Commit graph

161 commits

Author SHA1 Message Date
Max
7731edd816
Store and verify Acme account location (#1386)
* Store and verify account location on acme requests

Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
Co-authored-by: Mariano Cano <mariano@smallstep.com>
2023-06-06 23:37:51 -07:00
max furman
8b256f0351
address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Herman Slatman
0f1c509e4b
Remove debug utility 2023-01-31 23:48:53 +01:00
Herman Slatman
60a9e41c1c
Remove Identifier from top level ACME Errors 2023-01-26 14:59:08 +01:00
Herman Slatman
edee01c80c
Refactor debug utility 2023-01-26 13:41:01 +01:00
Herman Slatman
1c38113e44
Add ACME Subproblem for more detailed ACME client-side errors
When validating an ACME challenge (`device-attest-01` in this case,
but it's also true for others), and validation fails, the CA didn't
return a lot of information about why the challenge had failed. By
introducing the ACME `Subproblem` type, an ACME `Error` can include
some additional information about what went wrong when validating
the challenge.

This is a WIP commit. The `Subproblem` isn't created in many code
paths yet, just for the `step` format at the moment. Will probably
follow up with some more improvements to how the ACME error is
handled. Also need to cleanup some debug things (q.Q)
2023-01-26 13:29:31 +01:00
Herman Slatman
817edcbba5
Remove charset=utf-8 from ACME certificate requests 2022-11-09 19:57:50 +01:00
Herman Slatman
3eae04928f
Add tests for ACME Meta object 2022-11-07 15:35:42 +01:00
Herman Slatman
b9f238ad4d
Add additional ACME meta properties to provisioner configuration 2022-10-24 22:37:57 +02:00
Herman Slatman
c9793561ff
Make meta object optional in ACME directory response
Harware appliances from Kemp seem to validate the contents of the
`meta` object, even if none of the properties in the `meta` object
is set. According to the RFC, the `meta` object, as well as its
properties are optional, so technically this should be fixed by
the manufacturer.

This commit is to see if we validation of the `meta` object is
skipped if it's not available in the response.
2022-10-24 14:14:28 +02:00
Mariano Cano
99299faeeb
Add AuthorizeChallenge unit tests 2022-09-20 19:03:03 -07:00
Mariano Cano
2b3b2c283a
Add attestation certificate validation for Apple devices 2022-09-20 18:51:43 -07:00
Brandon Weeks
5f5315260a
iOS 16 beta 1 support 2022-09-20 16:53:08 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
829530ae90 Fix linter errors 2022-09-15 18:24:43 -07:00
Mariano Cano
0f651799d0 Reject not enabled attestation formats 2022-09-08 17:38:05 -07:00
Mariano Cano
fd4e96d1f4 Rename method to IsChallengeEnabled 2022-09-08 13:22:35 -07:00
Mariano Cano
c77b4ff9c5 Fix linter errors 2022-09-08 12:49:16 -07:00
Mariano Cano
59c5219a07 Use a type for acme challenges 2022-09-08 12:34:06 -07:00
Mariano Cano
a89bea701d Format comment 2022-09-08 11:06:17 -07:00
Mariano Cano
5df9434286 Fix old comment, device-attest-01 uses the acme payload 2022-09-08 10:59:51 -07:00
Mariano Cano
3cd72ac72a Remove debug statements 2022-09-08 10:44:48 -07:00
Mariano Cano
df96b126dc Add AuthorizeChallenge unit tests 2022-08-24 12:31:09 -07:00
Mariano Cano
bca311b05e Add acme property to enable challenges
Fixes #1027
2022-08-23 17:11:40 -07:00
Mariano Cano
ae8d4d8757 Fix unit test 2022-08-23 17:01:15 -07:00
Mariano Cano
693dc39481 Merge branch 'master' into device-attestation 2022-08-22 17:59:17 -07:00
max furman
c040e4b459 Add unit tests 2022-08-16 15:48:23 -07:00
max furman
b7c2f6c482 Check for DNS name validity 2022-08-16 00:12:31 -07:00
Mariano Cano
66356cff43 Add attestation certificate validation for Apple devices 2022-07-14 17:10:03 -07:00
Brandon Weeks
7e1b0bebd9 iOS 16 beta 1 support 2022-06-23 05:19:36 +10:00
Brandon Weeks
2ac8b69da2 Add ACME permanent-identifier identifier type 2022-06-23 05:19:36 +10:00
Brandon Weeks
aacd6f4cc6 Add device-attest-01 challenge type 2022-06-23 05:19:36 +10:00
Shulhan
fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19)
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
2022-06-16 01:28:59 +07:00
Herman Slatman
abfbbc8d49
Merge pull request #946 from smallstep/herman/acme-csr-padding
Strip base64-url padding from ACME CSR
2022-05-25 23:25:34 +02:00
Herman Slatman
fd546287ac
Strip base64-url padding from ACME CSR
This commit strips the padding from a base64-url encoded CSR
submitted by a client that doesn't use raw base64-url encoding.
2022-05-25 22:46:26 +02:00
Mariano Cano
e7f4eaf6c4 Remove explicit deprecation notice
This will avoid linter errors on other projects for now.
2022-05-23 14:04:31 -07:00
Mariano Cano
d461918eb0 Merge branch 'master' into context-authority 2022-05-06 13:21:41 -07:00
Mariano Cano
2ea0c70344 Move acme context middleware to deprecated handler 2022-05-05 12:25:07 -07:00
Mariano Cano
9147356d8a Fix linter errors 2022-05-02 18:47:47 -07:00
Mariano Cano
ba499eeb2a Fix acme/api tests. 2022-05-02 17:40:10 -07:00
Mariano Cano
6f9d847bc6 Fix panic in acme/api tests. 2022-05-02 17:35:35 -07:00
Mariano Cano
d1f75f1720 Refactor ACME api. 2022-04-28 19:15:18 -07:00
Mariano Cano
fddd6f7d95 Move linker to the acme package. 2022-04-28 15:15:50 -07:00
Mariano Cano
55b0f72821 Add context methods for the acme linker. 2022-04-28 15:14:15 -07:00
Mariano Cano
bb8d85a201 Fix unit tests - work in progress 2022-04-27 19:08:16 -07:00
Mariano Cano
42435ace64 Use scep authority from context
This commit also converts all the methods from the handler to
functions.
2022-04-27 18:06:53 -07:00
Mariano Cano
d13537d426 Use context in the acme handlers. 2022-04-27 15:42:26 -07:00
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container 2022-04-26 13:12:16 +02:00
Herman Slatman
2a7620641f
Fix more PR comments 2022-04-26 10:15:17 +02:00
Herman Slatman
fb81407d6f
Fix ACME policy comments 2022-04-21 13:21:06 +02:00