Max
7731edd816
Store and verify Acme account location ( #1386 )
...
* Store and verify account location on acme requests
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
Co-authored-by: Mariano Cano <mariano@smallstep.com>
2023-06-06 23:37:51 -07:00
max furman
8b256f0351
address linter warning for go 1.19
2023-05-09 23:47:28 -07:00
Herman Slatman
0f1c509e4b
Remove debug utility
2023-01-31 23:48:53 +01:00
Herman Slatman
60a9e41c1c
Remove Identifier
from top level ACME Errors
2023-01-26 14:59:08 +01:00
Herman Slatman
edee01c80c
Refactor debug utility
2023-01-26 13:41:01 +01:00
Herman Slatman
1c38113e44
Add ACME Subproblem
for more detailed ACME client-side errors
...
When validating an ACME challenge (`device-attest-01` in this case,
but it's also true for others), and validation fails, the CA didn't
return a lot of information about why the challenge had failed. By
introducing the ACME `Subproblem` type, an ACME `Error` can include
some additional information about what went wrong when validating
the challenge.
This is a WIP commit. The `Subproblem` isn't created in many code
paths yet, just for the `step` format at the moment. Will probably
follow up with some more improvements to how the ACME error is
handled. Also need to cleanup some debug things (q.Q)
2023-01-26 13:29:31 +01:00
Herman Slatman
817edcbba5
Remove charset=utf-8
from ACME certificate requests
2022-11-09 19:57:50 +01:00
Herman Slatman
3eae04928f
Add tests for ACME Meta object
2022-11-07 15:35:42 +01:00
Herman Slatman
b9f238ad4d
Add additional ACME meta
properties to provisioner configuration
2022-10-24 22:37:57 +02:00
Herman Slatman
c9793561ff
Make meta
object optional in ACME directory response
...
Harware appliances from Kemp seem to validate the contents of the
`meta` object, even if none of the properties in the `meta` object
is set. According to the RFC, the `meta` object, as well as its
properties are optional, so technically this should be fixed by
the manufacturer.
This commit is to see if we validation of the `meta` object is
skipped if it's not available in the response.
2022-10-24 14:14:28 +02:00
Mariano Cano
99299faeeb
Add AuthorizeChallenge unit tests
2022-09-20 19:03:03 -07:00
Mariano Cano
2b3b2c283a
Add attestation certificate validation for Apple devices
2022-09-20 18:51:43 -07:00
Brandon Weeks
5f5315260a
iOS 16 beta 1 support
2022-09-20 16:53:08 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2022-09-20 16:35:41 -07:00
Mariano Cano
829530ae90
Fix linter errors
2022-09-15 18:24:43 -07:00
Mariano Cano
0f651799d0
Reject not enabled attestation formats
2022-09-08 17:38:05 -07:00
Mariano Cano
fd4e96d1f4
Rename method to IsChallengeEnabled
2022-09-08 13:22:35 -07:00
Mariano Cano
c77b4ff9c5
Fix linter errors
2022-09-08 12:49:16 -07:00
Mariano Cano
59c5219a07
Use a type for acme challenges
2022-09-08 12:34:06 -07:00
Mariano Cano
a89bea701d
Format comment
2022-09-08 11:06:17 -07:00
Mariano Cano
5df9434286
Fix old comment, device-attest-01 uses the acme payload
2022-09-08 10:59:51 -07:00
Mariano Cano
3cd72ac72a
Remove debug statements
2022-09-08 10:44:48 -07:00
Mariano Cano
df96b126dc
Add AuthorizeChallenge unit tests
2022-08-24 12:31:09 -07:00
Mariano Cano
bca311b05e
Add acme property to enable challenges
...
Fixes #1027
2022-08-23 17:11:40 -07:00
Mariano Cano
ae8d4d8757
Fix unit test
2022-08-23 17:01:15 -07:00
Mariano Cano
693dc39481
Merge branch 'master' into device-attestation
2022-08-22 17:59:17 -07:00
max furman
c040e4b459
Add unit tests
2022-08-16 15:48:23 -07:00
max furman
b7c2f6c482
Check for DNS name validity
2022-08-16 00:12:31 -07:00
Mariano Cano
66356cff43
Add attestation certificate validation for Apple devices
2022-07-14 17:10:03 -07:00
Brandon Weeks
7e1b0bebd9
iOS 16 beta 1 support
2022-06-23 05:19:36 +10:00
Brandon Weeks
2ac8b69da2
Add ACME permanent-identifier identifier type
2022-06-23 05:19:36 +10:00
Brandon Weeks
aacd6f4cc6
Add device-attest-01 challenge type
2022-06-23 05:19:36 +10:00
Shulhan
fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19)
...
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
2022-06-16 01:28:59 +07:00
Herman Slatman
abfbbc8d49
Merge pull request #946 from smallstep/herman/acme-csr-padding
...
Strip base64-url padding from ACME CSR
2022-05-25 23:25:34 +02:00
Herman Slatman
fd546287ac
Strip base64-url padding from ACME CSR
...
This commit strips the padding from a base64-url encoded CSR
submitted by a client that doesn't use raw base64-url encoding.
2022-05-25 22:46:26 +02:00
Mariano Cano
e7f4eaf6c4
Remove explicit deprecation notice
...
This will avoid linter errors on other projects for now.
2022-05-23 14:04:31 -07:00
Mariano Cano
d461918eb0
Merge branch 'master' into context-authority
2022-05-06 13:21:41 -07:00
Mariano Cano
2ea0c70344
Move acme context middleware to deprecated handler
2022-05-05 12:25:07 -07:00
Mariano Cano
9147356d8a
Fix linter errors
2022-05-02 18:47:47 -07:00
Mariano Cano
ba499eeb2a
Fix acme/api tests.
2022-05-02 17:40:10 -07:00
Mariano Cano
6f9d847bc6
Fix panic in acme/api tests.
2022-05-02 17:35:35 -07:00
Mariano Cano
d1f75f1720
Refactor ACME api.
2022-04-28 19:15:18 -07:00
Mariano Cano
fddd6f7d95
Move linker to the acme package.
2022-04-28 15:15:50 -07:00
Mariano Cano
55b0f72821
Add context methods for the acme linker.
2022-04-28 15:14:15 -07:00
Mariano Cano
bb8d85a201
Fix unit tests - work in progress
2022-04-27 19:08:16 -07:00
Mariano Cano
42435ace64
Use scep authority from context
...
This commit also converts all the methods from the handler to
functions.
2022-04-27 18:06:53 -07:00
Mariano Cano
d13537d426
Use context in the acme handlers.
2022-04-27 15:42:26 -07:00
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container
2022-04-26 13:12:16 +02:00
Herman Slatman
2a7620641f
Fix more PR comments
2022-04-26 10:15:17 +02:00
Herman Slatman
fb81407d6f
Fix ACME policy comments
2022-04-21 13:21:06 +02:00