Herman Slatman
8473164b41
Merge pull request #773 from smallstep/herman/ip-sans-improvements
...
Improve IP SANS support
2021-12-20 19:56:55 +01:00
Herman Slatman
a5f2f004e3
Change name of IP Common Name test for clarity
2021-12-20 18:55:23 +01:00
Herman Slatman
f9ae875f9d
Use short if-style statements
2021-12-20 14:30:01 +01:00
Herman Slatman
80bebda69c
Fix code style issue
2021-12-20 13:40:17 +01:00
Mariano Cano
f7c1a328ed
Merge pull request #777 from smallstep/pkcs11-decrypter
...
Implement the kms.Decrypter with PKCS#11
2021-12-17 11:10:56 -08:00
Mariano Cano
d5c6572da4
Fix typo.
2021-12-17 10:55:23 -08:00
Mariano Cano
5a32401d23
Implement the kms.Decrypter with PKCS#11
...
This interface allows the use of SCEP with PKCS#11 modules.
2021-12-16 18:30:09 -08:00
Mariano Cano
ab44fbfb3f
Merge pull request #774 from smallstep/cm-roots
...
Avoid doing unauthenticated requests on the SDK
2021-12-15 12:22:36 -08:00
Mariano Cano
2c63abcf52
fix grammar
2021-12-15 12:16:21 -08:00
Mariano Cano
7c4e6dcc96
Remove duplicated code in bootstrap methods
2021-12-15 11:24:46 -08:00
Mariano Cano
64c19d4264
Fix subject in test, use ip
2021-12-14 15:27:18 -08:00
Mariano Cano
b0b2e77b0e
Avoid doing unauthenticated requests on the SDK
...
When step-ca runs with mTLS required on some endpoints, the SDK
used in autocert will fail to start because the identity certificate
is missing. This certificate is only required to retrieve all roots,
in most cases there's only one, and the SDK has access to it.
2021-12-14 14:42:38 -08:00
Herman Slatman
bc0875bd7b
Disallow email address and URLs in the CSR
...
Before this commit `step` would allow email addresses and URLs
in the CSR. This doesn't fit nicely with the rest of ACME, in which
identifiers need to be authorized before a certificate is issued.
2021-12-13 16:14:39 +01:00
Herman Slatman
13a31fd862
Merge branch 'master' into herman/ip-sans-improvements
2021-12-13 16:04:53 +01:00
Herman Slatman
ca707cbe05
Fix linting
2021-12-13 16:01:40 +01:00
Herman Slatman
a5d33512fe
Fix test
2021-12-13 15:59:01 +01:00
Herman Slatman
a2c9b5cd7e
Allow IP identifiers in subject, including authorization enforcement
...
To support IPs in the subject using `step-cli`, this PR ensures that
Subject Common Names that can be parsed as an IP are also checked
to have been authorized before.
The PR for `step-cli` is here: github.com/smallstep/cli/pull/576.
2021-12-13 15:34:56 +01:00
Herman Slatman
5f224b729e
Add tests for Provisioner Admin API
2021-12-09 23:15:38 +01:00
Herman Slatman
43a78f495f
Add tests for Admin API
2021-12-09 17:29:23 +01:00
Herman Slatman
bd169f505f
Add Admin API Middleware tests
2021-12-09 15:26:18 +01:00
Herman Slatman
d799359917
Merge branch 'master' into hs/acme-eab
2021-12-09 13:58:40 +01:00
Herman Slatman
63371a8fb6
Add additional tests for ACME EAB Admin
2021-12-09 13:46:47 +01:00
Herman Slatman
fbd3fd2145
Merge pull request #625 from hslatman/hs/acme-revocation
...
ACME Certificate Revocation
2021-12-09 09:48:02 +01:00
Herman Slatman
00539d07c9
Add changelog entry for ACME revocation
2021-12-09 09:42:38 +01:00
Herman Slatman
3bc3957b06
Merge branch 'master' into hs/acme-revocation
2021-12-09 09:36:52 +01:00
Herman Slatman
0524122191
Remove authorization flow for different Account private keys
...
