Mariano Cano
8cf6675ce4
Return the internal error instead of the ACME error
...
For ACME errors, return the internal error string instead of the
ACME one on the "Error() string" function. This way the logs will
have more information about the cause of an error.
Fixes #1057
2022-09-19 12:48:35 -07:00
Mariano Cano
34c6c65671
Pass attestation information to the Sign method
...
Attestation information might be useful in authorizing webhooks
2022-09-16 12:37:41 -07:00
Mariano Cano
498549c95c
Extract common function used in tests
2022-09-16 10:02:10 -07:00
Mariano Cano
829530ae90
Fix linter errors
2022-09-15 18:24:43 -07:00
Mariano Cano
6b73a020e3
Add unit tests for apple and step attestations
2022-09-15 18:19:52 -07:00
Mariano Cano
0f651799d0
Reject not enabled attestation formats
2022-09-08 17:38:05 -07:00
Mariano Cano
fd4e96d1f4
Rename method to IsChallengeEnabled
2022-09-08 13:22:35 -07:00
Mariano Cano
c77b4ff9c5
Fix linter errors
2022-09-08 12:49:16 -07:00
Mariano Cano
59c5219a07
Use a type for acme challenges
2022-09-08 12:34:06 -07:00
Mariano Cano
a89bea701d
Format comment
2022-09-08 11:06:17 -07:00
Mariano Cano
5df9434286
Fix old comment, device-attest-01 uses the acme payload
2022-09-08 10:59:51 -07:00
Mariano Cano
c5d3714a63
Fix acme error map
2022-09-08 10:48:17 -07:00
Mariano Cano
08815c5e90
Reneame attestation statement error
2022-09-08 10:46:58 -07:00
Mariano Cano
3cd72ac72a
Remove debug statements
2022-09-08 10:44:48 -07:00
Mariano Cano
e75e7e7cd6
Fix linter warnings
2022-09-01 16:18:13 -07:00
Mariano Cano
54d92095ac
Validate proof of possession signature
...
On the step format, validate proof of possession of the private
key validating the signature in the attestation statement.
2022-09-01 10:45:31 -07:00
Mariano Cano
59b7603d1e
Use a clientAuth only cert for device-attest-01
2022-08-30 16:09:44 -07:00
Mariano Cano
ca412e77cc
Return error on attestation validation
...
The method storeError returns a nil error
2022-08-29 20:03:34 -07:00
Mariano Cano
ab5f916bd3
Define ErrorBadAttestationStatement
2022-08-29 20:02:43 -07:00
Mariano Cano
735c9d49b0
Add support for yubikey attestation
2022-08-29 19:37:30 -07:00
Mariano Cano
df96b126dc
Add AuthorizeChallenge unit tests
2022-08-24 12:31:09 -07:00
Mariano Cano
bca311b05e
Add acme property to enable challenges
...
Fixes #1027
2022-08-23 17:11:40 -07:00
Mariano Cano
ae8d4d8757
Fix unit test
2022-08-23 17:01:15 -07:00
Mariano Cano
693dc39481
Merge branch 'master' into device-attestation
2022-08-22 17:59:17 -07:00
Mariano Cano
23b8f45b37
Address gosec warnings
...
Most if not all false positives
2022-08-18 17:46:20 -07:00
max furman
c040e4b459
Add unit tests
2022-08-16 15:48:23 -07:00
max furman
b7c2f6c482
Check for DNS name validity
2022-08-16 00:12:31 -07:00
Mariano Cano
b62f4d1000
Add lgtm comments on some security warnings
2022-08-11 17:32:57 -07:00
Mariano Cano
2f7cb9225f
Use go.step.sm/crypto to set the permanent identifier
2022-08-10 17:38:18 -07:00
Mariano Cano
2ab1e6658e
Fix nonce validation
...
The attestation certificate contains the nonce as raw bytes in the
extension 1.2.840.113635.100.8.11.1
2022-08-09 15:06:52 -07:00
Mariano Cano
66356cff43
Add attestation certificate validation for Apple devices
2022-07-14 17:10:03 -07:00
Brandon Weeks
274f6ccb41
iOS 16 beta 2 support
2022-06-23 05:43:24 +10:00
Brandon Weeks
7e1b0bebd9
iOS 16 beta 1 support
2022-06-23 05:19:36 +10:00
Brandon Weeks
77c6d10fd6
Verify key authorization is contained within the TPM quote extraData field
2022-06-23 05:19:36 +10:00
Brandon Weeks
e1ec31c0ed
Implement TPM attestation statement verification
2022-06-23 05:19:36 +10:00
Brandon Weeks
2ac8b69da2
Add ACME permanent-identifier identifier type
2022-06-23 05:19:36 +10:00
Brandon Weeks
aacd6f4cc6
Add device-attest-01 challenge type
2022-06-23 05:19:36 +10:00
Brandon Weeks
860baeb1c5
Verbose debug logging
2022-06-23 05:19:36 +10:00
Shulhan
fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19)
...
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
2022-06-16 01:28:59 +07:00
Herman Slatman
abfbbc8d49
Merge pull request #946 from smallstep/herman/acme-csr-padding
...
Strip base64-url padding from ACME CSR
2022-05-25 23:25:34 +02:00
Herman Slatman
fd546287ac
Strip base64-url padding from ACME CSR
...
This commit strips the padding from a base64-url encoded CSR
submitted by a client that doesn't use raw base64-url encoding.
2022-05-25 22:46:26 +02:00
Mariano Cano
e7f4eaf6c4
Remove explicit deprecation notice
...
This will avoid linter errors on other projects for now.
2022-05-23 14:04:31 -07:00
Mariano Cano
d461918eb0
Merge branch 'master' into context-authority
2022-05-06 13:21:41 -07:00
Mariano Cano
2ea0c70344
Move acme context middleware to deprecated handler
2022-05-05 12:25:07 -07:00
Mariano Cano
9147356d8a
Fix linter errors
2022-05-02 18:47:47 -07:00
Mariano Cano
2ab7dc6f9d
Fix acme tests.
2022-05-02 18:09:26 -07:00
Mariano Cano
ba499eeb2a
Fix acme/api tests.
2022-05-02 17:40:10 -07:00
Mariano Cano
6f9d847bc6
Fix panic in acme/api tests.
2022-05-02 17:35:35 -07:00
Herman Slatman
d82e51b748
Update AllowWildcardNames configuration name
2022-04-29 15:08:19 +02:00
Mariano Cano
d1f75f1720
Refactor ACME api.
2022-04-28 19:15:18 -07:00