certificates

Author	SHA1	Message	Date
Herman Slatman	c0eb420806	Remove special case for empty slices	2022-01-20 11:03:49 +01:00
Herman Slatman	ef16febf40	Refactor ACME EAB queries The ACME EAB keys are now also indexed by the provisioner. This solves part of the issue in which too many EAB keys may be in memory at a given time.	2022-01-07 16:59:55 +01:00
Herman Slatman	30859d3c83	Remove server-side paging logic for ExternalAccountKeys	2022-01-06 14:09:35 +01:00
Herman Slatman	11a7f01177	Simplify lookup cursor logic for ExternalAccountKeys	2021-12-22 15:42:49 +01:00
Herman Slatman	22ff90f655	Merge branch 'master' into hs/acme-eab	2021-12-22 12:54:41 +01:00
Herman Slatman	a5f2f004e3	Change name of IP Common Name test for clarity	2021-12-20 18:55:23 +01:00
Herman Slatman	f9ae875f9d	Use short if-style statements	2021-12-20 14:30:01 +01:00
Herman Slatman	80bebda69c	Fix code style issue	2021-12-20 13:40:17 +01:00
Herman Slatman	bc0875bd7b	Disallow email address and URLs in the CSR Before this commit `step` would allow email addresses and URLs in the CSR. This doesn't fit nicely with the rest of ACME, in which identifiers need to be authorized before a certificate is issued.	2021-12-13 16:14:39 +01:00
Herman Slatman	13a31fd862	Merge branch 'master' into herman/ip-sans-improvements	2021-12-13 16:04:53 +01:00
Herman Slatman	ca707cbe05	Fix linting	2021-12-13 16:01:40 +01:00
Herman Slatman	a5d33512fe	Fix test	2021-12-13 15:59:01 +01:00
Herman Slatman	a2c9b5cd7e	Allow IP identifiers in subject, including authorization enforcement To support IPs in the subject using `step-cli`, this PR ensures that Subject Common Names that can be parsed as an IP are also checked to have been authorized before. The PR for `step-cli` is here: github.com/smallstep/cli/pull/576.	2021-12-13 15:34:56 +01:00
Herman Slatman	d799359917	Merge branch 'master' into hs/acme-eab	2021-12-09 13:58:40 +01:00
Herman Slatman	63371a8fb6	Add additional tests for ACME EAB Admin	2021-12-09 13:46:47 +01:00
Herman Slatman	0524122191	Remove authorization flow for different Account private keys As discussed in https://github.com/smallstep/certificates/issues/767, we opted for not including this authorization flow to prevent users from getting OOMs. We can add the functionality back when the underlying data store can provide access to a long list of Authorizations more efficiently, for example when a callback is implemented.	2021-12-08 16:28:14 +01:00
Herman Slatman	2215a05c28	Add tests for ACME EAB Admin Refactored some of the existing bits for testing the Authority API by creation of a new LinkedAuthority interface and changing visibility of the MockAuthority to be usable by other packages. At this time, not all of the functions of MockAuthority it usable yet. Will refactor when needed or requested.	2021-12-08 15:19:38 +01:00
Herman Slatman	9885d42711	Fix linting issues	2021-12-07 16:28:06 +01:00
Herman Slatman	6e11657204	Refactor creation of (raw) EAB JWS contents	2021-12-07 14:57:39 +01:00
Herman Slatman	23898e9b76	Improve EAB JWS validation and increase test coverage	2021-12-07 12:17:41 +01:00
Herman Slatman	d0c23973cc	Merge branch 'master' into hs/acme-eab	2021-12-06 13:01:23 +01:00
Herman Slatman	004fc054d5	Fix PR comments	2021-12-03 15:06:28 +01:00
Herman Slatman	06bb97c91e	Add logic for Account authorizations and improve tests	2021-12-02 16:25:35 +01:00
Herman Slatman	bae1d256ee	Improve tests for JWK vs. KID revoke auth flow The logic for both test cases is fairly similar, but with some small differences. Made those clearer by means of some comments. Also added some comments to the middleware logic that decided whether to extract JWK or lookup by KID.	2021-12-02 10:59:56 +01:00
Herman Slatman	a7fbbc4748	Add tests for GetCertificateBySerial	2021-11-28 21:20:57 +01:00
Herman Slatman	4d01cf8135	Increase test code coverage	2021-11-28 20:30:36 +01:00
Herman Slatman	2d357da99b	Add tests for ACME revocation	2021-11-26 17:27:42 +01:00
Herman Slatman	ed295ca15d	Fix linting issue	2021-11-25 00:44:21 +01:00
Herman Slatman	2d50c96d99	Merge branch 'master' into hs/acme-revocation	2021-11-19 17:00:18 +01:00
Herman Slatman	e7a988b2cd	Pin golangci-lint to v1.43.0 and fix issues	2021-11-13 01:30:03 +01:00
Herman Slatman	29f9730485	Satisfy golangci-lint	2021-11-12 17:13:10 +01:00
Herman Slatman	c7a9c13060	Add tests for extractOrLookupJWK middleware	2021-11-12 16:37:44 +01:00
Herman Slatman	3151255a25	Merge branch 'master' into hs/acme-revocation	2021-10-30 15:41:29 +02:00
Herman Slatman	4d726d6b4c	Add pagination to ACME EAB credentials endpoint	2021-10-17 22:42:36 +02:00
Herman Slatman	d354d55e7f	Improve handling duplicate ACME EAB references	2021-10-16 14:44:56 +02:00
Herman Slatman	dd4b4b0435	Fix remaining gocritic remarks	2021-10-11 23:34:23 +02:00
Herman Slatman	a4660f73fa	Fix some of the gocritic remarks	2021-10-11 23:10:16 +02:00
Herman Slatman	e0b495e4c8	Merge branch 'master' into hs/acme-eab	2021-10-09 01:06:49 +02:00
Herman Slatman	c26041f835	Add ACME EAB nosql tests	2021-10-09 01:02:00 +02:00
max furman	933b40a02a	Introduce gocritic linter and address warnings	2021-10-08 14:59:57 -04:00
Herman Slatman	0afea2e957	Improve tests for already bound EAB keys	2021-10-08 13:19:35 +02:00
Herman Slatman	c2bc1351c6	Add provisioner to remove endpoint and clear reference index on delete	2021-09-17 17:48:09 +02:00
Herman Slatman	746c5c9fd9	Disallow creation of EAB keys with non-unique references	2021-09-17 17:25:19 +02:00
Herman Slatman	9c0020352b	Add lookup by reference and make reference optional	2021-09-17 17:08:02 +02:00
Herman Slatman	02cd3b6b3b	Fix PR comments	2021-09-16 23:09:24 +02:00
Herman Slatman	f11c0cdc0c	Add endpoint for listing ACME EAB keys	2021-08-27 16:58:04 +02:00
Herman Slatman	a1afbce50c	Check EAB key exists before deleting it	2021-08-27 14:47:10 +02:00
Herman Slatman	9d09f5e575	Add support for deleting ACME EAB keys	2021-08-27 14:10:00 +02:00
Herman Slatman	a98fe03e80	Merge branch 'master' into hs/acme-eab	2021-08-27 12:50:19 +02:00
Herman Slatman	1dba8698e3	Use LinkedCA.EABKey type in ACME EAB API	2021-08-27 12:39:37 +02:00

1 2 3 4

197 commits