As discussed in https://github.com/smallstep/certificates/issues/767 ,
we opted for not including this authorization flow to prevent users
from getting OOMs. We can add the functionality back when the
underlying data store can provide access to a long list of
Authorizations more efficiently, for example when a callback is
implemented.
2021-12-08 16:28:14 +01:00
Herman Slatman
2215a05c28
Add tests for ACME EAB Admin
...
Refactored some of the existing bits for testing the Authority
API by creation of a new LinkedAuthority interface and changing
visibility of the MockAuthority to be usable by other packages.
At this time, not all of the functions of MockAuthority it usable
yet. Will refactor when needed or requested.
2021-12-08 15:19:38 +01:00
Carl Tashian
53ebd85327
Update star gif size
2021-12-07 10:17:48 -08:00
Carl Tashian
c0255b7caa
Update star gif
2021-12-07 10:07:50 -08:00
Carl Tashian
accb0710a1
Star gif
2021-12-07 10:02:44 -08:00
Herman Slatman
9885d42711
Fix linting issues
2021-12-07 16:28:06 +01:00
Herman Slatman
6e11657204
Refactor creation of (raw) EAB JWS contents
2021-12-07 14:57:39 +01:00
Herman Slatman
23898e9b76
Improve EAB JWS validation and increase test coverage
2021-12-07 12:17:41 +01:00
Mariano Cano
94afec7e1f
Merge pull request #758 from smallstep/errors-forbidden
...
Forbidden errors and more
2021-12-06 16:01:19 -08:00
Herman Slatman
d0c23973cc
Merge branch 'master' into hs/acme-eab
2021-12-06 13:01:23 +01:00
Mariano Cano
e0fee84694
Add comment about public key validator.
2021-12-03 15:24:42 -08:00
Mariano Cano
0cebde3db5
Change fallback message on RekeySSH.
2021-12-03 15:12:00 -08:00
Herman Slatman
004fc054d5
Fix PR comments
2021-12-03 15:06:28 +01:00
Mariano Cano
9fd147f3da
Change error message.
2021-12-02 16:44:57 -08:00
Herman Slatman
47a8a3c463
Add test case for ACME Revoke to Authority
2021-12-02 17:11:36 +01:00
Herman Slatman
06bb97c91e
Add logic for Account authorizations and improve tests
2021-12-02 16:25:35 +01:00
Herman Slatman
bae1d256ee
Improve tests for JWK vs. KID revoke auth flow
...
The logic for both test cases is fairly similar, but with some
small differences. Made those clearer by means of some comments.
Also added some comments to the middleware logic that decided
whether to extract JWK or lookup by KID.
2021-12-02 10:59:56 +01:00
Herman Slatman
a7fbbc4748
Add tests for GetCertificateBySerial
2021-11-28 21:20:57 +01:00
Herman Slatman
4d01cf8135
Increase test code coverage
2021-11-28 20:30:36 +01:00
Herman Slatman
2d357da99b
Add tests for ACME revocation
2021-11-26 17:27:42 +01:00
Herman Slatman
ed295ca15d
Fix linting issue
2021-11-25 00:44:21 +01:00
Herman Slatman
c9cd876a7d
Merge branch 'master' into hs/acme-revocation
2021-11-25 00:40:56 +01:00
Mariano Cano
78acf35bf4
Merge pull request #753 from scattered-network/docker-compose-go-mod-updates
...
Docker Example Fix: Remove Step Build
2021-11-24 14:42:44 -08:00
Mariano Cano
d35848f7a9
Fix unit tests.
2021-11-24 11:43:24 -08:00
Mariano Cano
c3f98fd04d
Change some bad requests to forbidded.
...
Change in the sign options bad requests to forbidded if is the
provisioner the one adding a restriction, e.g. list of dns names,
validity, ...
2021-11-24 11:32:35 -08:00