Commit graph

126 commits

Author SHA1 Message Date
Mariano Cano
e7f4eaf6c4 Remove explicit deprecation notice
This will avoid linter errors on other projects for now.
2022-05-23 14:04:31 -07:00
Mariano Cano
d461918eb0 Merge branch 'master' into context-authority 2022-05-06 13:21:41 -07:00
Mariano Cano
2ea0c70344 Move acme context middleware to deprecated handler 2022-05-05 12:25:07 -07:00
Mariano Cano
9147356d8a Fix linter errors 2022-05-02 18:47:47 -07:00
Mariano Cano
ba499eeb2a Fix acme/api tests. 2022-05-02 17:40:10 -07:00
Mariano Cano
6f9d847bc6 Fix panic in acme/api tests. 2022-05-02 17:35:35 -07:00
Mariano Cano
d1f75f1720 Refactor ACME api. 2022-04-28 19:15:18 -07:00
Mariano Cano
fddd6f7d95 Move linker to the acme package. 2022-04-28 15:15:50 -07:00
Mariano Cano
55b0f72821 Add context methods for the acme linker. 2022-04-28 15:14:15 -07:00
Mariano Cano
bb8d85a201 Fix unit tests - work in progress 2022-04-27 19:08:16 -07:00
Mariano Cano
42435ace64 Use scep authority from context
This commit also converts all the methods from the handler to
functions.
2022-04-27 18:06:53 -07:00
Mariano Cano
d13537d426 Use context in the acme handlers. 2022-04-27 15:42:26 -07:00
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container 2022-04-26 13:12:16 +02:00
Herman Slatman
2a7620641f
Fix more PR comments 2022-04-26 10:15:17 +02:00
Herman Slatman
fb81407d6f
Fix ACME policy comments 2022-04-21 13:21:06 +02:00
Herman Slatman
a9f033ece5
Fix JSON property name for ACME policy 2022-04-15 10:58:40 +02:00
Herman Slatman
256fe113f7
Improve tests for ACME account policy 2022-04-11 15:25:55 +02:00
Herman Slatman
7df52dbb76
Add ACME EAB policy 2022-04-07 14:11:53 +02:00
Herman Slatman
2fbdf7d5b0
Merge branch 'master' into herman/allow-deny 2022-03-30 14:50:14 +02:00
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages (#860)
* api/render: initial implementation of the package

