certificates

Author	SHA1	Message	Date
Herman Slatman	746c5c9fd9	Disallow creation of EAB keys with non-unique references	2021-09-17 17:25:19 +02:00
Herman Slatman	9c0020352b	Add lookup by reference and make reference optional	2021-09-17 17:08:02 +02:00
Herman Slatman	02cd3b6b3b	Fix PR comments	2021-09-16 23:09:24 +02:00
Herman Slatman	f11c0cdc0c	Add endpoint for listing ACME EAB keys	2021-08-27 16:58:04 +02:00
Herman Slatman	a1afbce50c	Check EAB key exists before deleting it	2021-08-27 14:47:10 +02:00
Herman Slatman	9d09f5e575	Add support for deleting ACME EAB keys	2021-08-27 14:10:00 +02:00
Herman Slatman	a98fe03e80	Merge branch 'master' into hs/acme-eab	2021-08-27 12:50:19 +02:00
Herman Slatman	1dba8698e3	Use LinkedCA.EABKey type in ACME EAB API	2021-08-27 12:39:37 +02:00
Mariano Cano	470b546d59	Merge pull request #557 from joejulian/http01-isv use InsecureSkipVerify for validation	2021-08-26 18:06:57 -07:00
max furman	a3028bbc0e	Add test for updateAddOrderIDs	2021-08-18 23:44:57 -07:00
Mariano Cano	dc5205cc72	Extract the tls error code and fail accordingly.	2021-08-17 17:06:25 -07:00
Mariano Cano	ae58a0ee4e	Make tests compatible with Go 1.17. With Go 1.17 tls.Dial will fail if the client and server configured protocols do not overlap. See https://golang.org/doc/go1.17#ALPN	2021-08-17 16:31:53 -07:00
Herman Slatman	f31ca4f6a4	Add tests for validateExternalAccountBinding	2021-08-10 12:39:44 +02:00
Herman Slatman	492256f2d7	Add first test cases for EAB and make provisioner unique per EAB Before this commit, EAB keys could be used CA-wide, meaning that an EAB credential could be used at any ACME provisioner. This commit changes that behavior, so that EAB credentials are now intended to be used with a specific ACME provisioner. I think that makes sense, because from the perspective of an ACME client the provisioner is like a distinct CA. Besides that this commit also includes the first tests for EAB. The logic for creating the EAB JWS as a client has been taken from github.com/mholt/acmez. This logic may be moved or otherwise sourced (i.e. from a vendor) as soon as the step client also (needs to) support(s) EAB with ACME.	2021-08-09 10:37:32 +02:00
Herman Slatman	c6bfc6eac2	Fix PR comments	2021-07-22 23:48:41 +02:00
Herman Slatman	d669f3cb14	Fix misspelling	2021-07-17 20:39:12 +02:00
Herman Slatman	540d5fbbdc	Fix marshaling -> marshalling	2021-07-17 20:35:44 +02:00
Herman Slatman	2110c7722f	Fix JWK payload key equality check	2021-07-17 20:29:12 +02:00
Herman Slatman	d44cd18b96	Add External Accounting Binding key "BoundAt" marking	2021-07-17 19:02:47 +02:00
Herman Slatman	f81d49d963	Add first working version of External Account Binding	2021-07-17 17:35:44 +02:00
Herman Slatman	258efca0fa	Improve revocation authorization	2021-07-10 00:28:31 +02:00
Herman Slatman	97165f1844	Fix test mocking for CreateCertificate	2021-07-09 22:48:03 +02:00
Herman Slatman	2b15230aa4	Add Serial to Cert ID ACME table and lookup	2021-07-09 17:51:31 +02:00
Herman Slatman	8f7e700f09	Merge branch 'master' into hs/acme-revocation	2021-07-09 11:22:25 +02:00
max furman	857a50434c	Merge branch 'master' into max/cert-mgr-crud	2021-07-08 16:25:52 -07:00
max furman	9fdef64709	Admin level API for provisioner mgmt v1	2021-07-02 19:05:17 -07:00
Herman Slatman	16fe07d4dc	Fix mockSignAuth	2021-07-03 02:10:16 +02:00
Herman Slatman	0e56932e76	Add support for revocation using JWK	2021-07-03 01:57:27 +02:00
