Herman Slatman
c1424036bf
Merge branch 'master' into herman/allow-deny
2022-01-31 14:24:34 +01:00
Herman Slatman
9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine
2022-01-03 12:25:24 +01:00
Herman Slatman
d799359917
Merge branch 'master' into hs/acme-eab
2021-12-09 13:58:40 +01:00
Herman Slatman
d0c23973cc
Merge branch 'master' into hs/acme-eab
2021-12-06 13:01:23 +01:00
Herman Slatman
bae1d256ee
Improve tests for JWK vs. KID revoke auth flow
...
The logic for both test cases is fairly similar, but with some
small differences. Made those clearer by means of some comments.
Also added some comments to the middleware logic that decided
whether to extract JWK or lookup by KID.
2021-12-02 10:59:56 +01:00
Herman Slatman
2d50c96d99
Merge branch 'master' into hs/acme-revocation
2021-11-19 17:00:18 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
2021-11-13 01:30:03 +01:00
Herman Slatman
c7a9c13060
Add tests for extractOrLookupJWK middleware
2021-11-12 16:37:44 +01:00
Herman Slatman
3151255a25
Merge branch 'master' into hs/acme-revocation
2021-10-30 15:41:29 +02:00
Herman Slatman
e0b495e4c8
Merge branch 'master' into hs/acme-eab
2021-10-09 01:06:49 +02:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
Herman Slatman
c6bfc6eac2
Fix PR comments
2021-07-22 23:48:41 +02:00
Herman Slatman
258efca0fa
Improve revocation authorization
2021-07-10 00:28:31 +02:00
Herman Slatman
2b15230aa4
Add Serial to Cert ID ACME table and lookup
2021-07-09 17:51:31 +02:00
Herman Slatman
8f7e700f09
Merge branch 'master' into hs/acme-revocation
2021-07-09 11:22:25 +02:00
max furman
9fdef64709
Admin level API for provisioner mgmt v1
2021-07-02 19:05:17 -07:00
Herman Slatman
0e56932e76
Add support for revocation using JWK
2021-07-03 01:57:27 +02:00
max furman
93c3c2bf2e
Error handle non existent provisioner downstream and disable debug route logging
2021-04-14 15:35:43 -07:00
max furman
b1888fd34d
Use different method for unescpaed paths for the router
2021-04-14 15:11:15 -07:00
max furman
672e3f976e
Few ACME fixes ...
...
- always URL escape linker output
- validateJWS should accept RSAPSS
- GetUpdateAccount -> GetOrUpdateAccount
2021-04-12 19:06:07 -07:00
max furman
80c8567d99
change errnotfound type for getAccount
...
- more generalized NotFound type rather than the nosql
one we were using
- if the error is not recognized then the logic in create account will
break.
2021-03-25 14:54:12 -07:00
max furman
20b9785d20
[acme db interface] continuing unit test work
2021-03-25 12:05:46 -07:00
max furman
291fd5d45a
[acme db interface] more unit tests
2021-03-25 12:05:46 -07:00
max furman
f71e27e787
[acme db interface] unit test progress
2021-03-25 12:05:46 -07:00
max furman
80a6640103
[acme db interface] wip
2021-03-25 12:05:46 -07:00
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
Mariano Cano
d30a95236d
Use always go.step.sm/crypto
2020-08-14 15:33:50 -07:00
max furman
6e69f99310
Always set nbf and naf for new ACME orders ...
...
- Use the default value from the ACME provisioner if values are not
defined in the request.
2020-05-22 10:31:58 -07:00
max furman
e1409349f3
Allow relative URL for all links in ACME api ...
...
* Pass the request context all the way down the ACME stack.
* Save baseURL in context and use when generating ACME urls.
2020-05-14 17:32:54 -07:00
max furman
d368791606
Add x5c provisioner capabilities
2019-10-14 14:51:37 -07:00
max furman
e3826dd1c3
Add ACME CA capabilities
2019-09-13 15:48:33 -07:00