Mariano Cano
|
5df9434286
|
Fix old comment, device-attest-01 uses the acme payload
|
2022-09-08 10:59:51 -07:00 |
|
Mariano Cano
|
c5d3714a63
|
Fix acme error map
|
2022-09-08 10:48:17 -07:00 |
|
Mariano Cano
|
08815c5e90
|
Reneame attestation statement error
|
2022-09-08 10:46:58 -07:00 |
|
Mariano Cano
|
3cd72ac72a
|
Remove debug statements
|
2022-09-08 10:44:48 -07:00 |
|
Mariano Cano
|
e75e7e7cd6
|
Fix linter warnings
|
2022-09-01 16:18:13 -07:00 |
|
Mariano Cano
|
54d92095ac
|
Validate proof of possession signature
On the step format, validate proof of possession of the private
key validating the signature in the attestation statement.
|
2022-09-01 10:45:31 -07:00 |
|
Mariano Cano
|
59b7603d1e
|
Use a clientAuth only cert for device-attest-01
|
2022-08-30 16:09:44 -07:00 |
|
Mariano Cano
|
ca412e77cc
|
Return error on attestation validation
The method storeError returns a nil error
|
2022-08-29 20:03:34 -07:00 |
|
Mariano Cano
|
ab5f916bd3
|
Define ErrorBadAttestationStatement
|
2022-08-29 20:02:43 -07:00 |
|
Mariano Cano
|
735c9d49b0
|
Add support for yubikey attestation
|
2022-08-29 19:37:30 -07:00 |
|
Mariano Cano
|
df96b126dc
|
Add AuthorizeChallenge unit tests
|
2022-08-24 12:31:09 -07:00 |
|
Mariano Cano
|
bca311b05e
|
Add acme property to enable challenges
Fixes #1027
|
2022-08-23 17:11:40 -07:00 |
|
Mariano Cano
|
ae8d4d8757
|
Fix unit test
|
2022-08-23 17:01:15 -07:00 |
|
Mariano Cano
|
693dc39481
|
Merge branch 'master' into device-attestation
|
2022-08-22 17:59:17 -07:00 |
|
Mariano Cano
|
23b8f45b37
|
Address gosec warnings
Most if not all false positives
|
2022-08-18 17:46:20 -07:00 |
|
max furman
|
c040e4b459
|
Add unit tests
|
2022-08-16 15:48:23 -07:00 |
|
max furman
|
b7c2f6c482
|
Check for DNS name validity
|
2022-08-16 00:12:31 -07:00 |
|
Mariano Cano
|
b62f4d1000
|
Add lgtm comments on some security warnings
|
2022-08-11 17:32:57 -07:00 |
|
Mariano Cano
|
2f7cb9225f
|
Use go.step.sm/crypto to set the permanent identifier
|
2022-08-10 17:38:18 -07:00 |
|
Mariano Cano
|
2ab1e6658e
|
Fix nonce validation
The attestation certificate contains the nonce as raw bytes in the
extension 1.2.840.113635.100.8.11.1
|
2022-08-09 15:06:52 -07:00 |
|
Mariano Cano
|
66356cff43
|
Add attestation certificate validation for Apple devices
|
2022-07-14 17:10:03 -07:00 |
|
Brandon Weeks
|
274f6ccb41
|
iOS 16 beta 2 support
|
2022-06-23 05:43:24 +10:00 |
|
Brandon Weeks
|
7e1b0bebd9
|
iOS 16 beta 1 support
|
2022-06-23 05:19:36 +10:00 |
|
Brandon Weeks
|
77c6d10fd6
|
Verify key authorization is contained within the TPM quote extraData field
|
2022-06-23 05:19:36 +10:00 |
|
Brandon Weeks
|
e1ec31c0ed
|
Implement TPM attestation statement verification
|
2022-06-23 05:19:36 +10:00 |
|
Brandon Weeks
|
2ac8b69da2
|
Add ACME permanent-identifier identifier type
|
2022-06-23 05:19:36 +10:00 |
|
Brandon Weeks
|
aacd6f4cc6
|
Add device-attest-01 challenge type
|
2022-06-23 05:19:36 +10:00 |
|
Brandon Weeks
|
860baeb1c5
|
Verbose debug logging
|
2022-06-23 05:19:36 +10:00 |
|
Shulhan
|
fe04f93d7f
|
all: reformat all go files with the next gofmt (Go 1.19)
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
|
2022-06-16 01:28:59 +07:00 |
|
Herman Slatman
|
abfbbc8d49
|
Merge pull request #946 from smallstep/herman/acme-csr-padding
Strip base64-url padding from ACME CSR
|
2022-05-25 23:25:34 +02:00 |
|
Herman Slatman
|
fd546287ac
|
Strip base64-url padding from ACME CSR
This commit strips the padding from a base64-url encoded CSR
submitted by a client that doesn't use raw base64-url encoding.
|
2022-05-25 22:46:26 +02:00 |
|
Mariano Cano
|
e7f4eaf6c4
|
Remove explicit deprecation notice
This will avoid linter errors on other projects for now.
|
2022-05-23 14:04:31 -07:00 |
|
Mariano Cano
|
d461918eb0
|
Merge branch 'master' into context-authority
|
2022-05-06 13:21:41 -07:00 |
|
Mariano Cano
|
2ea0c70344
|
Move acme context middleware to deprecated handler
|
2022-05-05 12:25:07 -07:00 |
|
Mariano Cano
|
9147356d8a
|
Fix linter errors
|
2022-05-02 18:47:47 -07:00 |
|
Mariano Cano
|
2ab7dc6f9d
|
Fix acme tests.
|
2022-05-02 18:09:26 -07:00 |
|
Mariano Cano
|
ba499eeb2a
|
Fix acme/api tests.
|
2022-05-02 17:40:10 -07:00 |
|
Mariano Cano
|
6f9d847bc6
|
Fix panic in acme/api tests.
|
2022-05-02 17:35:35 -07:00 |
|
Herman Slatman
|
d82e51b748
|
Update AllowWildcardNames configuration name
|
2022-04-29 15:08:19 +02:00 |
|
Mariano Cano
|
d1f75f1720
|
Refactor ACME api.
|
2022-04-28 19:15:18 -07:00 |
|
Mariano Cano
|
fddd6f7d95
|
Move linker to the acme package.
|
2022-04-28 15:15:50 -07:00 |
|
Mariano Cano
|
55b0f72821
|
Add context methods for the acme linker.
|
2022-04-28 15:14:15 -07:00 |
|
Mariano Cano
|
bb8d85a201
|
Fix unit tests - work in progress
|
2022-04-27 19:08:16 -07:00 |
|
Mariano Cano
|
42435ace64
|
Use scep authority from context
This commit also converts all the methods from the handler to
functions.
|
2022-04-27 18:06:53 -07:00 |
|
Mariano Cano
|
d13537d426
|
Use context in the acme handlers.
|
2022-04-27 15:42:26 -07:00 |
|
Mariano Cano
|
bd412c9f42
|
Add context methods for the acme database
|
2022-04-27 12:11:00 -07:00 |
|
Herman Slatman
|
6e1f8dd7ab
|
Refactor policy engines into container
|
2022-04-26 13:12:16 +02:00 |
|
Herman Slatman
|
2a7620641f
|
Fix more PR comments
|
2022-04-26 10:15:17 +02:00 |
|
Herman Slatman
|
fb81407d6f
|
Fix ACME policy comments
|
2022-04-21 13:21:06 +02:00 |
|
Herman Slatman
|
7f9034d22a
|
Add additional policy options
|
2022-04-19 10:24:52 +02:00 |
|