Commit graph

3012 commits

Author SHA1 Message Date
Mariano Cano
59b7603d1e Use a clientAuth only cert for device-attest-01 2022-08-30 16:09:44 -07:00
Mariano Cano
6db631df51 Upgrade go.step.sm/crypto@attest 2022-08-30 15:49:10 -07:00
Mariano Cano
ca412e77cc Return error on attestation validation
The method storeError returns a nil error
2022-08-29 20:03:34 -07:00
Mariano Cano
ab5f916bd3 Define ErrorBadAttestationStatement 2022-08-29 20:02:43 -07:00
Mariano Cano
735c9d49b0 Add support for yubikey attestation 2022-08-29 19:37:30 -07:00
Mariano Cano
ebce40e9b6 Add new method ACMEClient.ValidateWithPayload
This new method will be used to validate to validate the device
attestation payload.
2022-08-29 19:35:52 -07:00
Mariano Cano
a893d6e7f7 Upgrade go.step.sm/cli-utils
Fixes issue with step path
2022-08-25 15:37:35 -07:00
Mariano Cano
432477aa91
Merge pull request #1030 from smallstep/herman/fix-template-validation
Add provisioner template validation
2022-08-25 14:51:39 -07:00
Mariano Cano
1938b1bb34 Merge branch 'master' into herman/fix-template-validation 2022-08-25 13:31:33 -07:00
Mariano Cano
1d1e024b84 Upgrade to go.step.sm/crypto v0.18.0 2022-08-25 12:40:31 -07:00
Mariano Cano
f1c63bc38d Fix challenge mapping 2022-08-24 19:30:28 -07:00
Mariano Cano
2a44972830 Run go mod tidy 2022-08-24 19:23:31 -07:00
Mariano Cano
df96b126dc Add AuthorizeChallenge unit tests 2022-08-24 12:31:09 -07:00
Mariano Cano
bca311b05e Add acme property to enable challenges
Fixes #1027
2022-08-23 17:11:40 -07:00
Mariano Cano
ae8d4d8757 Fix unit test 2022-08-23 17:01:15 -07:00
Herman Slatman
6b7b989988
Add provisioner template validation
Fixes #1012
2022-08-23 16:27:49 +02:00
Mariano Cano
693dc39481 Merge branch 'master' into device-attestation 2022-08-22 17:59:17 -07:00
Mariano Cano
b1e9d5ee86 Revert "Run on plaintext HTTP to support Cloud Run"
This reverts commit 09b9673a60.
2022-08-22 17:50:14 -07:00
Mariano Cano
dd6f59b538
Merge pull request #1024 from smallstep/gosec
Address gosec warnings
2022-08-22 14:19:50 -07:00
Mariano Cano
23b8f45b37 Address gosec warnings
Most if not all false positives
2022-08-18 17:46:20 -07:00
Mariano Cano
713dfad884
Merge pull request #1019 from smallstep/head-middleware
Add a middleware to automatically route HEAD requests to GET
2022-08-16 16:21:19 -07:00
Max
8f88740a5a
Merge pull request #1014 from smallstep/max/dns-id
Check for DNS name validity
2022-08-16 16:20:12 -07:00
Mariano Cano
6cab4d328e Add a middleware to automatically route HEAD requests to GET
Fixes #992
2022-08-16 16:10:29 -07:00
max furman
c040e4b459 Add unit tests 2022-08-16 15:48:23 -07:00
Mariano Cano
85fc837dc3
Merge pull request #1018 from smallstep/ra-config
Ra config
2022-08-16 15:24:01 -07:00
Mariano Cano
3c88a9ccc2 Fixed changelog 2022-08-16 15:11:49 -07:00
Mariano Cano
8e08f0dea3 Add entries to changelog 2022-08-16 14:48:03 -07:00
Mariano Cano
0c7467ceb2 Allow to automatically configure and linked RA 2022-08-16 14:39:02 -07:00
Mariano Cano
5e0be92273 Allow option to skip the validation of config 2022-08-16 14:04:04 -07:00
max furman
b7c2f6c482 Check for DNS name validity 2022-08-16 00:12:31 -07:00
Mariano Cano
ae76d943c9
Merge pull request #1009 from smallstep/code-ql
Code QL
2022-08-11 18:53:30 -07:00
Mariano Cano
2db15e4eb5 Remove unnecessary log entries
These log entries add CodeQL warnings and are not necessary because
our default http.ResponseWriter allows adding log entries.
2022-08-11 18:14:36 -07:00
Mariano Cano
759aa26a57 Fix linter warning 2022-08-11 17:47:58 -07:00
Mariano Cano
90d2785776 Sanitize log entries in logging package 2022-08-11 17:44:31 -07:00
Mariano Cano
b62f4d1000 Add lgtm comments on some security warnings 2022-08-11 17:32:57 -07:00
Mariano Cano
a5439c43cd Remove ciphersuites without Lucky13 countermeasures
SHA-256 variants of the CBC ciphersuites don't implement any Lucky13
countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and
https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
2022-08-11 17:11:04 -07:00
Mariano Cano
d6baad443b
Merge pull request #1008 from smallstep/endpoint-id
Endpoint ID
2022-08-11 15:18:47 -07:00
Mariano Cano
8bd0174251 Rename field to IsCAServerCert 2022-08-11 15:14:26 -07:00
Mariano Cano
5df1694250 Add endpoint id for the RA certificate
In a linked RA mode, send an endpoint id to group the server
certificates.
2022-08-11 14:47:11 -07:00
Max
20784c7a00
Merge pull request #1006 from smallstep/max/revoke-serial-validation
Validate revocation serial number
2022-08-11 09:45:26 -07:00
max furman
1dd0d7d0ee Update bad serial error to be more specific 2022-08-11 09:34:04 -07:00
max furman
73ba411e1d [action] parameterize golangci-lint version 2022-08-10 21:45:10 -07:00
Mariano Cano
eb091aec54 Simplify field names for ProvisionerInfo 2022-08-10 17:44:14 -07:00
Mariano Cano
2f7cb9225f Use go.step.sm/crypto to set the permanent identifier 2022-08-10 17:38:18 -07:00
Mariano Cano
a65adc032b
Merge pull request #1005 from smallstep/crypto-kms
Use go.step.sm/crypto/kms
2022-08-10 09:57:26 -07:00
Mariano Cano
21427d5d65 Replace instead of prepend provisioner extension
With non standard SANs this will generate the SAN and provisioner
extension in the same order.
2022-08-09 16:48:00 -07:00
Mariano Cano
2ab1e6658e Fix nonce validation
The attestation certificate contains the nonce as raw bytes in the
extension 1.2.840.113635.100.8.11.1
2022-08-09 15:06:52 -07:00
max furman
7052a32c2c Validate revocation serial number 2022-08-09 11:04:00 -07:00
Mariano Cano
4985ab1d62 Remove kms package 2022-08-08 18:01:10 -07:00
Mariano Cano
369b8f81c3 Use go.step.sm/crypto/kms
Fixes #975
2022-08-08 17:58:18 -07:00