github-personal/certificates
1
0
Fork 0
mirror of https://github.com/outbackdingo/certificates.git synced 2026-01-27 10:18:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,310 Commits 1 Branch 0 Tags
master
Commit Graph

192 Commits

Author SHA1 Message Date
Mariano Cano
1011f5f540 Improve validation in authorization path 2025-12-02 16:54:44 -08:00
Herman Slatman
eb475e0f7c Refactor searching for serial number into function 2025-09-04 22:32:54 +02:00
Herman Slatman
c2e04f4a41 Support managed device ID OID for step attestation format 2025-09-04 00:27:41 +02:00
Mariano Cano
0b3115d80a Apply suggestions from code review 
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
 2025-08-20 12:39:54 -07:00
Mariano Cano
b7e59c97f3 Add support for YubiKeys 5.7.4+ 
This change adds the root certificate used on YubiKeys 5.7.4+. Now the
attestation certificate will be verified using two roots.

Attestation statements must contain all intermediates, see
smallstep/crypto#831

Fixes #2355
 2025-08-20 12:14:37 -07:00
Herman Slatman
27944b4eae Fix linter issues 2025-02-18 11:04:54 +01:00
Mariano Cano
ba9e08243a Add attestation format to challenge 
This commit adds the format of the payload to the challenge object.
 2024-12-30 12:55:32 -08:00
Mariano Cano
f812cf26c4 Allow storing the attestation payload (#2114) 
This commit allows storing the attestation payload using a custom database
implementation.
 2024-12-27 10:29:02 -08:00
Herman Slatman
25f674cf6e Move WireDB interface assertion up a level 2024-08-13 21:20:34 +02:00
Herman Slatman
bb512e76c3 Change Wire DB operations into using a runtime type assertion 2024-08-13 11:11:08 +02:00
Herman Slatman
cae47aa690 Merge branch 'master' into wire-acme-extensions 2024-08-02 22:58:56 +02:00
Mariano Cano
3e61796df4 Add a flag to enable strict DNS resolution 
This commit adds a flag to enable strict DNS resolution on ACME
challenges.
 2024-07-12 12:58:44 -07:00
Mariano Cano
8ac876df3a Fix HTTP01 challenge url when --acme-http-host is used 
This commit fixes an issue whith the HTTP-01 challenge URL not having
the insecure port.
 2024-07-09 13:28:39 -07:00
Herman Slatman
5fecc2bd87 Fix HTTP internal server error when bad attestation object is provided 2024-07-05 15:43:40 +02:00
Mariano Cano
2b30ae5087 Show clean URL on HTTP-01 errors 2024-07-03 11:14:28 -07:00
Mariano Cano
5c07d20ade Do strict DNS lookup on ACME 
This commit changes the ACME challenges to perform a strict DNS lookup
without taking into account the search list in a resolv.conf
 2024-07-02 15:52:00 -07:00
Herman Slatman
7426edb6d7 Merge branch 'master' into wire-acme-extensions 2024-04-22 20:36:25 +02:00
verytrap
db92404342 chore: fix function names in comment 
Signed-off-by: verytrap <wangqiuyue@outlook.com>
 2024-04-10 10:35:39 +08:00
Herman Slatman
6eb4662120 Improve token validation error messages and use net/url 2024-03-06 15:16:23 +01:00
Herman Slatman
194341e520 Address review comments 2024-02-07 00:54:29 +01:00
Herman Slatman
5d7e53303b Add validation of name in DPoP token 2024-02-06 21:54:29 +01:00
Herman Slatman
cd21f8d51f Refactor OIDC verifier instantation to happen only once 2024-01-31 15:49:45 +01:00
Herman Slatman
8a9b1b3f79 Move Wire option validation to provisioner initialization 2024-01-29 16:45:13 +01:00
Herman Slatman
93ba1654ea Fix tests to work with Wire UserID and DeviceID 2024-01-24 13:45:20 +01:00
Herman Slatman
19dbd02451 Add audience validation to access, dpop and id token 2024-01-17 16:04:58 +01:00
Herman Slatman
2f3819aa4e Use key authorization from ID token and handle -> preferred_username 2024-01-17 14:13:55 +01:00
Herman Slatman
b9254744a2 Fix validations for DPoP client ID, nonce and issuer 2024-01-17 11:33:50 +01:00
Herman Slatman
0a7fe6ebe9 Comment DPoP token checks that fail e2e test (currently) 2024-01-17 00:47:34 +01:00
Herman Slatman
0f0f060149 Improve access and dpop token validation 2024-01-17 00:09:24 +01:00
Herman Slatman
99934ec9a3 Improve test coverage for wireOIDC01Validate 2024-01-16 16:24:54 +01:00
Herman Slatman
7520736f5b Improve test coverage for wireDPOP01Validate 2024-01-16 14:01:48 +01:00
Herman Slatman
d84abac4df Add test for wireOIDC01Validate 2024-01-15 21:59:20 +01:00
Herman Slatman
768a08965d Store transformed OIDC token 2024-01-15 13:47:44 +01:00
Herman Slatman
0ad381b092 Add OIDC token template transformation 2024-01-12 16:48:21 +01:00
Herman Slatman
9bb1b24bf1 Change kid and dpop validation 2024-01-12 10:44:49 +01:00
Herman Slatman
79739e5073 Change signature algorithm property name 2024-01-12 09:48:49 +01:00
Herman Slatman
7eacb68361 Merge branch 'herman/remove-rusty-cli' into herman/wire-configuration-refactor 2024-01-11 21:29:15 +01:00
Herman Slatman
44721a7d58 Remove debug err print 2024-01-11 21:24:39 +01:00
Herman Slatman
348363abce Add Wire DPoP proof claims verification 2024-01-11 21:19:24 +01:00
Herman Slatman
1bf807add3 Use base64 encoded signing key format 2024-01-11 17:04:08 +01:00
Herman Slatman
1f5f756fce Make Wire options more robust 2024-01-11 16:14:53 +01:00
Herman Slatman
6ef64b6ed6 Refactor the Wire option configuration 2024-01-11 15:08:44 +01:00
Herman Slatman
b6fc0005d5 Add verification of maximum expiry time for Wire tokens 2024-01-11 14:24:34 +01:00
Herman Slatman
b964c97750 Add validation of handle and token to Wire verification 2024-01-11 13:47:17 +01:00
Herman Slatman
acad227b25 Put Wire options in lower level wire struct 2024-01-11 13:18:43 +01:00
Herman Slatman
cd9480ab14 Fix test for parseAndVerifyWireAccessToken 2024-01-11 12:45:29 +01:00
Herman Slatman
897688a831 Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli 2024-01-11 12:03:52 +01:00
Herman Slatman
70a2f431fa Address review remarks 2024-01-11 11:06:39 +01:00
Herman Slatman
033aef9f9d Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli 2024-01-10 18:57:51 +01:00
Herman Slatman
8faf26c593 Change KeyAuth back to old behavior (for now) 2024-01-10 18:32:18 +01:00