Commit graph

45 commits

Author SHA1 Message Date
max furman
8b256f0351
address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Herman Slatman
d9aa2c110f
Increase test coverage for AK certificate properties 2023-04-06 14:35:48 +02:00
Mariano Cano
6ba20209c2
Verify CSR key fingerprint with attestation certificate key
This commit makes sure that the attestation certificate key matches the
key used on the CSR on an ACME device attestation flow.
2023-02-09 16:48:43 -08:00
Herman Slatman
3a6fc5e0b4
Remove dependency on smallstep/assert in ACME challenge tests 2023-01-31 23:49:34 +01:00
Herman Slatman
0f9128c873
Fix linting issue and order of test SUT 2023-01-27 15:43:57 +01:00
Herman Slatman
2ab9beb7ed
Add tests for deviceAttest01Validate 2023-01-27 15:36:48 +01:00
Mariano Cano
e27c6c529b
Add support for custom acme ports
This change adds the flags --acme-http-port, --acme-tls-port, that
combined with --insecure can be used to set custom ports for ACME
http-01 and tls-alpn-01 challenges. These flags should only be used
for testing purposes.

Fixes #1015
2022-11-03 16:58:25 -07:00
Mariano Cano
a7e597450a
Update acme/challenge_test.go
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2022-10-11 10:04:42 -07:00
Mariano Cano
7a78c76199
Add test simulating YubiKey v5.2.4
There are YubiKeys v5.2.4 where the attestation intermediate (f9)
does not have a basic constraint extension, so that certificate
is not marked as a CA. The test and CA in this commit imitates
that use case. Currently the test case returns an error as we
don't support it. But if we change the verification to support
this use case, the test should change accordingly.
2022-10-10 18:27:11 -07:00
Mariano Cano
21666ba887
Revert "Set timestamp when marking an acme challenge invalid"
This reverts commit 5f130895f3.
2022-10-03 12:56:23 -07:00
Mariano Cano
5f130895f3
Set timestamp when marking an acme challenge invalid 2022-10-03 11:35:51 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
498549c95c Extract common function used in tests 2022-09-16 10:02:10 -07:00
Mariano Cano
829530ae90 Fix linter errors 2022-09-15 18:24:43 -07:00
Mariano Cano
6b73a020e3 Add unit tests for apple and step attestations 2022-09-15 18:19:52 -07:00
Brandon Weeks
aacd6f4cc6 Add device-attest-01 challenge type 2022-06-23 05:19:36 +10:00
Mariano Cano
2ab7dc6f9d Fix acme tests. 2022-05-02 18:09:26 -07:00
Herman Slatman
479c6d2bf5
Fix ACME IPv6 HTTP-01 challenges
Fixes #890
2022-04-07 12:37:34 +02:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Mariano Cano
ae58a0ee4e Make tests compatible with Go 1.17.
With Go 1.17 tls.Dial will fail if the client and server configured
protocols do not overlap. See https://golang.org/doc/go1.17#ALPN
2021-08-17 16:31:53 -07:00
Herman Slatman
64c15fde7e
Add tests for canonicalize function 2021-06-25 14:07:40 +02:00
Herman Slatman
c514a187b2
Fix Fail() -_-b 2021-06-18 17:37:56 +02:00
Herman Slatman
135e912ac8
Improve coverage for TLS-ALPN-01 challenge 2021-06-18 17:27:35 +02:00
Herman Slatman
af4803b8b8
Fix tests 2021-06-04 11:14:59 +02:00
max furman
440678cb62 Add markInvalid arg to storeError for invalidating challenge 2021-03-29 22:58:26 -07:00
max furman
b6ebc0fd25 more unit tests 2021-03-25 12:05:46 -07:00
max furman
a58466589f add tls-alpn-01 validate unit tests 2021-03-25 12:05:46 -07:00
max furman
a8e4bbf715 start Validate unit tests 2021-03-25 12:05:46 -07:00
max furman
1fb0f1d7d9 add storeError unit tests 2021-03-25 12:05:46 -07:00
max furman
8b4a5a6d8b add unit tests for dns01 validate 2021-03-25 12:05:46 -07:00
max furman
3612a0b990 gethttp01 validate unit tests working 2021-03-25 12:05:46 -07:00
max furman
bb8d54e596 [acme db interface] unit tests compiling 2021-03-25 12:05:46 -07:00
max furman
20f8d950c4 Fix broken ValidateChallenge test 2020-12-18 11:18:42 -05:00
Mariano Cano
ba918100d0 Use go.step.sm/crypto/jose
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
max furman
e1409349f3 Allow relative URL for all links in ACME api ...
* Pass the request context all the way down the ACME stack.
* Save baseURL in context and use when generating ACME urls.
2020-05-14 17:32:54 -07:00
Ivan Bertona
cb46a8b741 Small test fixes. 2020-02-11 09:57:28 -05:00
Ivan Bertona
200cfd2433 Add test for missing TLS certificates in response. 2020-02-10 14:50:13 -05:00
Ivan Bertona
157686e338 Tiny finishes. 2020-02-07 19:57:29 -05:00
Ivan Bertona
6843408d42 Reject obsolete id-pe-acmeIdentifier. 2020-02-07 19:26:18 -05:00
Ivan Bertona
6b5a2b17b5 Add challenge unmarshal test cases. 2020-02-07 15:25:27 -05:00
Ivan Bertona
b8208ec401 Add test case for failed came-tls/1 protocol negotiation. 2020-02-07 15:14:08 -05:00
Ivan Bertona
4b473732d9 Add support for TLS-ALPN-01 challenge. 2020-02-07 14:37:13 -05:00
Oleksandr Kovalchuk
ec8ff0bced
Add testcase which ensures we pass correct domain to lookupTxt
Make sure we do not pass domains with asterisk (wildcard) in the middle,
like _acme-challenge.*.example.com to lookupTxt function, but preprocess
domain and remove leading wildcard so we lookup for
_acme-challenge.example.com.
2019-12-20 22:54:41 +02:00
max furman
e3826dd1c3 Add ACME CA capabilities 2019-09-13 15:48:33 -07:00