Commit graph

3370 commits

Author SHA1 Message Date
Mariano Cano
2505a68f69
Merge pull request #1052 from smallstep/fix-nil-pointer
Fix nil pointer exception
2022-09-15 13:15:00 -07:00
Mariano Cano
8fc4a58242 Fix nil pointer exception, missing error 2022-09-15 13:05:39 -07:00
Raal Goff
40baf73dff remove incorrect check on revoked certificate dates, add mutex lock for generating CRLs, 2022-09-15 15:03:42 +08:00
Mariano Cano
4e19aa4c52 Add cache duration if crl is set 2022-09-14 12:21:52 -07:00
Mariano Cano
221e756f40 Use render.Error on crl endpoint 2022-09-14 11:50:11 -07:00
Mariano Cano
0829f37fe8 Define a default crl cache duration 2022-09-14 11:43:58 -07:00
Mariano Cano
4a4f7ca9ba Fix panic if cacheDuration is not set 2022-09-14 11:16:47 -07:00
max furman
25f0bf31f4
Update build status svg and link to github actions 2022-09-14 13:53:30 -04:00
Mariano Cano
df975122a0 Upgrade linkedca and add entry to changelog 2022-09-12 16:30:41 -07:00
Mariano Cano
666f695616
Merge pull request #1048 from smallstep/attest-platform
Attestation Formats
2022-09-12 14:09:35 -07:00
Mariano Cano
bb0210e875 Fix typo in linkedca variable 2022-09-09 14:34:32 -07:00
Mariano Cano
1e098aef5b Fixes ACMEAttestationFormat comment 2022-09-09 10:57:32 -07:00
Mariano Cano
66407139e5 Add methods to convert attestation formats 2022-09-08 17:49:24 -07:00
Mariano Cano
0f651799d0 Reject not enabled attestation formats 2022-09-08 17:38:05 -07:00
Mariano Cano
53ad3a9dbe Add go workspaces files to gitignore 2022-09-08 17:24:51 -07:00
Mariano Cano
ba42aaf865 Add attestationFormat property in the ACME provisioner 2022-09-08 17:16:50 -07:00
Mariano Cano
b2119e9f2c
Merge pull request #977 from smallstep/device-attestation
Device attestation
2022-09-08 13:26:28 -07:00
Mariano Cano
fd4e96d1f4 Rename method to IsChallengeEnabled 2022-09-08 13:22:35 -07:00
Mariano Cano
c77b4ff9c5 Fix linter errors 2022-09-08 12:49:16 -07:00
Mariano Cano
59c5219a07 Use a type for acme challenges 2022-09-08 12:34:06 -07:00
Mariano Cano
a89bea701d Format comment 2022-09-08 11:06:17 -07:00
Mariano Cano
5df9434286 Fix old comment, device-attest-01 uses the acme payload 2022-09-08 10:59:51 -07:00
Mariano Cano
c5d3714a63 Fix acme error map 2022-09-08 10:48:17 -07:00
Mariano Cano
08815c5e90 Reneame attestation statement error 2022-09-08 10:46:58 -07:00
Mariano Cano
3cd72ac72a Remove debug statements 2022-09-08 10:44:48 -07:00
Raal Goff
924082bb49 fix linter errors 2022-09-08 10:09:37 +08:00
Raal Goff
d2483f3a70 Merge branch 'master' into crl-support
# Conflicts:
#	authority/config/config.go
2022-09-08 09:45:04 +08:00
Mariano Cano
55318efe13
Merge pull request #1043 from unreality/oidc-missing-email
Allow missing Email claim in OIDC tokens
2022-09-07 18:29:52 -07:00
Mariano Cano
1b68a9f961
Merge pull request #1045 from smallstep/deprecation-notice
Add deprecation notices to step-x-init binaries
2022-09-07 13:20:02 -07:00
Mariano Cano
bc61b23d91 Add deprecation notices to step-x-init binaries
Fixes #1044
2022-09-06 17:39:43 -07:00
Raal Goff
b89f210469 remove fail-email test and add ok-empty-email test 2022-09-07 07:45:27 +08:00
Mariano Cano
a2749ca8ed Merge branch 'master' into device-attestation 2022-09-06 12:29:06 -07:00
Raal Goff
7a03c43fe2 allow missing Email claim in OIDC tokens, use subject when its missing 2022-09-05 12:43:32 +08:00
Mariano Cano
e75e7e7cd6 Fix linter warnings 2022-09-01 16:18:13 -07:00
Mariano Cano
54d92095ac Validate proof of possession signature
On the step format, validate proof of possession of the private
key validating the signature in the attestation statement.
2022-09-01 10:45:31 -07:00
Mariano Cano
45af68b244 Upgrade go.step.sm/crypto 2022-08-31 11:36:07 -07:00
Mariano Cano
d718c69ad3 Prepare changelog for release 2022-08-30 21:10:18 -07:00
Mariano Cano
b8162d5954
Merge pull request #1034 from smallstep/fix-1033
Fixes signature algorithm
2022-08-30 21:03:22 -07:00
Mariano Cano
a7fcfe0e4e Verify with roots and intermediates 2022-08-30 17:11:44 -07:00
Mariano Cano
30c54a555d Add entry in changelog 2022-08-30 16:57:31 -07:00
Mariano Cano
ea8579f3df Fix bad signature algorithm on EC+RSA PKI
When the root certificate has an EC key and he intermediate has an
RSA key, the signature algorithm of the leafs should be the default
one, SHA256WithRSA, instead of the one that the intermediate has.

Fixes #1033
2022-08-30 16:49:56 -07:00
Mariano Cano
59b7603d1e Use a clientAuth only cert for device-attest-01 2022-08-30 16:09:44 -07:00
Mariano Cano
6db631df51 Upgrade go.step.sm/crypto@attest 2022-08-30 15:49:10 -07:00
Mariano Cano
ca412e77cc Return error on attestation validation
The method storeError returns a nil error
2022-08-29 20:03:34 -07:00
Mariano Cano
ab5f916bd3 Define ErrorBadAttestationStatement 2022-08-29 20:02:43 -07:00
Mariano Cano
735c9d49b0 Add support for yubikey attestation 2022-08-29 19:37:30 -07:00
Mariano Cano
ebce40e9b6 Add new method ACMEClient.ValidateWithPayload
This new method will be used to validate to validate the device
attestation payload.
2022-08-29 19:35:52 -07:00
Mariano Cano
a893d6e7f7 Upgrade go.step.sm/cli-utils
Fixes issue with step path
2022-08-25 15:37:35 -07:00
Mariano Cano
432477aa91
Merge pull request #1030 from smallstep/herman/fix-template-validation
Add provisioner template validation
2022-08-25 14:51:39 -07:00
Mariano Cano
1938b1bb34 Merge branch 'master' into herman/fix-template-validation 2022-08-25 13:31:33 -07:00