Commit graph

134 commits

Author SHA1 Message Date
Herman Slatman
f31ca4f6a4
Add tests for validateExternalAccountBinding 2021-08-10 12:39:44 +02:00
Herman Slatman
492256f2d7
Add first test cases for EAB and make provisioner unique per EAB
Before this commit, EAB keys could be used CA-wide, meaning that
an EAB credential could be used at any ACME provisioner. This
commit changes that behavior, so that EAB credentials are now
intended to be used with a specific ACME provisioner. I think
that makes sense, because from the perspective of an ACME client
the provisioner is like a distinct CA.

Besides that this commit also includes the first tests for EAB.
The logic for creating the EAB JWS as a client has been taken
from github.com/mholt/acmez. This logic may be moved or otherwise
sourced (i.e. from a vendor) as soon as the step client also
(needs to) support(s) EAB with ACME.
2021-08-09 10:37:32 +02:00
Herman Slatman
c6bfc6eac2
Fix PR comments 2021-07-22 23:48:41 +02:00
Herman Slatman
d669f3cb14
Fix misspelling 2021-07-17 20:39:12 +02:00
Herman Slatman
540d5fbbdc
Fix marshaling -> marshalling 2021-07-17 20:35:44 +02:00
Herman Slatman
2110c7722f
Fix JWK payload key equality check 2021-07-17 20:29:12 +02:00
Herman Slatman
d44cd18b96
Add External Accounting Binding key "BoundAt" marking 2021-07-17 19:02:47 +02:00
Herman Slatman
f81d49d963
Add first working version of External Account Binding 2021-07-17 17:35:44 +02:00
max furman
857a50434c Merge branch 'master' into max/cert-mgr-crud 2021-07-08 16:25:52 -07:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
Herman Slatman
8e4a4ecc1f
Refactor tests for sans 2021-06-26 00:48:40 +02:00
Herman Slatman
87b72afa25
Fix IP equality check and add more tests 2021-06-26 00:13:44 +02:00
Herman Slatman
a6d33b7d06
Add tests for sans() 2021-06-25 17:21:22 +02:00
Herman Slatman
64c15fde7e
Add tests for canonicalize function 2021-06-25 14:07:40 +02:00
Herman Slatman
c514a187b2
Fix Fail() -_-b 2021-06-18 17:37:56 +02:00
Herman Slatman
135e912ac8
Improve coverage for TLS-ALPN-01 challenge 2021-06-18 17:27:35 +02:00
Herman Slatman
218a2adb9f
Add tests for IP Order validations 2021-06-18 16:09:48 +02:00
Herman Slatman
523ae96749
Change identifier and challenge types to consts 2021-06-18 12:39:36 +02:00
Herman Slatman
84ea8bd67a
Fix PR comments 2021-06-18 12:03:46 +02:00
Herman Slatman
af4803b8b8
Fix tests 2021-06-04 11:14:59 +02:00
Herman Slatman
0c79914d0d
Improve check for single IP in TLS-ALPN-01 challenge 2021-06-04 00:18:26 +02:00
Herman Slatman
a6405e98a9
Remove fmt. 2021-06-04 00:06:15 +02:00
Herman Slatman
2f40011da8
Add support for TLS-ALPN-01 challenge 2021-06-04 00:01:43 +02:00
Herman Slatman
76dcf542d4
Fix mixed DNS and IP SANs in Order 2021-06-03 22:45:24 +02:00
Herman Slatman
af615db6b5
Support DNS and IPs as SANs in single Order 2021-06-03 22:03:21 +02:00
Herman Slatman
a0e92f8e99
Verify IP identifier contains valid IP 2021-06-03 22:02:13 +02:00
Herman Slatman
6486e6016b
Make logic for which challenge types to use clearer 2021-05-29 00:37:22 +02:00
Herman Slatman
3e36522329
Add preliminary support for TLS-ALPN-01 challenge for IP identifiers 2021-05-29 00:19:14 +02:00
Herman Slatman
6d9710c88d
Add initial support for ACME IP validation 2021-05-28 16:40:46 +02:00
max furman
7b5d6968a5 first commit 2021-05-19 15:20:16 -07:00
Mariano Cano
2e1524ec2f Remove the creation on nonce on get acme directory.
According to RFC 8555, the replay nonces are only required in POST
requests. And of course in the new-nonce request.
2021-04-15 17:54:22 -07:00
max furman
93c3c2bf2e Error handle non existent provisioner downstream and disable debug route logging 2021-04-14 15:35:43 -07:00
max furman
497ec0c79b Fix linter issues 2021-04-14 15:14:27 -07:00
max furman
b1888fd34d Use different method for unescpaed paths for the router 2021-04-14 15:11:15 -07:00
max furman
6cfb9b790c Remove check of deprecated value
- NegotiatedProtocolIsMutual is always true: Deprecated according to
golang docs
2021-04-13 14:53:05 -07:00
max furman
63ec2e35b0 Change Clock to empty struct in nosql/nosql | truncate > round
- saves space
-
2021-04-13 14:42:37 -07:00
max furman
672e3f976e Few ACME fixes ...
- always URL escape linker output
- validateJWS should accept RSAPSS
- GetUpdateAccount -> GetOrUpdateAccount
2021-04-12 19:06:07 -07:00
max furman
2e0e62bc4c add WriteError method for acme api 2021-03-29 23:16:39 -07:00
max furman
9aef84b9af remove unused nonce.clone method 2021-03-29 23:02:41 -07:00
max furman
440678cb62 Add markInvalid arg to storeError for invalidating challenge 2021-03-29 22:58:26 -07:00
max furman
6b8585c702 PR review fixes / updates 2021-03-29 12:04:14 -07:00
max furman
bdace1e53f Add failure scenarios to db.CreateOrder unit tests 2021-03-25 19:40:18 -07:00
max furman
fd447c5b54 Fix small nbf->naf bug in db.CreateOrder
- still needs unit test
2021-03-25 16:45:26 -07:00
max furman
a785131d09 Fix lint issues 2021-03-25 15:15:32 -07:00
max furman
80c8567d99 change errnotfound type for getAccount
- more generalized NotFound type rather than the nosql
one we were using
- if the error is not recognized then the logic in create account will
break.
2021-03-25 14:54:12 -07:00
max furman
1831920363 Finish order unit tests and remove unused mocklinker 2021-03-25 13:46:51 -07:00
max furman
b6ebc0fd25 more unit tests 2021-03-25 12:05:46 -07:00
max furman
df05340521 fixing broken unit tests 2021-03-25 12:05:46 -07:00
max furman
bdf4c0f836 add acme order unit tests 2021-03-25 12:05:46 -07:00
max furman
c0a9f24798 add authorization and order unit tests 2021-03-25 12:05:46 -07:00