Herman Slatman
6440870a80
Clean up, improve test cases and coverage
2022-01-18 14:39:21 +01:00
Herman Slatman
9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine
2022-01-03 12:25:24 +01:00
Herman Slatman
a5f2f004e3
Change name of IP Common Name test for clarity
2021-12-20 18:55:23 +01:00
Herman Slatman
80bebda69c
Fix code style issue
2021-12-20 13:40:17 +01:00
Herman Slatman
bc0875bd7b
Disallow email address and URLs in the CSR
...
Before this commit `step` would allow email addresses and URLs
in the CSR. This doesn't fit nicely with the rest of ACME, in which
identifiers need to be authorized before a certificate is issued.
2021-12-13 16:14:39 +01:00
Herman Slatman
13a31fd862
Merge branch 'master' into herman/ip-sans-improvements
2021-12-13 16:04:53 +01:00
Herman Slatman
ca707cbe05
Fix linting
2021-12-13 16:01:40 +01:00
Herman Slatman
a5d33512fe
Fix test
2021-12-13 15:59:01 +01:00
Herman Slatman
a2c9b5cd7e
Allow IP identifiers in subject, including authorization enforcement
...
To support IPs in the subject using `step-cli`, this PR ensures that
Subject Common Names that can be parsed as an IP are also checked
to have been authorized before.
The PR for `step-cli` is here: github.com/smallstep/cli/pull/576.
2021-12-13 15:34:56 +01:00
Herman Slatman
0524122191
Remove authorization flow for different Account private keys
...
As discussed in https://github.com/smallstep/certificates/issues/767 ,
we opted for not including this authorization flow to prevent users
from getting OOMs. We can add the functionality back when the
underlying data store can provide access to a long list of
Authorizations more efficiently, for example when a callback is
implemented.
2021-12-08 16:28:14 +01:00
Herman Slatman
004fc054d5
Fix PR comments
2021-12-03 15:06:28 +01:00
Herman Slatman
06bb97c91e
Add logic for Account authorizations and improve tests
2021-12-02 16:25:35 +01:00
Herman Slatman
bae1d256ee
Improve tests for JWK vs. KID revoke auth flow
...
The logic for both test cases is fairly similar, but with some
small differences. Made those clearer by means of some comments.
Also added some comments to the middleware logic that decided
whether to extract JWK or lookup by KID.
2021-12-02 10:59:56 +01:00
Herman Slatman
a7fbbc4748
Add tests for GetCertificateBySerial
2021-11-28 21:20:57 +01:00
Herman Slatman
4d01cf8135
Increase test code coverage
2021-11-28 20:30:36 +01:00
Herman Slatman
2d357da99b
Add tests for ACME revocation
2021-11-26 17:27:42 +01:00
Herman Slatman
ed295ca15d
Fix linting issue
2021-11-25 00:44:21 +01:00
Herman Slatman
2d50c96d99
Merge branch 'master' into hs/acme-revocation
2021-11-19 17:00:18 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
2021-11-13 01:30:03 +01:00
Herman Slatman
29f9730485
Satisfy golangci-lint
2021-11-12 17:13:10 +01:00
Herman Slatman
c7a9c13060
Add tests for extractOrLookupJWK middleware
2021-11-12 16:37:44 +01:00
Herman Slatman
3151255a25
Merge branch 'master' into hs/acme-revocation
2021-10-30 15:41:29 +02:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
Mariano Cano
470b546d59
Merge pull request #557 from joejulian/http01-isv
...
use InsecureSkipVerify for validation
2021-08-26 18:06:57 -07:00
max furman
a3028bbc0e
Add test for updateAddOrderIDs
2021-08-18 23:44:57 -07:00
Mariano Cano
dc5205cc72
Extract the tls error code and fail accordingly.
2021-08-17 17:06:25 -07:00
Mariano Cano
ae58a0ee4e
Make tests compatible with Go 1.17.
...
With Go 1.17 tls.Dial will fail if the client and server configured
protocols do not overlap. See https://golang.org/doc/go1.17#ALPN
2021-08-17 16:31:53 -07:00
Herman Slatman
258efca0fa
Improve revocation authorization
2021-07-10 00:28:31 +02:00
Herman Slatman
97165f1844
Fix test mocking for CreateCertificate
2021-07-09 22:48:03 +02:00
Herman Slatman
2b15230aa4
Add Serial to Cert ID ACME table and lookup
2021-07-09 17:51:31 +02:00
Herman Slatman
8f7e700f09
Merge branch 'master' into hs/acme-revocation
2021-07-09 11:22:25 +02:00
max furman
857a50434c
Merge branch 'master' into max/cert-mgr-crud
2021-07-08 16:25:52 -07:00
max furman
9fdef64709
Admin level API for provisioner mgmt v1
2021-07-02 19:05:17 -07:00
Herman Slatman
16fe07d4dc
Fix mockSignAuth
2021-07-03 02:10:16 +02:00
Herman Slatman
0e56932e76
Add support for revocation using JWK
2021-07-03 01:57:27 +02:00
Herman Slatman
84e7d468f2
Improve handling of ACME revocation
2021-07-03 00:21:17 +02:00
Herman Slatman
d53bcaf830
Add base logic for ACME revoke-cert
2021-07-02 22:51:15 +02:00
Herman Slatman
8e4a4ecc1f
Refactor tests for sans
2021-06-26 00:48:40 +02:00
Herman Slatman
87b72afa25
Fix IP equality check and add more tests
2021-06-26 00:13:44 +02:00
Herman Slatman
a6d33b7d06
Add tests for sans()
2021-06-25 17:21:22 +02:00
Herman Slatman
64c15fde7e
Add tests for canonicalize function
2021-06-25 14:07:40 +02:00
Herman Slatman
c514a187b2
Fix Fail() -_-b
2021-06-18 17:37:56 +02:00
Herman Slatman
135e912ac8
Improve coverage for TLS-ALPN-01 challenge
2021-06-18 17:27:35 +02:00
Herman Slatman
218a2adb9f
Add tests for IP Order validations
2021-06-18 16:09:48 +02:00
Herman Slatman
523ae96749
Change identifier and challenge types to consts
2021-06-18 12:39:36 +02:00
Herman Slatman
84ea8bd67a
Fix PR comments
2021-06-18 12:03:46 +02:00
Herman Slatman
af4803b8b8
Fix tests
2021-06-04 11:14:59 +02:00
Herman Slatman
0c79914d0d
Improve check for single IP in TLS-ALPN-01 challenge
2021-06-04 00:18:26 +02:00
Herman Slatman
a6405e98a9
Remove fmt.
2021-06-04 00:06:15 +02:00
Herman Slatman
2f40011da8
Add support for TLS-ALPN-01 challenge
2021-06-04 00:01:43 +02:00