago