Commit graph

24 commits

Author SHA1 Message Date
Herman Slatman
6e11657204
Refactor creation of (raw) EAB JWS contents 2021-12-07 14:57:39 +01:00
Herman Slatman
23898e9b76
Improve EAB JWS validation and increase test coverage 2021-12-07 12:17:41 +01:00
Herman Slatman
d0c23973cc
Merge branch 'master' into hs/acme-eab 2021-12-06 13:01:23 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
Herman Slatman
dd4b4b0435
Fix remaining gocritic remarks 2021-10-11 23:34:23 +02:00
Herman Slatman
e0b495e4c8
Merge branch 'master' into hs/acme-eab 2021-10-09 01:06:49 +02:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Herman Slatman
0afea2e957
Improve tests for already bound EAB keys 2021-10-08 13:19:35 +02:00
Herman Slatman
02cd3b6b3b
Fix PR comments 2021-09-16 23:09:24 +02:00
Herman Slatman
f31ca4f6a4
Add tests for validateExternalAccountBinding 2021-08-10 12:39:44 +02:00
Herman Slatman
492256f2d7
Add first test cases for EAB and make provisioner unique per EAB
Before this commit, EAB keys could be used CA-wide, meaning that
an EAB credential could be used at any ACME provisioner. This
commit changes that behavior, so that EAB credentials are now
intended to be used with a specific ACME provisioner. I think
that makes sense, because from the perspective of an ACME client
the provisioner is like a distinct CA.

Besides that this commit also includes the first tests for EAB.
The logic for creating the EAB JWS as a client has been taken
from github.com/mholt/acmez. This logic may be moved or otherwise
sourced (i.e. from a vendor) as soon as the step client also
(needs to) support(s) EAB with ACME.
2021-08-09 10:37:32 +02:00
Herman Slatman
d44cd18b96
Add External Accounting Binding key "BoundAt" marking 2021-07-17 19:02:47 +02:00
max furman
672e3f976e Few ACME fixes ...
- always URL escape linker output
- validateJWS should accept RSAPSS
- GetUpdateAccount -> GetOrUpdateAccount
2021-04-12 19:06:07 -07:00
max furman
b6ebc0fd25 more unit tests 2021-03-25 12:05:46 -07:00
max furman
074ab7b221 [acme db interface] add linker tests 2021-03-25 12:05:46 -07:00
max furman
8d2ebcfd49 [acme db interface] more unit tests 2021-03-25 12:05:46 -07:00
max furman
20b9785d20 [acme db interface] continuing unit test work 2021-03-25 12:05:46 -07:00
max furman
f71e27e787 [acme db interface] unit test progress 2021-03-25 12:05:46 -07:00
max furman
f20fcae80e [acme db interface] wip unit test fixing 2021-03-25 12:05:46 -07:00
Mariano Cano
ba918100d0 Use go.step.sm/crypto/jose
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
max furman
e1409349f3 Allow relative URL for all links in ACME api ...
* Pass the request context all the way down the ACME stack.
* Save baseURL in context and use when generating ACME urls.
2020-05-14 17:32:54 -07:00
max furman
4cb777bdc1 ACME accountUpdate ignore fields not recognized by the server. 2020-05-08 11:52:30 -07:00
max furman
c255274572 Should be returning status code 400 for ACME Account Not Found.
Issue #173
2020-02-01 17:35:41 -08:00
max furman
e3826dd1c3 Add ACME CA capabilities 2019-09-13 15:48:33 -07:00