* acme/api: refactored to support api/render

* authority/admin: refactored to support api/render

* ca: refactored to support api/render

* api: refactored to support api/render

* api/render: implemented Error

* api: refactored to support api/render.Error

* acme/api: refactored to support api/render.Error

* authority/admin: refactored to support api/render.Error

* ca: refactored to support api/render.Error

* ca: fixed broken tests

* api/render, api/log: moved error logging to this package

* acme: refactored Error so that it implements render.RenderableError

* authority/admin: refactored Error so that it implements render.RenderableError

* api/render: implemented RenderableError

* api/render: added test coverage for Error

* api/render: implemented statusCodeFromError

* api: refactored RootsPEM to work with render.Error

* acme, authority/admin: fixed pointer receiver name for consistency

* api/render, errs: moved StatusCoder & StackTracer to the render package
2022-03-30 11:22:22 +03:00
Herman Slatman
b49307f326
Fix ACME order tests with mock ACME CA 2022-03-24 18:34:04 +01:00
Herman Slatman
9e0edc7b50
Add early authority policy evaluation to ACME order API 2022-03-24 14:55:40 +01:00
Herman Slatman
101ca6a2d3
Check admin subjects before changing policy 2022-03-21 15:53:59 +01:00
Herman Slatman
3ec9a7310c
Fix ACME order identifier allow/deny check 2022-03-08 14:17:59 +01:00
Herman Slatman
af53a17bb4
Merge branch 'master' into herman/allow-deny 2022-03-07 14:13:13 +01:00
Herman Slatman
b6f6bd879c
Fix PR comment and add tests for ACME prerequisites checker 2022-03-03 13:00:20 +01:00
Herman Slatman
e47dd0a666
Add ACME configuration prerequisites check 2022-02-28 16:08:00 +01:00
Herman Slatman
c3c6f3da72
Merge branch 'master' into herman/allow-deny 2022-02-22 17:36:56 +01:00
Herman Slatman
bfa2245abb
Merge branch 'master' into herman/normalize-ipv6-dns-names 2022-02-03 17:24:08 +01:00
Herman Slatman
1fe7362bee
Normalize IPv6 addresses in ACME linker 2022-02-03 13:55:15 +01:00
Herman Slatman
c1424036bf
Merge branch 'master' into herman/allow-deny 2022-01-31 14:24:34 +01:00
Herman Slatman
fd9845e9c7
Add cursor and limit to ACME EAB DB interface 2022-01-24 14:03:56 +01:00
Herman Slatman
6440870a80
Clean up, improve test cases and coverage 2022-01-18 14:39:21 +01:00
Herman Slatman
ef16febf40
Refactor ACME EAB queries
The ACME EAB keys are now also indexed by the provisioner. This
solves part of the issue in which too many EAB keys may be in
memory at a given time.
2022-01-07 16:59:55 +01:00
Herman Slatman
9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine 2022-01-03 12:25:24 +01:00
Herman Slatman
f9ae875f9d
Use short if-style statements 2021-12-20 14:30:01 +01:00
Herman Slatman
d799359917
Merge branch 'master' into hs/acme-eab 2021-12-09 13:58:40 +01:00
Herman Slatman
0524122191
Remove authorization flow for different Account private keys
As discussed in https://github.com/smallstep/certificates/issues/767,
we opted for not including this authorization flow to prevent users
from getting OOMs. We can add the functionality back when the
underlying data store can provide access to a long list of
Authorizations more efficiently, for example when a callback is
implemented.
2021-12-08 16:28:14 +01:00
Herman Slatman
2215a05c28
Add tests for ACME EAB Admin
Refactored some of the existing bits for testing the Authority
API by creation of a new LinkedAuthority interface and changing
visibility of the MockAuthority to be usable by other packages.

At this time, not all of the functions of MockAuthority it usable
yet. Will refactor when needed or requested.
2021-12-08 15:19:38 +01:00
Herman Slatman
9885d42711
Fix linting issues 2021-12-07 16:28:06 +01:00
Herman Slatman
6e11657204
Refactor creation of (raw) EAB JWS contents 2021-12-07 14:57:39 +01:00
Herman Slatman
23898e9b76
Improve EAB JWS validation and increase test coverage 2021-12-07 12:17:41 +01:00
Herman Slatman
d0c23973cc
Merge branch 'master' into hs/acme-eab 2021-12-06 13:01:23 +01:00
Herman Slatman
004fc054d5
Fix PR comments 2021-12-03 15:06:28 +01:00
Herman Slatman
06bb97c91e
Add logic for Account authorizations and improve tests 2021-12-02 16:25:35 +01:00
Herman Slatman
bae1d256ee
Improve tests for JWK vs. KID revoke auth flow
The logic for both test cases is fairly similar, but with some
small differences. Made those clearer by means of some comments.
Also added some comments to the middleware logic that decided
whether to extract JWK or lookup by KID.
2021-12-02 10:59:56 +01:00
Herman Slatman
a7fbbc4748
Add tests for GetCertificateBySerial 2021-11-28 21:20:57 +01:00
Herman Slatman
4d01cf8135
Increase test code coverage 2021-11-28 20:30:36 +01:00
Herman Slatman
2d357da99b
Add tests for ACME revocation 2021-11-26 17:27:42 +01:00
Herman Slatman
ed295ca15d
Fix linting issue 2021-11-25 00:44:21 +01:00