Herman Slatman
a2c9b5cd7e
Allow IP identifiers in subject, including authorization enforcement
...
To support IPs in the subject using `step-cli`, this PR ensures that
Subject Common Names that can be parsed as an IP are also checked
to have been authorized before.
The PR for `step-cli` is here: github.com/smallstep/cli/pull/576.
2021-12-13 15:34:56 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
2021-11-13 01:30:03 +01:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
Mariano Cano
470b546d59
Merge pull request #557 from joejulian/http01-isv
...
use InsecureSkipVerify for validation
2021-08-26 18:06:57 -07:00
max furman
a3028bbc0e
Add test for updateAddOrderIDs
2021-08-18 23:44:57 -07:00
Mariano Cano
dc5205cc72
Extract the tls error code and fail accordingly.
2021-08-17 17:06:25 -07:00
Mariano Cano
ae58a0ee4e
Make tests compatible with Go 1.17.
...
With Go 1.17 tls.Dial will fail if the client and server configured
protocols do not overlap. See https://golang.org/doc/go1.17#ALPN
2021-08-17 16:31:53 -07:00
max furman
857a50434c
Merge branch 'master' into max/cert-mgr-crud
2021-07-08 16:25:52 -07:00
max furman
9fdef64709
Admin level API for provisioner mgmt v1
2021-07-02 19:05:17 -07:00
Herman Slatman
8e4a4ecc1f
Refactor tests for sans
2021-06-26 00:48:40 +02:00
Herman Slatman
87b72afa25
Fix IP equality check and add more tests
2021-06-26 00:13:44 +02:00
Herman Slatman
a6d33b7d06
Add tests for sans()
2021-06-25 17:21:22 +02:00
Herman Slatman
64c15fde7e
Add tests for canonicalize function
2021-06-25 14:07:40 +02:00
Herman Slatman
c514a187b2
Fix Fail() -_-b
2021-06-18 17:37:56 +02:00
Herman Slatman
135e912ac8
Improve coverage for TLS-ALPN-01 challenge
2021-06-18 17:27:35 +02:00
Herman Slatman
218a2adb9f
Add tests for IP Order validations
2021-06-18 16:09:48 +02:00
Herman Slatman
523ae96749
Change identifier and challenge types to consts
2021-06-18 12:39:36 +02:00
Herman Slatman
84ea8bd67a
Fix PR comments
2021-06-18 12:03:46 +02:00
Herman Slatman
af4803b8b8
Fix tests
2021-06-04 11:14:59 +02:00
Herman Slatman
0c79914d0d
Improve check for single IP in TLS-ALPN-01 challenge
2021-06-04 00:18:26 +02:00
Herman Slatman
a6405e98a9
Remove fmt.
2021-06-04 00:06:15 +02:00
Herman Slatman
2f40011da8
Add support for TLS-ALPN-01 challenge
2021-06-04 00:01:43 +02:00
Herman Slatman
76dcf542d4
Fix mixed DNS and IP SANs in Order
2021-06-03 22:45:24 +02:00
Herman Slatman
af615db6b5
Support DNS and IPs as SANs in single Order
2021-06-03 22:03:21 +02:00
Herman Slatman
a0e92f8e99
Verify IP identifier contains valid IP
2021-06-03 22:02:13 +02:00
Herman Slatman
6486e6016b
Make logic for which challenge types to use clearer
2021-05-29 00:37:22 +02:00
Herman Slatman
3e36522329
Add preliminary support for TLS-ALPN-01 challenge for IP identifiers
2021-05-29 00:19:14 +02:00
Herman Slatman
6d9710c88d
Add initial support for ACME IP validation
2021-05-28 16:40:46 +02:00
max furman
7b5d6968a5
first commit
2021-05-19 15:20:16 -07:00
Joe Julian
0369151bfa
use InsecureSkipVerify for validation
...
The server will not yet have a valid certificate so we need to disable
certificate validation in the HTTPGetter.
2021-04-27 08:18:35 -07:00
Mariano Cano
2e1524ec2f
Remove the creation on nonce on get acme directory.
...
According to RFC 8555, the replay nonces are only required in POST
requests. And of course in the new-nonce request.
2021-04-15 17:54:22 -07:00
max furman
93c3c2bf2e
Error handle non existent provisioner downstream and disable debug route logging
2021-04-14 15:35:43 -07:00
max furman
497ec0c79b
Fix linter issues
2021-04-14 15:14:27 -07:00
max furman
b1888fd34d
Use different method for unescpaed paths for the router
2021-04-14 15:11:15 -07:00
max furman
6cfb9b790c
Remove check of deprecated value
...
- NegotiatedProtocolIsMutual is always true: Deprecated according to
golang docs
2021-04-13 14:53:05 -07:00
max furman
63ec2e35b0
Change Clock to empty struct in nosql/nosql | truncate > round
...
- saves space
-
2021-04-13 14:42:37 -07:00
max furman
672e3f976e
Few ACME fixes ...
...
- always URL escape linker output
- validateJWS should accept RSAPSS
- GetUpdateAccount -> GetOrUpdateAccount
2021-04-12 19:06:07 -07:00
max furman
2e0e62bc4c
add WriteError method for acme api
2021-03-29 23:16:39 -07:00
max furman
9aef84b9af
remove unused nonce.clone method
2021-03-29 23:02:41 -07:00
max furman
440678cb62
Add markInvalid arg to storeError for invalidating challenge
2021-03-29 22:58:26 -07:00
max furman
6b8585c702
PR review fixes / updates
2021-03-29 12:04:14 -07:00
max furman
bdace1e53f
Add failure scenarios to db.CreateOrder unit tests
2021-03-25 19:40:18 -07:00
max furman
fd447c5b54
Fix small nbf->naf bug in db.CreateOrder
...
- still needs unit test
2021-03-25 16:45:26 -07:00
max furman
a785131d09
Fix lint issues
2021-03-25 15:15:32 -07:00
max furman
80c8567d99
change errnotfound type for getAccount
...
- more generalized NotFound type rather than the nosql
one we were using
- if the error is not recognized then the logic in create account will
break.
2021-03-25 14:54:12 -07:00
max furman
1831920363
Finish order unit tests and remove unused mocklinker
2021-03-25 13:46:51 -07:00
max furman
b6ebc0fd25
more unit tests
2021-03-25 12:05:46 -07:00
max furman
df05340521
fixing broken unit tests
2021-03-25 12:05:46 -07:00
max furman
bdf4c0f836
add acme order unit tests
2021-03-25 12:05:46 -07:00
max furman
c0a9f24798
add authorization and order unit tests
2021-03-25 12:05:46 -07:00