Mariano Cano
221e756f40
Use render.Error on crl endpoint
2022-09-14 11:50:11 -07:00
Raal Goff
d2483f3a70
Merge branch 'master' into crl-support
...
# Conflicts:
# authority/config/config.go
2022-09-08 09:45:04 +08:00
Mariano Cano
23b8f45b37
Address gosec warnings
...
Most if not all false positives
2022-08-18 17:46:20 -07:00
Mariano Cano
2db15e4eb5
Remove unnecessary log entries
...
These log entries add CodeQL warnings and are not necessary because
our default http.ResponseWriter allows adding log entries.
2022-08-11 18:14:36 -07:00
max furman
1dd0d7d0ee
Update bad serial error to be more specific
2022-08-11 09:34:04 -07:00
max furman
7052a32c2c
Validate revocation serial number
2022-08-09 11:04:00 -07:00
Raal Goff
9fa5f46213
add minor doco, Test_CRLGeneration(), fix some issues from merge
2022-07-13 08:56:47 +08:00
Raal Goff
60671b07d7
Merge branch 'master' into crl-support
...
# Conflicts:
# api/api.go
# authority/config/config.go
# cas/softcas/softcas.go
# db/db.go
2022-07-13 08:52:58 +08:00
Mariano Cano
1be74eca62
Merge branch 'master' into ssh-renew-provisioner
2022-05-23 14:31:15 -07:00
Mariano Cano
6b3a8f22f3
Add provisioner to SSH renewals
...
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
2022-05-20 14:41:44 -07:00
Mariano Cano
d461918eb0
Merge branch 'master' into context-authority
2022-05-06 13:21:41 -07:00
Mariano Cano
43ddcf2efe
Do not use deprecated AuthorizeSign
2022-05-04 17:35:34 -07:00
Herman Slatman
2b7f6931f3
Change Subject Common Name verification
...
Subject Common Names can now also be configured to be allowed or
denied, similar to SANs. When a Subject Common Name is not explicitly
allowed or denied, its type will be determined and its value will be
validated according to the constraints for that type of name (i.e. URI).
2022-04-28 14:49:23 +02:00
Mariano Cano
48e2fabeb8
Add authority.MustFromContext
2022-04-27 11:38:06 -07:00
Mariano Cano
817af3d696
Fix unit tests on the api package
2022-04-27 10:38:53 -07:00
Mariano Cano
a93653ea8e
Use api.Route instead of the caHandler.
2022-04-26 14:32:55 -07:00
Mariano Cano
a6b8e65d69
Retrieve the authority from the context in api methods.
2022-04-26 12:58:40 -07:00
Herman Slatman
74a6e59b1f
Add tests for ProtoJSON and bad proto messages
2022-04-26 14:56:42 +02:00
Herman Slatman
bddd08d4b0
Remove "proto:" prefix from bad proto JSON messages
2022-04-26 14:01:16 +02:00
Herman Slatman
a2cfbe3d54
Fix (part of) PR comments
2022-04-21 12:14:03 +02:00
Herman Slatman
6532c93303
Improve read.ProtoJSON bad protobuf body error handling
2022-04-19 12:07:57 +02:00
Herman Slatman
def9438ad6
Improve handling of bad JSON protobuf bodies
2022-04-18 23:38:13 +02:00
Herman Slatman
30d5d89a13
Improve test coverage for Policy Admin API
2022-04-15 10:43:25 +02:00
Raal Goff
49c41636cc
implemented some requested changes
2022-04-06 08:31:40 +08:00
Raal Goff
53dbe2309b
implemented some requested changes
2022-04-06 08:24:49 +08:00
Raal Goff
a607ab189a
requested changes
2022-04-06 08:23:55 +08:00
Raal Goff
d417ce3232
implement changes from review
2022-04-06 08:23:53 +08:00
Raal Goff
7d024cc4cb
change GenerateCertificateRevocationList to return DER, store DER in db instead of PEM, nicer PEM encoding of CRL, add Mock stubs
2022-04-06 08:22:26 +08:00
Raal Goff
e8fdb703c9
initial support for CRL
2022-04-06 08:19:45 +08:00
Herman Slatman
571b21abbc
Fix (most) PR comments
2022-03-31 16:12:29 +02:00
Herman Slatman
628d7448de
Don't return policy in provisioner JSON
2022-03-30 15:20:38 +02:00
Herman Slatman
2fbdf7d5b0
Merge branch 'master' into herman/allow-deny
2022-03-30 14:50:14 +02:00
Panagiotis Siatras
00634fb648
api/render, api/log: initial implementation of the packages ( #860 )
...