Herman Slatman	84e7d468f2	Improve handling of ACME revocation	2021-07-03 00:21:17 +02:00
Herman Slatman	d53bcaf830	Add base logic for ACME revoke-cert	2021-07-02 22:51:15 +02:00
Herman Slatman	8e4a4ecc1f	Refactor tests for sans	2021-06-26 00:48:40 +02:00
Herman Slatman	87b72afa25	Fix IP equality check and add more tests	2021-06-26 00:13:44 +02:00
Herman Slatman	a6d33b7d06	Add tests for sans()	2021-06-25 17:21:22 +02:00
Herman Slatman	64c15fde7e	Add tests for canonicalize function	2021-06-25 14:07:40 +02:00
Herman Slatman	c514a187b2	Fix Fail() -_-b	2021-06-18 17:37:56 +02:00
Herman Slatman	135e912ac8	Improve coverage for TLS-ALPN-01 challenge	2021-06-18 17:27:35 +02:00
Herman Slatman	218a2adb9f	Add tests for IP Order validations	2021-06-18 16:09:48 +02:00
Herman Slatman	523ae96749	Change identifier and challenge types to consts	2021-06-18 12:39:36 +02:00
Herman Slatman	84ea8bd67a	Fix PR comments	2021-06-18 12:03:46 +02:00
Herman Slatman	af4803b8b8	Fix tests	2021-06-04 11:14:59 +02:00
Herman Slatman	0c79914d0d	Improve check for single IP in TLS-ALPN-01 challenge	2021-06-04 00:18:26 +02:00
Herman Slatman	a6405e98a9	Remove fmt.	2021-06-04 00:06:15 +02:00
Herman Slatman	2f40011da8	Add support for TLS-ALPN-01 challenge	2021-06-04 00:01:43 +02:00
Herman Slatman	76dcf542d4	Fix mixed DNS and IP SANs in Order	2021-06-03 22:45:24 +02:00
Herman Slatman	af615db6b5	Support DNS and IPs as SANs in single Order	2021-06-03 22:03:21 +02:00
Herman Slatman	a0e92f8e99	Verify IP identifier contains valid IP	2021-06-03 22:02:13 +02:00
Herman Slatman	6486e6016b	Make logic for which challenge types to use clearer	2021-05-29 00:37:22 +02:00
Herman Slatman	3e36522329	Add preliminary support for TLS-ALPN-01 challenge for IP identifiers	2021-05-29 00:19:14 +02:00
Herman Slatman	6d9710c88d	Add initial support for ACME IP validation	2021-05-28 16:40:46 +02:00
max furman	7b5d6968a5	first commit	2021-05-19 15:20:16 -07:00
Joe Julian	0369151bfa	use InsecureSkipVerify for validation The server will not yet have a valid certificate so we need to disable certificate validation in the HTTPGetter.	2021-04-27 08:18:35 -07:00
Mariano Cano	2e1524ec2f	Remove the creation on nonce on get acme directory. According to RFC 8555, the replay nonces are only required in POST requests. And of course in the new-nonce request.	2021-04-15 17:54:22 -07:00
max furman	93c3c2bf2e	Error handle non existent provisioner downstream and disable debug route logging	2021-04-14 15:35:43 -07:00
max furman	497ec0c79b	Fix linter issues	2021-04-14 15:14:27 -07:00
max furman	b1888fd34d	Use different method for unescpaed paths for the router	2021-04-14 15:11:15 -07:00
max furman	6cfb9b790c	Remove check of deprecated value - NegotiatedProtocolIsMutual is always true: Deprecated according to golang docs	2021-04-13 14:53:05 -07:00
max furman	63ec2e35b0	Change Clock to empty struct in nosql/nosql \| truncate > round - saves space -	2021-04-13 14:42:37 -07:00
max furman	672e3f976e	Few ACME fixes ... - always URL escape linker output - validateJWS should accept RSAPSS - GetUpdateAccount -> GetOrUpdateAccount	2021-04-12 19:06:07 -07:00
max furman	2e0e62bc4c	add WriteError method for acme api	2021-03-29 23:16:39 -07:00
max furman	9aef84b9af	remove unused nonce.clone method	2021-03-29 23:02:41 -07:00
max furman	440678cb62	Add markInvalid arg to storeError for invalidating challenge	2021-03-29 22:58:26 -07:00
