alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
2959 commits 34 branches 199 tags 41 MiB
Commit graph

2959 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mariano Cano
54d92095ac Validate proof of possession signature 
On the step format, validate proof of possession of the private
key validating the signature in the attestation statement.
 2022-09-01 10:45:31 -07:00
Mariano Cano
45af68b244 Upgrade go.step.sm/crypto 2022-08-31 11:36:07 -07:00
Mariano Cano
59b7603d1e Use a clientAuth only cert for device-attest-01 2022-08-30 16:09:44 -07:00
Mariano Cano
6db631df51 Upgrade go.step.sm/crypto@attest 2022-08-30 15:49:10 -07:00
Mariano Cano
ca412e77cc Return error on attestation validation 
The method storeError returns a nil error
 2022-08-29 20:03:34 -07:00
Mariano Cano
ab5f916bd3 Define ErrorBadAttestationStatement 2022-08-29 20:02:43 -07:00
Mariano Cano
735c9d49b0 Add support for yubikey attestation 2022-08-29 19:37:30 -07:00
Mariano Cano
ebce40e9b6 Add new method ACMEClient.ValidateWithPayload 
This new method will be used to validate to validate the device
attestation payload.
 2022-08-29 19:35:52 -07:00
Mariano Cano
f1c63bc38d Fix challenge mapping 2022-08-24 19:30:28 -07:00
Mariano Cano
2a44972830 Run go mod tidy 2022-08-24 19:23:31 -07:00
Mariano Cano
df96b126dc Add AuthorizeChallenge unit tests 2022-08-24 12:31:09 -07:00
Mariano Cano
bca311b05e Add acme property to enable challenges 
Fixes #1027
 2022-08-23 17:11:40 -07:00
Mariano Cano
ae8d4d8757 Fix unit test 2022-08-23 17:01:15 -07:00
Mariano Cano
693dc39481 Merge branch 'master' into device-attestation 2022-08-22 17:59:17 -07:00
Mariano Cano
b1e9d5ee86 Revert "Run on plaintext HTTP to support Cloud Run" 
This reverts commit 09b9673a60.
 2022-08-22 17:50:14 -07:00
Mariano Cano
dd6f59b538
Merge pull request #1024 from smallstep/gosec 
Address gosec warnings
 2022-08-22 14:19:50 -07:00
Mariano Cano
23b8f45b37 Address gosec warnings 
Most if not all false positives
 2022-08-18 17:46:20 -07:00
Mariano Cano
713dfad884
Merge pull request #1019 from smallstep/head-middleware 
Add a middleware to automatically route HEAD requests to GET
 2022-08-16 16:21:19 -07:00
Max
8f88740a5a
Merge pull request #1014 from smallstep/max/dns-id 
Check for DNS name validity
 2022-08-16 16:20:12 -07:00
Mariano Cano
6cab4d328e Add a middleware to automatically route HEAD requests to GET 
Fixes #992
 2022-08-16 16:10:29 -07:00
max furman
c040e4b459 Add unit tests 2022-08-16 15:48:23 -07:00
Mariano Cano
85fc837dc3
Merge pull request #1018 from smallstep/ra-config 
Ra config
 2022-08-16 15:24:01 -07:00
Mariano Cano
3c88a9ccc2 Fixed changelog 2022-08-16 15:11:49 -07:00
Mariano Cano
8e08f0dea3 Add entries to changelog 2022-08-16 14:48:03 -07:00
Mariano Cano
0c7467ceb2 Allow to automatically configure and linked RA 2022-08-16 14:39:02 -07:00
Mariano Cano
5e0be92273 Allow option to skip the validation of config 2022-08-16 14:04:04 -07:00
max furman
b7c2f6c482 Check for DNS name validity 2022-08-16 00:12:31 -07:00
Mariano Cano
ae76d943c9
Merge pull request #1009 from smallstep/code-ql 
Code QL
 2022-08-11 18:53:30 -07:00
Mariano Cano
2db15e4eb5 Remove unnecessary log entries 
These log entries add CodeQL warnings and are not necessary because
our default http.ResponseWriter allows adding log entries.
 2022-08-11 18:14:36 -07:00
Mariano Cano
759aa26a57 Fix linter warning 2022-08-11 17:47:58 -07:00
Mariano Cano
90d2785776 Sanitize log entries in logging package 2022-08-11 17:44:31 -07:00
Mariano Cano
b62f4d1000 Add lgtm comments on some security warnings 2022-08-11 17:32:57 -07:00
Mariano Cano
a5439c43cd Remove ciphersuites without Lucky13 countermeasures 
SHA-256 variants of the CBC ciphersuites don't implement any Lucky13
countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and
https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
 2022-08-11 17:11:04 -07:00
Mariano Cano
d6baad443b
Merge pull request #1008 from smallstep/endpoint-id 
Endpoint ID
 2022-08-11 15:18:47 -07:00
Mariano Cano
8bd0174251 Rename field to IsCAServerCert 2022-08-11 15:14:26 -07:00
Mariano Cano
5df1694250 Add endpoint id for the RA certificate 
In a linked RA mode, send an endpoint id to group the server
certificates.
 2022-08-11 14:47:11 -07:00
Max
20784c7a00
Merge pull request #1006 from smallstep/max/revoke-serial-validation 
Validate revocation serial number
 2022-08-11 09:45:26 -07:00
max furman
1dd0d7d0ee Update bad serial error to be more specific 2022-08-11 09:34:04 -07:00
max furman
73ba411e1d [action] parameterize golangci-lint version 2022-08-10 21:45:10 -07:00
Mariano Cano
eb091aec54 Simplify field names for ProvisionerInfo 2022-08-10 17:44:14 -07:00
Mariano Cano
2f7cb9225f Use go.step.sm/crypto to set the permanent identifier 2022-08-10 17:38:18 -07:00
Mariano Cano
a65adc032b
Merge pull request #1005 from smallstep/crypto-kms 
Use go.step.sm/crypto/kms
 2022-08-10 09:57:26 -07:00
Mariano Cano
21427d5d65 Replace instead of prepend provisioner extension 
With non standard SANs this will generate the SAN and provisioner
extension in the same order.
 2022-08-09 16:48:00 -07:00
Mariano Cano
2ab1e6658e Fix nonce validation 
The attestation certificate contains the nonce as raw bytes in the
extension 1.2.840.113635.100.8.11.1
 2022-08-09 15:06:52 -07:00
max furman
7052a32c2c Validate revocation serial number 2022-08-09 11:04:00 -07:00
Mariano Cano
4985ab1d62 Remove kms package 2022-08-08 18:01:10 -07:00
Mariano Cano
369b8f81c3 Use go.step.sm/crypto/kms 
Fixes #975
 2022-08-08 17:58:18 -07:00
Mariano Cano
e02a190fa7 Merge branch 'master' into device-attestation 2022-08-08 17:29:59 -07:00
Max
3e2729e391
Merge pull request #989 from smallstep/max/disable-ssh-hosts 
Add attribute to disable SSH Hosts list API
 2022-08-08 14:15:35 -07:00
Mariano Cano
9f67a808cd
Merge pull request #1004 from smallstep/go-1.19 
Change actions to build using Go 1.19
 2022-08-08 12:35:49 -07:00