Herman Slatman
23898e9b76
Improve EAB JWS validation and increase test coverage
2021-12-07 12:17:41 +01:00
Herman Slatman
d0c23973cc
Merge branch 'master' into hs/acme-eab
2021-12-06 13:01:23 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
2021-11-13 01:30:03 +01:00
Herman Slatman
dd4b4b0435
Fix remaining gocritic remarks
2021-10-11 23:34:23 +02:00
Herman Slatman
e0b495e4c8
Merge branch 'master' into hs/acme-eab
2021-10-09 01:06:49 +02:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
Herman Slatman
0afea2e957
Improve tests for already bound EAB keys
2021-10-08 13:19:35 +02:00
Herman Slatman
02cd3b6b3b
Fix PR comments
2021-09-16 23:09:24 +02:00
Herman Slatman
a98fe03e80
Merge branch 'master' into hs/acme-eab
2021-08-27 12:50:19 +02:00
Herman Slatman
1dba8698e3
Use LinkedCA.EABKey type in ACME EAB API
2021-08-27 12:39:37 +02:00
Mariano Cano
470b546d59
Merge pull request #557 from joejulian/http01-isv
...
use InsecureSkipVerify for validation
2021-08-26 18:06:57 -07:00
Herman Slatman
f31ca4f6a4
Add tests for validateExternalAccountBinding
2021-08-10 12:39:44 +02:00
Herman Slatman
492256f2d7
Add first test cases for EAB and make provisioner unique per EAB
...
Before this commit, EAB keys could be used CA-wide, meaning that
an EAB credential could be used at any ACME provisioner. This
commit changes that behavior, so that EAB credentials are now
intended to be used with a specific ACME provisioner. I think
that makes sense, because from the perspective of an ACME client
the provisioner is like a distinct CA.
Besides that this commit also includes the first tests for EAB.
The logic for creating the EAB JWS as a client has been taken
from github.com/mholt/acmez. This logic may be moved or otherwise
sourced (i.e. from a vendor) as soon as the step client also
(needs to) support(s) EAB with ACME.
2021-08-09 10:37:32 +02:00
Herman Slatman
c6bfc6eac2
Fix PR comments
2021-07-22 23:48:41 +02:00
Herman Slatman
d669f3cb14
Fix misspelling
2021-07-17 20:39:12 +02:00
Herman Slatman
540d5fbbdc
Fix marshaling -> marshalling
2021-07-17 20:35:44 +02:00
Herman Slatman
2110c7722f
Fix JWK payload key equality check
2021-07-17 20:29:12 +02:00
Herman Slatman
d44cd18b96
Add External Accounting Binding key "BoundAt" marking
2021-07-17 19:02:47 +02:00
Herman Slatman
f81d49d963
Add first working version of External Account Binding
2021-07-17 17:35:44 +02:00
max furman
857a50434c
Merge branch 'master' into max/cert-mgr-crud
2021-07-08 16:25:52 -07:00
max furman
9fdef64709
Admin level API for provisioner mgmt v1
2021-07-02 19:05:17 -07:00
Herman Slatman
64c15fde7e
Add tests for canonicalize function
2021-06-25 14:07:40 +02:00
Herman Slatman
523ae96749
Change identifier and challenge types to consts
2021-06-18 12:39:36 +02:00
Herman Slatman
84ea8bd67a
Fix PR comments
2021-06-18 12:03:46 +02:00
Herman Slatman
76dcf542d4
Fix mixed DNS and IP SANs in Order
2021-06-03 22:45:24 +02:00
Herman Slatman
a0e92f8e99
Verify IP identifier contains valid IP
2021-06-03 22:02:13 +02:00
Herman Slatman
6486e6016b
Make logic for which challenge types to use clearer
2021-05-29 00:37:22 +02:00
Herman Slatman
3e36522329
Add preliminary support for TLS-ALPN-01 challenge for IP identifiers
2021-05-29 00:19:14 +02:00
Herman Slatman
6d9710c88d
Add initial support for ACME IP validation
2021-05-28 16:40:46 +02:00
Joe Julian
0369151bfa
use InsecureSkipVerify for validation
...
The server will not yet have a valid certificate so we need to disable
certificate validation in the HTTPGetter.
2021-04-27 08:18:35 -07:00
Mariano Cano
2e1524ec2f
Remove the creation on nonce on get acme directory.
...
According to RFC 8555, the replay nonces are only required in POST
requests. And of course in the new-nonce request.
2021-04-15 17:54:22 -07:00
max furman
93c3c2bf2e
Error handle non existent provisioner downstream and disable debug route logging
2021-04-14 15:35:43 -07:00
max furman
497ec0c79b
Fix linter issues
2021-04-14 15:14:27 -07:00
max furman
b1888fd34d
Use different method for unescpaed paths for the router
2021-04-14 15:11:15 -07:00
max furman
672e3f976e
Few ACME fixes ...
...
- always URL escape linker output
- validateJWS should accept RSAPSS
- GetUpdateAccount -> GetOrUpdateAccount
2021-04-12 19:06:07 -07:00
max furman
440678cb62
Add markInvalid arg to storeError for invalidating challenge
2021-03-29 22:58:26 -07:00
max furman
6b8585c702
PR review fixes / updates
2021-03-29 12:04:14 -07:00
max furman
a785131d09
Fix lint issues
2021-03-25 15:15:32 -07:00
max furman
80c8567d99
change errnotfound type for getAccount
...
- more generalized NotFound type rather than the nosql
one we were using
- if the error is not recognized then the logic in create account will
break.
2021-03-25 14:54:12 -07:00
max furman
1831920363
Finish order unit tests and remove unused mocklinker
2021-03-25 13:46:51 -07:00
max furman
b6ebc0fd25
more unit tests
2021-03-25 12:05:46 -07:00
max furman
df05340521
fixing broken unit tests
2021-03-25 12:05:46 -07:00
max furman
f72b2ff2c2
[acme db interface] nosql authz unit tests
2021-03-25 12:05:46 -07:00
max furman
074ab7b221
[acme db interface] add linker tests
2021-03-25 12:05:46 -07:00
max furman
8d2ebcfd49
[acme db interface] more unit tests
2021-03-25 12:05:46 -07:00
max furman
20b9785d20
[acme db interface] continuing unit test work
2021-03-25 12:05:46 -07:00
max furman
291fd5d45a
[acme db interface] more unit tests
2021-03-25 12:05:46 -07:00
max furman
f71e27e787
[acme db interface] unit test progress
2021-03-25 12:05:46 -07:00
max furman
bb8d54e596
[acme db interface] unit tests compiling
2021-03-25 12:05:46 -07:00
max furman
f20fcae80e
[acme db interface] wip unit test fixing
2021-03-25 12:05:46 -07:00