Mariano Cano
2505a68f69
Merge pull request #1052 from smallstep/fix-nil-pointer
...
Fix nil pointer exception
2022-09-15 13:15:00 -07:00
Mariano Cano
8fc4a58242
Fix nil pointer exception, missing error
2022-09-15 13:05:39 -07:00
Raal Goff
40baf73dff
remove incorrect check on revoked certificate dates, add mutex lock for generating CRLs,
2022-09-15 15:03:42 +08:00
Mariano Cano
4e19aa4c52
Add cache duration if crl is set
2022-09-14 12:21:52 -07:00
Mariano Cano
221e756f40
Use render.Error on crl endpoint
2022-09-14 11:50:11 -07:00
Mariano Cano
0829f37fe8
Define a default crl cache duration
2022-09-14 11:43:58 -07:00
Mariano Cano
4a4f7ca9ba
Fix panic if cacheDuration is not set
2022-09-14 11:16:47 -07:00
max furman
25f0bf31f4
Update build status svg and link to github actions
2022-09-14 13:53:30 -04:00
Mariano Cano
df975122a0
Upgrade linkedca and add entry to changelog
2022-09-12 16:30:41 -07:00
Mariano Cano
666f695616
Merge pull request #1048 from smallstep/attest-platform
...
Attestation Formats
2022-09-12 14:09:35 -07:00
Mariano Cano
bb0210e875
Fix typo in linkedca variable
2022-09-09 14:34:32 -07:00
Mariano Cano
1e098aef5b
Fixes ACMEAttestationFormat comment
2022-09-09 10:57:32 -07:00
Mariano Cano
66407139e5
Add methods to convert attestation formats
2022-09-08 17:49:24 -07:00
Mariano Cano
0f651799d0
Reject not enabled attestation formats
2022-09-08 17:38:05 -07:00
Mariano Cano
53ad3a9dbe
Add go workspaces files to gitignore
2022-09-08 17:24:51 -07:00
Mariano Cano
ba42aaf865
Add attestationFormat property in the ACME provisioner
2022-09-08 17:16:50 -07:00
Mariano Cano
b2119e9f2c
Merge pull request #977 from smallstep/device-attestation
...
Device attestation
2022-09-08 13:26:28 -07:00
Mariano Cano
fd4e96d1f4
Rename method to IsChallengeEnabled
2022-09-08 13:22:35 -07:00
Mariano Cano
c77b4ff9c5
Fix linter errors
2022-09-08 12:49:16 -07:00
Mariano Cano
59c5219a07
Use a type for acme challenges
2022-09-08 12:34:06 -07:00
Mariano Cano
a89bea701d
Format comment
2022-09-08 11:06:17 -07:00
Mariano Cano
5df9434286
Fix old comment, device-attest-01 uses the acme payload
2022-09-08 10:59:51 -07:00
Mariano Cano
c5d3714a63
Fix acme error map
2022-09-08 10:48:17 -07:00
Mariano Cano
08815c5e90
Reneame attestation statement error
2022-09-08 10:46:58 -07:00
Mariano Cano
3cd72ac72a
Remove debug statements
2022-09-08 10:44:48 -07:00
Raal Goff
924082bb49
fix linter errors
2022-09-08 10:09:37 +08:00
Raal Goff
d2483f3a70
Merge branch 'master' into crl-support
...
# Conflicts:
# authority/config/config.go
2022-09-08 09:45:04 +08:00
Mariano Cano
55318efe13
Merge pull request #1043 from unreality/oidc-missing-email
...
Allow missing Email claim in OIDC tokens
2022-09-07 18:29:52 -07:00
Mariano Cano
1b68a9f961
Merge pull request #1045 from smallstep/deprecation-notice
...
Add deprecation notices to step-x-init binaries
2022-09-07 13:20:02 -07:00
Mariano Cano
bc61b23d91
Add deprecation notices to step-x-init binaries
...
Fixes #1044
2022-09-06 17:39:43 -07:00
Raal Goff
b89f210469
remove fail-email test and add ok-empty-email test
2022-09-07 07:45:27 +08:00
Mariano Cano
a2749ca8ed
Merge branch 'master' into device-attestation
2022-09-06 12:29:06 -07:00
Raal Goff
7a03c43fe2
allow missing Email claim in OIDC tokens, use subject when its missing
2022-09-05 12:43:32 +08:00
Mariano Cano
e75e7e7cd6
Fix linter warnings
2022-09-01 16:18:13 -07:00
Mariano Cano
54d92095ac
Validate proof of possession signature
...
On the step format, validate proof of possession of the private
key validating the signature in the attestation statement.
2022-09-01 10:45:31 -07:00
Mariano Cano
45af68b244
Upgrade go.step.sm/crypto
2022-08-31 11:36:07 -07:00
Mariano Cano
d718c69ad3
Prepare changelog for release
2022-08-30 21:10:18 -07:00
Mariano Cano
b8162d5954
Merge pull request #1034 from smallstep/fix-1033
...
Fixes signature algorithm
2022-08-30 21:03:22 -07:00
Mariano Cano
a7fcfe0e4e
Verify with roots and intermediates
2022-08-30 17:11:44 -07:00
Mariano Cano
30c54a555d
Add entry in changelog
2022-08-30 16:57:31 -07:00
Mariano Cano
ea8579f3df
Fix bad signature algorithm on EC+RSA PKI
...
When the root certificate has an EC key and he intermediate has an
RSA key, the signature algorithm of the leafs should be the default
one, SHA256WithRSA, instead of the one that the intermediate has.
Fixes #1033
2022-08-30 16:49:56 -07:00
Mariano Cano
59b7603d1e
Use a clientAuth only cert for device-attest-01
2022-08-30 16:09:44 -07:00
Mariano Cano
6db631df51
Upgrade go.step.sm/crypto@attest
2022-08-30 15:49:10 -07:00
Mariano Cano
ca412e77cc
Return error on attestation validation
...
The method storeError returns a nil error
2022-08-29 20:03:34 -07:00
Mariano Cano
ab5f916bd3
Define ErrorBadAttestationStatement
2022-08-29 20:02:43 -07:00
Mariano Cano
735c9d49b0
Add support for yubikey attestation
2022-08-29 19:37:30 -07:00
Mariano Cano
ebce40e9b6
Add new method ACMEClient.ValidateWithPayload
...
This new method will be used to validate to validate the device
attestation payload.
2022-08-29 19:35:52 -07:00
Mariano Cano
a893d6e7f7
Upgrade go.step.sm/cli-utils
...
Fixes issue with step path
2022-08-25 15:37:35 -07:00
Mariano Cano
432477aa91
Merge pull request #1030 from smallstep/herman/fix-template-validation
...
Add provisioner template validation
2022-08-25 14:51:39 -07:00
Mariano Cano
1938b1bb34
Merge branch 'master' into herman/fix-template-validation
2022-08-25 13:31:33 -07:00