Commit graph

194 commits

Author SHA1 Message Date
Herman Slatman
f9ec62f46c
Merge branch 'master' into herman/improve-scep-marshaling 2023-05-04 10:47:53 +02:00
Panagiotis Siatras
d797941137
do not render CRLs in memory (#1373) 2023-05-03 23:49:26 +03:00
Herman Slatman
c365d8580e
Move provisioner marshaling logic to api package 2022-12-13 10:26:34 +01:00
Herman Slatman
b8c306ebfa
Refactor tests stylistically 2022-11-18 10:26:03 +01:00
Panagiotis Siatras
9197de3e96
api/log: removed dependency to certificates/logging 2022-11-17 16:04:21 +02:00
Panagiotis Siatras
b7f4881972
merged log tests 2022-11-17 16:00:01 +02:00
Herman Slatman
27bbc3682b
Improve error log test readability 2022-11-17 13:07:19 +01:00
Herman Slatman
362be72120
Fix StackTracedError logging
When running with `STEPDEBUG=1`, a response with a `StackTracedError`
would result in a nil pointer error. This commit fixes the check and
adds a test case.
2022-11-17 12:34:30 +01:00
Mariano Cano
c7f226bcec
Add support for renew when using stepcas
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.

The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.

Fixes #1021 for stepcas
2022-11-04 16:42:07 -07:00
Mariano Cano
59775fff0c
Merge branch 'master' into crl-support 2022-10-27 10:13:19 -07:00
max furman
66858a3870
No longer need to ignore context warnings when context in request
- after upgrade to golangci-lint 1.50.0
2022-10-04 13:49:10 -07:00
Raal Goff
d0e81af524 Merge branch 'master' into crl-support 2022-09-30 08:45:48 +08:00
max furman
4c7a2ce3eb
Fix errors.As linter warnings 2022-09-22 00:04:31 -07:00
max furman
7c5e5b2b87
Even more linter fixes 2022-09-20 21:48:04 -07:00
max furman
1e0ea6f958
more linting fixes 2022-09-20 19:05:12 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
221e756f40 Use render.Error on crl endpoint 2022-09-14 11:50:11 -07:00
Raal Goff
d2483f3a70 Merge branch 'master' into crl-support
# Conflicts:
#	authority/config/config.go
2022-09-08 09:45:04 +08:00
Mariano Cano
23b8f45b37 Address gosec warnings
Most if not all false positives
2022-08-18 17:46:20 -07:00
Mariano Cano
2db15e4eb5 Remove unnecessary log entries
These log entries add CodeQL warnings and are not necessary because
our default http.ResponseWriter allows adding log entries.
2022-08-11 18:14:36 -07:00
max furman
1dd0d7d0ee Update bad serial error to be more specific 2022-08-11 09:34:04 -07:00
max furman
7052a32c2c Validate revocation serial number 2022-08-09 11:04:00 -07:00
Raal Goff
9fa5f46213 add minor doco, Test_CRLGeneration(), fix some issues from merge 2022-07-13 08:56:47 +08:00
Raal Goff
60671b07d7 Merge branch 'master' into crl-support
# Conflicts:
#	api/api.go
#	authority/config/config.go
#	cas/softcas/softcas.go
#	db/db.go
2022-07-13 08:52:58 +08:00
Mariano Cano
1be74eca62 Merge branch 'master' into ssh-renew-provisioner 2022-05-23 14:31:15 -07:00
Mariano Cano
6b3a8f22f3 Add provisioner to SSH renewals
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
2022-05-20 14:41:44 -07:00
Mariano Cano
d461918eb0 Merge branch 'master' into context-authority 2022-05-06 13:21:41 -07:00
Mariano Cano
43ddcf2efe Do not use deprecated AuthorizeSign 2022-05-04 17:35:34 -07:00
Herman Slatman
2b7f6931f3
Change Subject Common Name verification
Subject Common Names can now also be configured to be allowed or
denied, similar to SANs. When a Subject Common Name is not explicitly
allowed or denied, its type will be determined and its value will be
validated according to the constraints for that type of name (i.e. URI).
2022-04-28 14:49:23 +02:00
Mariano Cano
48e2fabeb8 Add authority.MustFromContext 2022-04-27 11:38:06 -07:00
Mariano Cano
817af3d696 Fix unit tests on the api package 2022-04-27 10:38:53 -07:00
Mariano Cano
a93653ea8e Use api.Route instead of the caHandler. 2022-04-26 14:32:55 -07:00
Mariano Cano
a6b8e65d69 Retrieve the authority from the context in api methods. 2022-04-26 12:58:40 -07:00
Herman Slatman
74a6e59b1f
Add tests for ProtoJSON and bad proto messages 2022-04-26 14:56:42 +02:00
Herman Slatman
bddd08d4b0
Remove "proto:" prefix from bad proto JSON messages 2022-04-26 14:01:16 +02:00
Herman Slatman
a2cfbe3d54
Fix (part of) PR comments 2022-04-21 12:14:03 +02:00
Herman Slatman
6532c93303
Improve read.ProtoJSON bad protobuf body error handling 2022-04-19 12:07:57 +02:00
Herman Slatman
def9438ad6
Improve handling of bad JSON protobuf bodies 2022-04-18 23:38:13 +02:00
Herman Slatman
30d5d89a13
Improve test coverage for Policy Admin API 2022-04-15 10:43:25 +02:00
Raal Goff
49c41636cc implemented some requested changes 2022-04-06 08:31:40 +08:00
Raal Goff
53dbe2309b implemented some requested changes 2022-04-06 08:24:49 +08:00
Raal Goff
a607ab189a requested changes 2022-04-06 08:23:55 +08:00
Raal Goff
d417ce3232 implement changes from review 2022-04-06 08:23:53 +08:00
Raal Goff
7d024cc4cb change GenerateCertificateRevocationList to return DER, store DER in db instead of PEM, nicer PEM encoding of CRL, add Mock stubs 2022-04-06 08:22:26 +08:00
Raal Goff
e8fdb703c9 initial support for CRL 2022-04-06 08:19:45 +08:00
Herman Slatman
571b21abbc
Fix (most) PR comments 2022-03-31 16:12:29 +02:00
Herman Slatman
628d7448de
Don't return policy in provisioner JSON 2022-03-30 15:20:38 +02:00
Herman Slatman
2fbdf7d5b0
Merge branch 'master' into herman/allow-deny 2022-03-30 14:50:14 +02:00
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages (#860)
* api/render: initial implementation of the package

* acme/api: refactored to support api/render

* authority/admin: refactored to support api/render

* ca: refactored to support api/render

* api: refactored to support api/render

* api/render: implemented Error

* api: refactored to support api/render.Error

* acme/api: refactored to support api/render.Error

* authority/admin: refactored to support api/render.Error

* ca: refactored to support api/render.Error

* ca: fixed broken tests

* api/render, api/log: moved error logging to this package

* acme: refactored Error so that it implements render.RenderableError

* authority/admin: refactored Error so that it implements render.RenderableError

* api/render: implemented RenderableError

* api/render: added test coverage for Error

* api/render: implemented statusCodeFromError

* api: refactored RootsPEM to work with render.Error

* acme, authority/admin: fixed pointer receiver name for consistency

* api/render, errs: moved StatusCoder & StackTracer to the render package
2022-03-30 11:22:22 +03:00
Andrew Reed
d5d70baba7
Add /roots.pem handler (#866)
* Add /roots.pem handler

* Review changes

* Remove no peer cert test case
2022-03-28 09:18:18 -05:00