Mariano Cano
|
0f651799d0
|
Reject not enabled attestation formats
|
2022-09-08 17:38:05 -07:00 |
|
Mariano Cano
|
08815c5e90
|
Reneame attestation statement error
|
2022-09-08 10:46:58 -07:00 |
|
Mariano Cano
|
3cd72ac72a
|
Remove debug statements
|
2022-09-08 10:44:48 -07:00 |
|
Mariano Cano
|
e75e7e7cd6
|
Fix linter warnings
|
2022-09-01 16:18:13 -07:00 |
|
Mariano Cano
|
54d92095ac
|
Validate proof of possession signature
On the step format, validate proof of possession of the private
key validating the signature in the attestation statement.
|
2022-09-01 10:45:31 -07:00 |
|
Mariano Cano
|
ca412e77cc
|
Return error on attestation validation
The method storeError returns a nil error
|
2022-08-29 20:03:34 -07:00 |
|
Mariano Cano
|
735c9d49b0
|
Add support for yubikey attestation
|
2022-08-29 19:37:30 -07:00 |
|
Mariano Cano
|
693dc39481
|
Merge branch 'master' into device-attestation
|
2022-08-22 17:59:17 -07:00 |
|
Mariano Cano
|
23b8f45b37
|
Address gosec warnings
Most if not all false positives
|
2022-08-18 17:46:20 -07:00 |
|
Mariano Cano
|
2ab1e6658e
|
Fix nonce validation
The attestation certificate contains the nonce as raw bytes in the
extension 1.2.840.113635.100.8.11.1
|
2022-08-09 15:06:52 -07:00 |
|
Mariano Cano
|
66356cff43
|
Add attestation certificate validation for Apple devices
|
2022-07-14 17:10:03 -07:00 |
|
Brandon Weeks
|
274f6ccb41
|
iOS 16 beta 2 support
|
2022-06-23 05:43:24 +10:00 |
|
Brandon Weeks
|
7e1b0bebd9
|
iOS 16 beta 1 support
|
2022-06-23 05:19:36 +10:00 |
|
Brandon Weeks
|
77c6d10fd6
|
Verify key authorization is contained within the TPM quote extraData field
|
2022-06-23 05:19:36 +10:00 |
|
Brandon Weeks
|
e1ec31c0ed
|
Implement TPM attestation statement verification
|
2022-06-23 05:19:36 +10:00 |
|
Brandon Weeks
|
aacd6f4cc6
|
Add device-attest-01 challenge type
|
2022-06-23 05:19:36 +10:00 |
|
Mariano Cano
|
d1f75f1720
|
Refactor ACME api.
|
2022-04-28 19:15:18 -07:00 |
|
Herman Slatman
|
479c6d2bf5
|
Fix ACME IPv6 HTTP-01 challenges
Fixes #890
|
2022-04-07 12:37:34 +02:00 |
|
Herman Slatman
|
2d50c96d99
|
Merge branch 'master' into hs/acme-revocation
|
2021-11-19 17:00:18 +01:00 |
|
Herman Slatman
|
e7a988b2cd
|
Pin golangci-lint to v1.43.0 and fix issues
|
2021-11-13 01:30:03 +01:00 |
|
Herman Slatman
|
29f9730485
|
Satisfy golangci-lint
|
2021-11-12 17:13:10 +01:00 |
|
max furman
|
933b40a02a
|
Introduce gocritic linter and address warnings
|
2021-10-08 14:59:57 -04:00 |
|
Mariano Cano
|
dc5205cc72
|
Extract the tls error code and fail accordingly.
|
2021-08-17 17:06:25 -07:00 |
|
Mariano Cano
|
ae58a0ee4e
|
Make tests compatible with Go 1.17.
