Mariano Cano
6ba20209c2
Verify CSR key fingerprint with attestation certificate key
...
This commit makes sure that the attestation certificate key matches the
key used on the CSR on an ACME device attestation flow.
2023-02-09 16:48:43 -08:00
Herman Slatman
3a6fc5e0b4
Remove dependency on smallstep/assert
in ACME challenge tests
2023-01-31 23:49:34 +01:00
Herman Slatman
0f9128c873
Fix linting issue and order of test SUT
2023-01-27 15:43:57 +01:00
Herman Slatman
2ab9beb7ed
Add tests for deviceAttest01Validate
2023-01-27 15:36:48 +01:00
Mariano Cano
e27c6c529b
Add support for custom acme ports
...
This change adds the flags --acme-http-port, --acme-tls-port, that
combined with --insecure can be used to set custom ports for ACME
http-01 and tls-alpn-01 challenges. These flags should only be used
for testing purposes.
Fixes #1015
2022-11-03 16:58:25 -07:00
Mariano Cano
a7e597450a
Update acme/challenge_test.go
...
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2022-10-11 10:04:42 -07:00
Mariano Cano
7a78c76199
Add test simulating YubiKey v5.2.4
...
There are YubiKeys v5.2.4 where the attestation intermediate (f9)
does not have a basic constraint extension, so that certificate
is not marked as a CA. The test and CA in this commit imitates
that use case. Currently the test case returns an error as we
don't support it. But if we change the verification to support
this use case, the test should change accordingly.
2022-10-10 18:27:11 -07:00
Mariano Cano
21666ba887
Revert "Set timestamp when marking an acme challenge invalid"
...
This reverts commit 5f130895f3
.
2022-10-03 12:56:23 -07:00
Mariano Cano
5f130895f3
Set timestamp when marking an acme challenge invalid
2022-10-03 11:35:51 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2022-09-20 16:35:41 -07:00
Mariano Cano
498549c95c
Extract common function used in tests
2022-09-16 10:02:10 -07:00
Mariano Cano
829530ae90
Fix linter errors
2022-09-15 18:24:43 -07:00
Mariano Cano
6b73a020e3
Add unit tests for apple and step attestations
2022-09-15 18:19:52 -07:00
Brandon Weeks
aacd6f4cc6
Add device-attest-01 challenge type
2022-06-23 05:19:36 +10:00
Mariano Cano
2ab7dc6f9d
Fix acme tests.
2022-05-02 18:09:26 -07:00
Herman Slatman
479c6d2bf5
Fix ACME IPv6 HTTP-01 challenges
...
Fixes #890
2022-04-07 12:37:34 +02:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
2021-11-13 01:30:03 +01:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
Mariano Cano
ae58a0ee4e
Make tests compatible with Go 1.17.
...
With Go 1.17 tls.Dial will fail if the client and server configured
protocols do not overlap. See https://golang.org/doc/go1.17#ALPN
2021-08-17 16:31:53 -07:00
Herman Slatman
64c15fde7e
Add tests for canonicalize function
2021-06-25 14:07:40 +02:00
Herman Slatman
c514a187b2
Fix Fail() -_-b
2021-06-18 17:37:56 +02:00
Herman Slatman
135e912ac8
Improve coverage for TLS-ALPN-01 challenge
2021-06-18 17:27:35 +02:00
Herman Slatman
af4803b8b8
Fix tests
2021-06-04 11:14:59 +02:00
max furman
440678cb62
Add markInvalid arg to storeError for invalidating challenge
2021-03-29 22:58:26 -07:00
max furman
b6ebc0fd25
more unit tests
2021-03-25 12:05:46 -07:00
max furman
a58466589f
add tls-alpn-01 validate unit tests
2021-03-25 12:05:46 -07:00
max furman
a8e4bbf715
start Validate unit tests
2021-03-25 12:05:46 -07:00
max furman
1fb0f1d7d9
add storeError unit tests
2021-03-25 12:05:46 -07:00
max furman
8b4a5a6d8b
add unit tests for dns01 validate
2021-03-25 12:05:46 -07:00
max furman
3612a0b990
gethttp01 validate unit tests working
2021-03-25 12:05:46 -07:00
max furman
bb8d54e596
[acme db interface] unit tests compiling
2021-03-25 12:05:46 -07:00
max furman
20f8d950c4
Fix broken ValidateChallenge test
2020-12-18 11:18:42 -05:00
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
max furman
e1409349f3
Allow relative URL for all links in ACME api ...
...
* Pass the request context all the way down the ACME stack.
* Save baseURL in context and use when generating ACME urls.
2020-05-14 17:32:54 -07:00
Ivan Bertona
cb46a8b741
Small test fixes.
2020-02-11 09:57:28 -05:00
Ivan Bertona
200cfd2433
Add test for missing TLS certificates in response.
2020-02-10 14:50:13 -05:00
Ivan Bertona
157686e338
Tiny finishes.
2020-02-07 19:57:29 -05:00
Ivan Bertona
6843408d42
Reject obsolete id-pe-acmeIdentifier.
2020-02-07 19:26:18 -05:00
Ivan Bertona
6b5a2b17b5
Add challenge unmarshal test cases.
2020-02-07 15:25:27 -05:00
Ivan Bertona
b8208ec401
Add test case for failed came-tls/1 protocol negotiation.
2020-02-07 15:14:08 -05:00
Ivan Bertona
4b473732d9
Add support for TLS-ALPN-01 challenge.
2020-02-07 14:37:13 -05:00
Oleksandr Kovalchuk
ec8ff0bced
Add testcase which ensures we pass correct domain to lookupTxt
...
Make sure we do not pass domains with asterisk (wildcard) in the middle,
like _acme-challenge.*.example.com to lookupTxt function, but preprocess
domain and remove leading wildcard so we lookup for
_acme-challenge.example.com.
2019-12-20 22:54:41 +02:00
max furman
e3826dd1c3
Add ACME CA capabilities
2019-09-13 15:48:33 -07:00