Gary Belvin
c6bb7aa199
Add back UI check, but don't read file
2021-06-15 18:18:29 +01:00
Gary Belvin
a63a1d6482
Don't double read from u.Pin()
2021-06-15 18:13:08 +01:00
Gary Belvin
063a09a521
Allow reading pin from kms string
2021-06-15 13:16:54 +01:00
Mariano Cano
c4d0c8a18e
Fix credentials file parameter on awskms
2021-06-11 21:40:04 -07:00
Mariano Cano
16e0cffd8b
Fix path for labeler.
2021-06-08 18:02:54 -07:00
Mariano Cano
dce1b290bd
Remove debug statements.
2021-06-08 17:57:24 -07:00
Mariano Cano
2a97389f1b
Upgrade dependencies.
2021-06-08 17:47:26 -07:00
Mariano Cano
ac3c754a6d
Use known CA and add tier and gcs bucket options.
2021-06-08 17:43:52 -07:00
Kevin Chen
2ac53f7c69
update gitter to discord
2021-06-08 09:42:20 -07:00
Mariano Cano
529eb4bae9
Rename CAPool to CaPool.
2021-06-07 19:20:23 -07:00
Mariano Cano
9db68db509
Add tests with cloudCAS EnableCertificateAuthority.
2021-06-07 19:17:30 -07:00
Mariano Cano
48bc4e549d
Fix cloudcas tests.
2021-06-07 15:53:29 -07:00
Herman Slatman
af4803b8b8
Fix tests
2021-06-04 11:14:59 +02:00
Mariano Cano
072bd0dcf4
Add support for Google CAS v1
2021-06-03 19:31:19 -07:00
Herman Slatman
0c79914d0d
Improve check for single IP in TLS-ALPN-01 challenge
2021-06-04 00:18:26 +02:00
Herman Slatman
a6405e98a9
Remove fmt.
2021-06-04 00:06:15 +02:00
Herman Slatman
2f40011da8
Add support for TLS-ALPN-01 challenge
2021-06-04 00:01:43 +02:00
Herman Slatman
76dcf542d4
Fix mixed DNS and IP SANs in Order
2021-06-03 22:45:24 +02:00
Herman Slatman
af615db6b5
Support DNS and IPs as SANs in single Order
2021-06-03 22:03:21 +02:00
Herman Slatman
a0e92f8e99
Verify IP identifier contains valid IP
2021-06-03 22:02:13 +02:00
Mariano Cano
35ede74ea7
Merge pull request #596 from gdbelvin/name
...
Allow configuration of PKCS11 subject name
2021-06-01 10:32:37 -07:00
Mariano Cano
595f12505c
Merge branch 'master' into name
2021-06-01 10:29:40 -07:00
Mariano Cano
e17fc4346d
Merge pull request #597 from gdbelvin/path
...
Configurable pkcs11-init output paths
2021-06-01 09:58:40 -07:00
Gary Belvin
c264e8f580
Configurable pkcs11-init output paths
2021-06-01 17:46:00 +01:00
Gary Belvin
623e387fb0
Allow configuration of PKCS11 subject name
2021-06-01 17:35:36 +01:00
Herman Slatman
6486e6016b
Make logic for which challenge types to use clearer
2021-05-29 00:37:22 +02:00
Herman Slatman
3e36522329
Add preliminary support for TLS-ALPN-01 challenge for IP identifiers
2021-05-29 00:19:14 +02:00
Herman Slatman
848b5202a5
Merge branch 'master' into hs/ip-verification
2021-05-28 16:42:05 +02:00
Herman Slatman
6d9710c88d
Add initial support for ACME IP validation
2021-05-28 16:40:46 +02:00
Herman Slatman
7e82bd6ef3
Add setup for Authority tests
2021-05-26 16:15:26 -07:00
Herman Slatman
74d8bdc298
Add tests for CreateDecrypter
2021-05-26 16:15:26 -07:00
Herman Slatman
a64974c179
Fix small typo in divisible
2021-05-26 16:15:26 -07:00
Herman Slatman
382b6f977c
Improve error logging
2021-05-26 16:15:26 -07:00
Herman Slatman
d46a4eaca4
Change fmt to errors package for formatting errors
2021-05-26 16:15:26 -07:00
Herman Slatman
2beea1aa89
Add configuration option for specifying the minimum public key length
...
Instead of using the defaultPublicKeyValidator a new validator called
publicKeyMinimumLengthValidator has been implemented that uses a
configurable minimum length for public keys in CSRs.
It's also an option to alter the defaultPublicKeyValidator to also
take a parameter, but that would touch quite some lines of code. This
might be a viable option after merging SCEP support.
2021-05-26 16:15:26 -07:00
Herman Slatman
4168449935
Fix typo
2021-05-26 16:15:26 -07:00
Herman Slatman
fa100a5138
Mask challenge password after it has been read
2021-05-26 16:15:26 -07:00
Herman Slatman
66a67ed691
Update to v2.0.0 of github.com/micromdm/scep
2021-05-26 16:15:24 -07:00
Herman Slatman
03c472359c
Add sync.WaitGroup for proper error handling in Run()
2021-05-26 16:14:57 -07:00
Herman Slatman
1cd0cb99f6
Add more template data
2021-05-26 16:13:58 -07:00
Herman Slatman
13fe7a0121
Make serving SCEP endpoints optional
...
Only when a SCEP provisioner is enabled, the SCEP endpoints
will now be available.
The SCEP endpoints will be served on an "insecure" server,
without TLS, only when an additional "insecureAddress" and a
SCEP provisioner are configured for the CA.
2021-05-26 16:13:57 -07:00
Herman Slatman
bcacd2f4da
Fix typo
2021-05-26 16:13:38 -07:00
Herman Slatman
a0242ad6ce
Add validation to SCEP Options
2021-05-26 16:13:38 -07:00
Herman Slatman
4cd45f6374
Remove superfluous call to StoreCertificate
2021-05-26 16:13:36 -07:00
Herman Slatman
97b88c4d58
Address (most) PR comments
2021-05-26 16:12:57 -07:00
Herman Slatman
be528da709
Make tests green
2021-05-26 16:10:22 -07:00
Herman Slatman
57a62964b1
Make tests not fail hard on ECDSA keys
...
All tests for the Authority failed because the test data
contains ECDSA keys. ECDSA keys are no crypto.Decrypter,
resulting in a failure when instantiating the Authority.
2021-05-26 16:10:22 -07:00
Herman Slatman
5a80bc3ced
Make linter happy
2021-05-26 16:10:22 -07:00
Herman Slatman
dd4f548650
Fix certificateChain property
2021-05-26 16:10:22 -07:00
Herman Slatman
491c2b8d93
Improve initialization of SCEP authority
2021-05-26 16:10:21 -07:00