Commit graph

272 commits

Author SHA1 Message Date
Mariano Cano
a89bea701d Format comment 2022-09-08 11:06:17 -07:00
Mariano Cano
5df9434286 Fix old comment, device-attest-01 uses the acme payload 2022-09-08 10:59:51 -07:00
Mariano Cano
c5d3714a63 Fix acme error map 2022-09-08 10:48:17 -07:00
Mariano Cano
08815c5e90 Reneame attestation statement error 2022-09-08 10:46:58 -07:00
Mariano Cano
3cd72ac72a Remove debug statements 2022-09-08 10:44:48 -07:00
Mariano Cano
e75e7e7cd6 Fix linter warnings 2022-09-01 16:18:13 -07:00
Mariano Cano
54d92095ac Validate proof of possession signature
On the step format, validate proof of possession of the private
key validating the signature in the attestation statement.
2022-09-01 10:45:31 -07:00
Mariano Cano
59b7603d1e Use a clientAuth only cert for device-attest-01 2022-08-30 16:09:44 -07:00
Mariano Cano
ca412e77cc Return error on attestation validation
The method storeError returns a nil error
2022-08-29 20:03:34 -07:00
Mariano Cano
ab5f916bd3 Define ErrorBadAttestationStatement 2022-08-29 20:02:43 -07:00
Mariano Cano
735c9d49b0 Add support for yubikey attestation 2022-08-29 19:37:30 -07:00
Mariano Cano
df96b126dc Add AuthorizeChallenge unit tests 2022-08-24 12:31:09 -07:00
Mariano Cano
bca311b05e Add acme property to enable challenges
Fixes #1027
2022-08-23 17:11:40 -07:00
Mariano Cano
ae8d4d8757 Fix unit test 2022-08-23 17:01:15 -07:00
Mariano Cano
693dc39481 Merge branch 'master' into device-attestation 2022-08-22 17:59:17 -07:00
Mariano Cano
23b8f45b37 Address gosec warnings
Most if not all false positives
2022-08-18 17:46:20 -07:00
max furman
c040e4b459 Add unit tests 2022-08-16 15:48:23 -07:00
max furman
b7c2f6c482 Check for DNS name validity 2022-08-16 00:12:31 -07:00
Mariano Cano
b62f4d1000 Add lgtm comments on some security warnings 2022-08-11 17:32:57 -07:00
Mariano Cano
2f7cb9225f Use go.step.sm/crypto to set the permanent identifier 2022-08-10 17:38:18 -07:00
Mariano Cano
2ab1e6658e Fix nonce validation
The attestation certificate contains the nonce as raw bytes in the
extension 1.2.840.113635.100.8.11.1
2022-08-09 15:06:52 -07:00
Mariano Cano
66356cff43 Add attestation certificate validation for Apple devices 2022-07-14 17:10:03 -07:00
Brandon Weeks
274f6ccb41 iOS 16 beta 2 support 2022-06-23 05:43:24 +10:00
Brandon Weeks
7e1b0bebd9 iOS 16 beta 1 support 2022-06-23 05:19:36 +10:00
Brandon Weeks
77c6d10fd6 Verify key authorization is contained within the TPM quote extraData field 2022-06-23 05:19:36 +10:00
Brandon Weeks
e1ec31c0ed Implement TPM attestation statement verification 2022-06-23 05:19:36 +10:00
Brandon Weeks
2ac8b69da2 Add ACME permanent-identifier identifier type 2022-06-23 05:19:36 +10:00
Brandon Weeks
aacd6f4cc6 Add device-attest-01 challenge type 2022-06-23 05:19:36 +10:00
Brandon Weeks
860baeb1c5 Verbose debug logging 2022-06-23 05:19:36 +10:00
Shulhan
fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19)
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
2022-06-16 01:28:59 +07:00
Herman Slatman
abfbbc8d49
Merge pull request #946 from smallstep/herman/acme-csr-padding
Strip base64-url padding from ACME CSR
2022-05-25 23:25:34 +02:00
Herman Slatman
fd546287ac
Strip base64-url padding from ACME CSR
This commit strips the padding from a base64-url encoded CSR
submitted by a client that doesn't use raw base64-url encoding.
2022-05-25 22:46:26 +02:00
Mariano Cano
e7f4eaf6c4 Remove explicit deprecation notice
This will avoid linter errors on other projects for now.
2022-05-23 14:04:31 -07:00
Mariano Cano
d461918eb0 Merge branch 'master' into context-authority 2022-05-06 13:21:41 -07:00
Mariano Cano
2ea0c70344 Move acme context middleware to deprecated handler 2022-05-05 12:25:07 -07:00
Mariano Cano
9147356d8a Fix linter errors 2022-05-02 18:47:47 -07:00
Mariano Cano
2ab7dc6f9d Fix acme tests. 2022-05-02 18:09:26 -07:00
Mariano Cano
ba499eeb2a Fix acme/api tests. 2022-05-02 17:40:10 -07:00
Mariano Cano
6f9d847bc6 Fix panic in acme/api tests. 2022-05-02 17:35:35 -07:00
Herman Slatman
d82e51b748
Update AllowWildcardNames configuration name 2022-04-29 15:08:19 +02:00
Mariano Cano
d1f75f1720 Refactor ACME api. 2022-04-28 19:15:18 -07:00
Mariano Cano
fddd6f7d95 Move linker to the acme package. 2022-04-28 15:15:50 -07:00
Mariano Cano
55b0f72821 Add context methods for the acme linker. 2022-04-28 15:14:15 -07:00
Mariano Cano
bb8d85a201 Fix unit tests - work in progress 2022-04-27 19:08:16 -07:00
Mariano Cano
42435ace64 Use scep authority from context
This commit also converts all the methods from the handler to
functions.
2022-04-27 18:06:53 -07:00
Mariano Cano
d13537d426 Use context in the acme handlers. 2022-04-27 15:42:26 -07:00
Mariano Cano
bd412c9f42 Add context methods for the acme database 2022-04-27 12:11:00 -07:00
Herman Slatman
6e1f8dd7ab
Refactor policy engines into container 2022-04-26 13:12:16 +02:00
Herman Slatman
2a7620641f
Fix more PR comments 2022-04-26 10:15:17 +02:00
Herman Slatman
fb81407d6f
Fix ACME policy comments 2022-04-21 13:21:06 +02:00