* api/render: initial implementation of the package
* acme/api: refactored to support api/render
* authority/admin: refactored to support api/render
* ca: refactored to support api/render
* api: refactored to support api/render
* api/render: implemented Error
* api: refactored to support api/render.Error
* acme/api: refactored to support api/render.Error
* authority/admin: refactored to support api/render.Error
* ca: refactored to support api/render.Error
* ca: fixed broken tests
* api/render, api/log: moved error logging to this package
* acme: refactored Error so that it implements render.RenderableError
* authority/admin: refactored Error so that it implements render.RenderableError
* api/render: implemented RenderableError
* api/render: added test coverage for Error
* api/render: implemented statusCodeFromError
* api: refactored RootsPEM to work with render.Error
* acme, authority/admin: fixed pointer receiver name for consistency
* api/render, errs: moved StatusCoder & StackTracer to the render package
2022-03-30 11:22:22 +03:00
Andrew Reed
d5d70baba7
Add /roots.pem handler ( #866 )
...
* Add /roots.pem handler
* Review changes
* Remove no peer cert test case
2022-03-28 09:18:18 -05:00
Herman Slatman
23676d3bcc
Merge branch 'master' into herman/allow-deny
2022-03-24 18:35:20 +01:00
Panagiotis Siatras
b98f86a515
scep: minor cleanup ( #867 )
...
* api, scep: removed scep.Error
* scep/api: replaced nextHTTP with http.HandlerFunc
* scep/api: renamed writeSCEPResponse to writeResponse
* scep/api: renamed decodeSCEPRequest to decodeRequest
* scep/api: renamed writeError to fail
* scep/api: replaced pkg/errors with errors
* scep/api: formatted imports
* scep/api: do not export SCEPRequest & SCEPResponse
* scep/api: do not export Handler
* api: flush errors better
2022-03-24 14:58:50 +02:00
Herman Slatman
613c99f00f
Fix linting issues
2022-03-24 13:10:49 +01:00
Herman Slatman
dc23fd23bf
Merge branch 'master' into herman/allow-deny-next
2022-03-24 12:36:12 +01:00
Herman Slatman
6b620c8e9c
Improve protobuf unmarshaling error handling
2022-03-24 10:54:45 +01:00
Panagiotis Siatras
80abda22ee
api/log: initial implementation of the package ( #859 )
...
* api/log: initial implementation of the package
* api: refactored to support api/log
* scep/api: refactored to support api/log
* api/log: documented the package
* api: moved log-related tests to api/log
2022-03-22 14:31:18 +02:00
Panagiotis Siatras
df89ed5acb
api: moved read-related tests to api/read
2022-03-18 20:21:01 +02:00
Panagiotis Siatras
29092b9d8a
api: refactored to use the read package
2022-03-18 20:20:59 +02:00
Panagiotis Siatras
7fb8acda27
api/read: initial implementation of the package
2022-03-18 20:20:16 +02:00
Herman Slatman
81b0c6c37c
Add API implementation for authority and provisioner policy
2022-03-15 15:56:04 +01:00
Mariano Cano
f8df6a1acc
Change variable name for consistency
2022-03-11 10:05:35 -08:00
Mariano Cano
616490a9c6
Refactor renew after expiry token authorization
...
This changes adds a new authority method that authorizes the
renew after expiry tokens.
2022-03-10 20:21:01 -08:00
Mariano Cano
afb5d36206
Allow to renew certificates using an x5c-like token.
2022-03-09 20:37:41 -08:00
Herman Slatman
5fe9909174
Refactor AdminAuthority interface
2021-12-22 15:30:40 +01:00
Herman Slatman
5f224b729e
Add tests for Provisioner Admin API
2021-12-09 23:15:38 +01:00
Herman Slatman
d799359917
Merge branch 'master' into hs/acme-eab
2021-12-09 13:58:40 +01:00