max furman	6b8585c702	PR review fixes / updates	2021-03-29 12:04:14 -07:00
max furman	bdace1e53f	Add failure scenarios to db.CreateOrder unit tests	2021-03-25 19:40:18 -07:00
max furman	fd447c5b54	Fix small nbf->naf bug in db.CreateOrder - still needs unit test	2021-03-25 16:45:26 -07:00
max furman	a785131d09	Fix lint issues	2021-03-25 15:15:32 -07:00
max furman	80c8567d99	change errnotfound type for getAccount - more generalized NotFound type rather than the nosql one we were using - if the error is not recognized then the logic in create account will break.	2021-03-25 14:54:12 -07:00
max furman	1831920363	Finish order unit tests and remove unused mocklinker	2021-03-25 13:46:51 -07:00
max furman	b6ebc0fd25	more unit tests	2021-03-25 12:05:46 -07:00
max furman	df05340521	fixing broken unit tests	2021-03-25 12:05:46 -07:00
max furman	bdf4c0f836	add acme order unit tests	2021-03-25 12:05:46 -07:00
max furman	c0a9f24798	add authorization and order unit tests	2021-03-25 12:05:46 -07:00
max furman	a58466589f	add tls-alpn-01 validate unit tests	2021-03-25 12:05:46 -07:00
max furman	a8e4bbf715	start Validate unit tests	2021-03-25 12:05:46 -07:00
max furman	1fb0f1d7d9	add storeError unit tests	2021-03-25 12:05:46 -07:00
max furman	8b4a5a6d8b	add unit tests for dns01 validate	2021-03-25 12:05:46 -07:00
max furman	3612a0b990	gethttp01 validate unit tests working	2021-03-25 12:05:46 -07:00
max furman	7f9ffbd514	adding more acme nosql unit tests	2021-03-25 12:05:46 -07:00
max furman	88e6f00347	nosql account db unit tests	2021-03-25 12:05:46 -07:00
max furman	ce13d09dcb	add `at` to time attributes in dbAccount	2021-03-25 12:05:46 -07:00
max furman	f72b2ff2c2	[acme db interface] nosql authz unit tests	2021-03-25 12:05:46 -07:00
max furman	206909b12e	[acme db interface] unit tests for challenge nosql db	2021-03-25 12:05:46 -07:00
max furman	4b1dda5bb6	[acme db interface] tests	2021-03-25 12:05:46 -07:00
max furman	074ab7b221	[acme db interface] add linker tests	2021-03-25 12:05:46 -07:00
max furman	8d2ebcfd49	[acme db interface] more unit tests	2021-03-25 12:05:46 -07:00
max furman	20b9785d20	[acme db interface] continuing unit test work	2021-03-25 12:05:46 -07:00
max furman	291fd5d45a	[acme db interface] more unit tests	2021-03-25 12:05:46 -07:00
max furman	f71e27e787	[acme db interface] unit test progress	2021-03-25 12:05:46 -07:00
max furman	bb8d54e596	[acme db interface] unit tests compiling	2021-03-25 12:05:46 -07:00
max furman	f20fcae80e	[acme db interface] wip unit test fixing	2021-03-25 12:05:46 -07:00
max furman	fc395f4d69	[acme db interface] compiles!	2021-03-25 12:05:46 -07:00
max furman	116869ebc5	[acme db interface] wip	2021-03-25 12:05:46 -07:00
max furman	80a6640103	[acme db interface] wip	2021-03-25 12:05:46 -07:00
max furman	491c188a5e	[acme db interface] wip	2021-03-25 12:05:46 -07:00
max furman	1135ae04fc	[acme db interface] wip	2021-03-25 12:05:46 -07:00
max furman	03ba229bcb	[acme db interface] wip more errors	2021-03-25 12:05:46 -07:00
max furman	2ae43ef2dc	[acme db interface] wip errors	2021-03-25 12:05:46 -07:00
max furman	121cc34cca	[acme db interface] wip	2021-03-25 12:05:45 -07:00
max furman	461bad3fef	[acme db interface] wip	2021-03-25 12:05:45 -07:00
max furman	0368957e79	[acmedb] (wip)	2021-03-25 12:05:45 -07:00
max furman	31ad7f2e9b	[acme] Continued work on acme db interface (wip)	2021-03-25 12:05:45 -07:00

1 2 3 4 5

205 commits