Panagiotis Siatras
eae0211a3e
acme/api: refactored to support api/render
2022-03-22 14:35:18 +02:00
Herman Slatman
e47dd0a666
Add ACME configuration prerequisites check
2022-02-28 16:08:00 +01:00
Herman Slatman
d799359917
Merge branch 'master' into hs/acme-eab
2021-12-09 13:58:40 +01:00
Herman Slatman
d0c23973cc
Merge branch 'master' into hs/acme-eab
2021-12-06 13:01:23 +01:00
Herman Slatman
004fc054d5
Fix PR comments
2021-12-03 15:06:28 +01:00
Herman Slatman
2d357da99b
Add tests for ACME revocation
2021-11-26 17:27:42 +01:00
Herman Slatman
2d50c96d99
Merge branch 'master' into hs/acme-revocation
2021-11-19 17:00:18 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
2021-11-13 01:30:03 +01:00
Herman Slatman
3151255a25
Merge branch 'master' into hs/acme-revocation
2021-10-30 15:41:29 +02:00
Herman Slatman
a98fe03e80
Merge branch 'master' into hs/acme-eab
2021-08-27 12:50:19 +02:00
Herman Slatman
c6bfc6eac2
Fix PR comments
2021-07-22 23:48:41 +02:00
Herman Slatman
f81d49d963
Add first working version of External Account Binding
2021-07-17 17:35:44 +02:00
Herman Slatman
0e56932e76
Add support for revocation using JWK
2021-07-03 01:57:27 +02:00
Herman Slatman
d53bcaf830
Add base logic for ACME revoke-cert
2021-07-02 22:51:15 +02:00
Joe Julian
0369151bfa
use InsecureSkipVerify for validation
...
The server will not yet have a valid certificate so we need to disable
certificate validation in the HTTPGetter.
2021-04-27 08:18:35 -07:00
Mariano Cano
2e1524ec2f
Remove the creation on nonce on get acme directory.
...
According to RFC 8555, the replay nonces are only required in POST
requests. And of course in the new-nonce request.
2021-04-15 17:54:22 -07:00
max furman
b1888fd34d
Use different method for unescpaed paths for the router
2021-04-14 15:11:15 -07:00
max furman
672e3f976e
Few ACME fixes ...
...
- always URL escape linker output
- validateJWS should accept RSAPSS
- GetUpdateAccount -> GetOrUpdateAccount
2021-04-12 19:06:07 -07:00
max furman
440678cb62
Add markInvalid arg to storeError for invalidating challenge
2021-03-29 22:58:26 -07:00
max furman
6b8585c702
PR review fixes / updates
2021-03-29 12:04:14 -07:00
max furman
a785131d09
Fix lint issues
2021-03-25 15:15:32 -07:00
max furman
1831920363
Finish order unit tests and remove unused mocklinker
2021-03-25 13:46:51 -07:00
max furman
b6ebc0fd25
more unit tests
2021-03-25 12:05:46 -07:00
max furman
20b9785d20
[acme db interface] continuing unit test work
2021-03-25 12:05:46 -07:00
max furman
291fd5d45a
[acme db interface] more unit tests
2021-03-25 12:05:46 -07:00
max furman
f71e27e787
[acme db interface] unit test progress
2021-03-25 12:05:46 -07:00
max furman
bb8d54e596
[acme db interface] unit tests compiling
2021-03-25 12:05:46 -07:00
max furman
f20fcae80e
[acme db interface] wip unit test fixing
2021-03-25 12:05:46 -07:00
max furman
80a6640103
[acme db interface] wip
2021-03-25 12:05:46 -07:00
max furman
55bf5a4526
Add cert logging for acme/certificate api
2020-08-12 15:50:45 -07:00
David Cowden
a26b5f322d
acme/api: Brush up documentation on key-change
...
Add more specific wording describing what a 501 means and add more color
explaining how official vs unofficial error types should be handled.
2020-05-28 11:22:37 -07:00
David Cowden
b26e6e42b3
acme: Return 501 for the key-change route
...
RFC 8555 § 7.3.5 is not listed as optional but we do not currently
support it. Rather than 404, return a 501 to inform clients that this
functionality is not yet implemented.
The notImplmented error type is not an official error registered in the
ietf:params:acme:error namespace, so prefix if with step:acme:error. An
ACME server is allowed to return other errors and clients should display
the message detail to users.
Fixes: https://github.com/smallstep/certificates/issues/209
2020-05-26 01:47:08 -07:00
max furman
e1409349f3
Allow relative URL for all links in ACME api ...
...
* Pass the request context all the way down the ACME stack.
* Save baseURL in context and use when generating ACME urls.
2020-05-14 17:32:54 -07:00
Clive Jevons
639993bd09
Read host and protocol information from request for links
...
When constructing links we want to read the required host and protocol
information in a dynamic manner from the request for constructing ACME
links such as the directory information. This way, if the server is
running behind a proxy, and we don't know what the exposed URL should
be at runtime, we can construct the required information from the
host, tls and X-Forwarded-Proto fields in the HTTP request.
Inspired by the LetsEncrypt Boulder project (web/relative.go).
2020-05-12 16:58:12 -07:00
max furman
d368791606
Add x5c provisioner capabilities
2019-10-14 14:51:37 -07:00
max furman
e3826dd1c3
Add ACME CA capabilities
2019-09-13 15:48:33 -07:00