With Go 1.17 tls.Dial will fail if the client and server configured
protocols do not overlap. See https://golang.org/doc/go1.17#ALPN
|
2021-08-17 16:31:53 -07:00 |
|
Herman Slatman
|
64c15fde7e
|
Add tests for canonicalize function
|
2021-06-25 14:07:40 +02:00 |
|
Herman Slatman
|
135e912ac8
|
Improve coverage for TLS-ALPN-01 challenge
|
2021-06-18 17:27:35 +02:00 |
|
Herman Slatman
|
523ae96749
|
Change identifier and challenge types to consts
|
2021-06-18 12:39:36 +02:00 |
|
Herman Slatman
|
af4803b8b8
|
Fix tests
|
2021-06-04 11:14:59 +02:00 |
|
Herman Slatman
|
0c79914d0d
|
Improve check for single IP in TLS-ALPN-01 challenge
|
2021-06-04 00:18:26 +02:00 |
|
Herman Slatman
|
a6405e98a9
|
Remove fmt.
|
2021-06-04 00:06:15 +02:00 |
|
Herman Slatman
|
2f40011da8
|
Add support for TLS-ALPN-01 challenge
|
2021-06-04 00:01:43 +02:00 |
|
Herman Slatman
|
3e36522329
|
Add preliminary support for TLS-ALPN-01 challenge for IP identifiers
|
2021-05-29 00:19:14 +02:00 |
|
max furman
|
6cfb9b790c
|
Remove check of deprecated value
- NegotiatedProtocolIsMutual is always true: Deprecated according to
golang docs
|
2021-04-13 14:53:05 -07:00 |
|
max furman
|
440678cb62
|
Add markInvalid arg to storeError for invalidating challenge
|
2021-03-29 22:58:26 -07:00 |
|
max furman
|
6b8585c702
|
PR review fixes / updates
|
2021-03-29 12:04:14 -07:00 |
|
max furman
|
b6ebc0fd25
|
more unit tests
|
2021-03-25 12:05:46 -07:00 |
|
max furman
|
206909b12e
|
[acme db interface] unit tests for challenge nosql db
|
2021-03-25 12:05:46 -07:00 |
|
max furman
|
20b9785d20
|
[acme db interface] continuing unit test work
|
2021-03-25 12:05:46 -07:00 |
|
max furman
|
80a6640103
|
[acme db interface] wip
|
2021-03-25 12:05:46 -07:00 |
|
max furman
|
1135ae04fc
|
[acme db interface] wip
|
2021-03-25 12:05:46 -07:00 |
|
max furman
|
03ba229bcb
|
[acme db interface] wip more errors
|
2021-03-25 12:05:46 -07:00 |
|
max furman
|
2ae43ef2dc
|
[acme db interface] wip errors
|
2021-03-25 12:05:46 -07:00 |
|
max furman
|
121cc34cca
|
[acme db interface] wip
|
2021-03-25 12:05:45 -07:00 |
|
max furman
|
461bad3fef
|
[acme db interface] wip
|
2021-03-25 12:05:45 -07:00 |
|
max furman
|
31ad7f2e9b
|
[acme] Continued work on acme db interface (wip)
|
2021-03-25 12:05:45 -07:00 |
|
max furman
|
20f8d950c4
|
Fix broken ValidateChallenge test
|
2020-12-18 11:18:42 -05:00 |
|
Mariano Cano
|
ba918100d0
|
Use go.step.sm/crypto/jose
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
|
2020-08-24 14:44:11 -07:00 |
|
max furman
|
e1409349f3
|
Allow relative URL for all links in ACME api ...
* Pass the request context all the way down the ACME stack.
* Save baseURL in context and use when generating ACME urls.
|
2020-05-14 17:32:54 -07:00 |
|
Ivan Bertona
|
157686e338
|
Tiny finishes.
|
2020-02-07 19:57:29 -05:00 |
|
Ivan Bertona
|
6843408d42
|
Reject obsolete id-pe-acmeIdentifier.
|
2020-02-07 19:26:18 -05:00 |
|