Commit graph

2015 commits

Author SHA1 Message Date
Herman Slatman
1dba8698e3
Use LinkedCA.EABKey type in ACME EAB API 2021-08-27 12:39:37 +02:00
Herman Slatman
f31ca4f6a4
Add tests for validateExternalAccountBinding 2021-08-10 12:39:44 +02:00
Herman Slatman
492256f2d7
Add first test cases for EAB and make provisioner unique per EAB
Before this commit, EAB keys could be used CA-wide, meaning that
an EAB credential could be used at any ACME provisioner. This
commit changes that behavior, so that EAB credentials are now
intended to be used with a specific ACME provisioner. I think
that makes sense, because from the perspective of an ACME client
the provisioner is like a distinct CA.

Besides that this commit also includes the first tests for EAB.
The logic for creating the EAB JWS as a client has been taken
from github.com/mholt/acmez. This logic may be moved or otherwise
sourced (i.e. from a vendor) as soon as the step client also
(needs to) support(s) EAB with ACME.
2021-08-09 10:37:32 +02:00
Herman Slatman
71b3f65df1
Add processing of RequireEAB through Linked CA 2021-08-07 01:33:08 +02:00
Herman Slatman
7dad7038c3
Fix missing ACME EAB API endpoints 2021-07-23 15:41:24 +02:00
Herman Slatman
c6a4c4ecba
Change ACME EAB endpoint 2021-07-23 15:16:11 +02:00
Herman Slatman
c6bfc6eac2
Fix PR comments 2021-07-22 23:48:41 +02:00
Herman Slatman
b65a588d5b
Make authentication work for /admin/eak 2021-07-22 22:43:21 +02:00
Herman Slatman
d669f3cb14
Fix misspelling 2021-07-17 20:39:12 +02:00
Herman Slatman
540d5fbbdc
Fix marshaling -> marshalling 2021-07-17 20:35:44 +02:00
Herman Slatman
2110c7722f
Fix JWK payload key equality check 2021-07-17 20:29:12 +02:00
Herman Slatman
2eb69636ea
Merge branch 'master' into hs/acme-eab 2021-07-17 19:04:20 +02:00
Herman Slatman
d44cd18b96
Add External Accounting Binding key "BoundAt" marking 2021-07-17 19:02:47 +02:00
Herman Slatman
f81d49d963
Add first working version of External Account Binding 2021-07-17 17:35:44 +02:00
max furman
bd51b1f85b Updates for new issue page 2021-07-16 15:09:38 -07:00
max furman
a3af991261 Update pull request labeler action 2021-07-16 12:15:03 -07:00
max furman
b71ff09a08 UI updates for certificates new issue page 2021-07-16 10:50:22 -07:00
Mariano Cano
4aa529605d
Merge pull request #641 from hillu/quote-serial
Log certificate's serial number as stringified decimal number
2021-07-16 18:53:51 +02:00
Mariano Cano
76413b845e
Merge pull request #644 from hslatman/hs/fix-provisioner-name-log
Fix logging provisioner name as string
2021-07-16 04:38:40 +02:00
Herman Slatman
9210a6740b
Fix logging provisioner name as string 2021-07-15 23:13:08 +02:00
Hilko Bengen
edb01bc9f2 Log certificate's serial number as stringified decimal number
Using a JSON string fixes a common issue with JSON parsers that
deserialize all numbers to a 64-bit IEEE-754 floats. (Certificate
serial numbers are usually 128 bit values.)

This change is consistent with existing log entries for revocation
requests.

See also: #630, #631
2021-07-14 12:06:28 +02:00
Max
b9743b36e1
Merge pull request #599 from smallstep/max/cert-mgr-crud
certificate manager
2021-07-08 16:29:30 -07:00
max furman
857a50434c Merge branch 'master' into max/cert-mgr-crud 2021-07-08 16:25:52 -07:00
Max
517fab1b54
Merge pull request #602 from hslatman/hs/ip-verification
IP Identifier Validation [RFC8738]
2021-07-08 16:24:34 -07:00
max furman
681226a798 Merge branch 'master' into max/cert-mgr-crud 2021-07-08 16:21:09 -07:00
max furman
1df21b9b6a Addressing comments in PR review
- added a bit of validation to admin create and update
- using protojson where possible in admin api
- fixing a few instances of admin -> acme in errors
2021-07-06 17:14:13 -07:00
Mariano Cano
bc14341387 Fix bootstrap command. 2021-07-06 16:35:00 +02:00
max furman
5679c9933d Fixes from PR review 2021-07-03 12:08:30 -07:00
max furman
77fdfc9fa3 Merge branch 'master' into max/cert-mgr-crud 2021-07-02 20:26:46 -07:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
Herman Slatman
8e4a4ecc1f
Refactor tests for sans 2021-06-26 00:48:40 +02:00
Herman Slatman
87b72afa25
Fix IP equality check and add more tests 2021-06-26 00:13:44 +02:00
Herman Slatman
a6d33b7d06
Add tests for sans() 2021-06-25 17:21:22 +02:00
Herman Slatman
64c15fde7e
Add tests for canonicalize function 2021-06-25 14:07:40 +02:00
Herman Slatman
7843c90c4c
Merge branch 'master' of github.com:smallstep/certificates into hs/ip-verification 2021-06-25 13:30:41 +02:00
max furman
6476eb45a7 Need RELEASE variable defined in make debian 2021-06-23 13:30:30 -07:00
Mariano Cano
856f08b1c5
Merge pull request #605 from smallstep/casv1
Add support for Google CAS v1
2021-06-23 00:58:10 -07:00
Mariano Cano
65dacc2795 Replace golint with revive 2021-06-23 09:53:26 +02:00
Mariano Cano
35e6cc275a Fix typos in comments. 2021-06-23 09:35:14 +02:00
Herman Slatman
c514a187b2
Fix Fail() -_-b 2021-06-18 17:37:56 +02:00
Herman Slatman
135e912ac8
Improve coverage for TLS-ALPN-01 challenge 2021-06-18 17:27:35 +02:00
Herman Slatman
218a2adb9f
Add tests for IP Order validations 2021-06-18 16:09:48 +02:00
Mariano Cano
db416a45ae
Fix path for labeler. 2021-06-18 13:02:53 +02:00
Herman Slatman
f33bdee5e0
Fix linter issue S1025 2021-06-18 12:55:50 +02:00
Herman Slatman
8780409020
Merge branch 'master' into hs/ip-verification 2021-06-18 12:45:12 +02:00
Herman Slatman
523ae96749
Change identifier and challenge types to consts 2021-06-18 12:39:36 +02:00
Herman Slatman
84ea8bd67a
Fix PR comments 2021-06-18 12:03:46 +02:00
Mariano Cano
a0633a6efb
Merge pull request #612 from gdbelvin/kmspin
Allow reading pin from kms string
2021-06-15 12:05:34 -07:00
Gary Belvin
1fb4406801 minimize diff 2021-06-15 18:19:42 +01:00
Gary Belvin
c6bb7aa199 Add back UI check, but don't read file 2021-06-15 18:18:29 +01:00