github-personal/certificates
1
0
Fork 0
mirror of https://github.com/outbackdingo/certificates.git synced 2026-01-27 18:18:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,310 Commits 1 Branch 0 Tags
master
Commit Graph

89 Commits

Author SHA1 Message Date
Herman Slatman
cae47aa690 Merge branch 'master' into wire-acme-extensions 2024-08-02 22:58:56 +02:00
Mariano Cano
d037ed6ff2 Add provisioner id to acme accounts 
This commit adds a new field that allows to have a reference to
a provisioner id in the acme account.
 2024-05-06 11:58:22 -07:00
Herman Slatman
2f3819aa4e Use key authorization from ID token and handle -> preferred_username 2024-01-17 14:13:55 +01:00
Herman Slatman
36e14de882 Improve Wire persistence errors 2024-01-17 13:02:12 +01:00
Herman Slatman
2efd1f682d Fix expected error type check 2024-01-15 16:31:00 +01:00
Herman Slatman
7d5a79190d Add tests for Wire OIDC and DPoP token persistence 2024-01-15 16:25:53 +01:00
Herman Slatman
776a839a42 Fix linter issues and improve error handling 2024-01-09 21:31:19 +01:00
Herman Slatman
eb9893bd21 Refactor logic for processing WireID identifiers in Order 
Processing `WireID` identifiers, the Wire subject, and the Wire
DPoP and OIDC tokens is now conditional.
 2024-01-09 18:22:21 +01:00
Herman Slatman
01169b2483 Make the Target optional in Challenge object 
This is a non-standard property in the ACME challenge response, so
we shouldn't return it if it's not set. Also made it an optional
field in the DB.
 2024-01-09 16:43:18 +01:00
beltram
9d5c974f44 fix: PR review 2024-01-08 22:02:48 +01:00
beltram
7b5740153d support for oidc id token 2024-01-08 22:00:29 +01:00
beltram
03dbd91418 fix dpop token json serialization to db 2024-01-08 21:52:28 +01:00
beltram
8888262e45 cheat by allowing also looking up for ready orders 2024-01-08 21:43:43 +01:00
beltram
0bc530c98e log more things 2024-01-08 21:36:50 +01:00
beltram
2e128056dc have updateOrder also update the update joint table [order by account] 2024-01-08 21:35:54 +01:00
beltram
abe86002ee try by storing everything in db 2024-01-08 21:33:53 +01:00
beltram
97002040a5 fix: challenge target field was not mapped to db entity 2024-01-08 21:09:07 +01:00
Max
7731edd816 Store and verify Acme account location (#1386) 
* Store and verify account location on acme requests

Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
Co-authored-by: Mariano Cano <mariano@smallstep.com>
 2023-06-06 23:37:51 -07:00
max furman
8b256f0351 address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Mariano Cano
6ba20209c2 Verify CSR key fingerprint with attestation certificate key 
This commit makes sure that the attestation certificate key matches the
key used on the CSR on an ACME device attestation flow.
 2023-02-09 16:48:43 -08:00
Herman Slatman
0f1c509e4b Remove debug utility 2023-01-31 23:48:53 +01:00
Herman Slatman
edee01c80c Refactor debug utility 2023-01-26 13:41:01 +01:00
Herman Slatman
1c38113e44 Add ACME Subproblem for more detailed ACME client-side errors 
When validating an ACME challenge (`device-attest-01` in this case,
but it's also true for others), and validation fails, the CA didn't
return a lot of information about why the challenge had failed. By
introducing the ACME `Subproblem` type, an ACME `Error` can include
some additional information about what went wrong when validating
the challenge.

This is a WIP commit. The `Subproblem` isn't created in many code
paths yet, just for the `step` format at the moment. Will probably
follow up with some more improvements to how the ACME error is
handled. Also need to cleanup some debug things (q.Q)
 2023-01-26 13:29:31 +01:00
max furman
ab0d2503ae Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
226d36f66f Fix unit tests 2022-09-19 14:17:30 -07:00
Herman Slatman
2a7620641f Fix more PR comments 2022-04-26 10:15:17 +02:00
Herman Slatman
7df52dbb76 Add ACME EAB policy 2022-04-07 14:11:53 +02:00
Herman Slatman
bf21319e76 Fix PR comments and issue with empty string slices 2022-01-28 13:26:56 +01:00
Herman Slatman
fd9845e9c7 Add cursor and limit to ACME EAB DB interface 2022-01-24 14:03:56 +01:00
Herman Slatman
c3f2fd8ef0 Add RW locks to prevent concurrent updates to the DB 
Although this may slow certain API calls down and may not be, strictly
necessary, I think it's best to put all the ACME EAB operations behind
RW locks to prevent concurrent updates to the DB and guarantee
consistent result sets.
 2022-01-20 17:25:15 +01:00
Herman Slatman
868cc4ad7f Increase test coverage for additional indexes 2022-01-20 17:06:23 +01:00
Herman Slatman
c0eb420806 Remove special case for empty slices 2022-01-20 11:03:49 +01:00
Herman Slatman
ef16febf40 Refactor ACME EAB queries 
The ACME EAB keys are now also indexed by the provisioner. This
solves part of the issue in which too many EAB keys may be in
memory at a given time.
 2022-01-07 16:59:55 +01:00
Herman Slatman
30859d3c83 Remove server-side paging logic for ExternalAccountKeys 2022-01-06 14:09:35 +01:00
Herman Slatman
11a7f01177 Simplify lookup cursor logic for ExternalAccountKeys 2021-12-22 15:42:49 +01:00
Herman Slatman
f9ae875f9d Use short if-style statements 2021-12-20 14:30:01 +01:00
Herman Slatman
d799359917 Merge branch 'master' into hs/acme-eab 2021-12-09 13:58:40 +01:00
Herman Slatman
06bb97c91e Add logic for Account authorizations and improve tests 2021-12-02 16:25:35 +01:00
Herman Slatman
a7fbbc4748 Add tests for GetCertificateBySerial 2021-11-28 21:20:57 +01:00
Herman Slatman
3151255a25 Merge branch 'master' into hs/acme-revocation 2021-10-30 15:41:29 +02:00
Herman Slatman
4d726d6b4c Add pagination to ACME EAB credentials endpoint 2021-10-17 22:42:36 +02:00
Herman Slatman
d354d55e7f Improve handling duplicate ACME EAB references 2021-10-16 14:44:56 +02:00
Herman Slatman
dd4b4b0435 Fix remaining gocritic remarks 2021-10-11 23:34:23 +02:00
Herman Slatman
a4660f73fa Fix some of the gocritic remarks 2021-10-11 23:10:16 +02:00
Herman Slatman
e0b495e4c8 Merge branch 'master' into hs/acme-eab 2021-10-09 01:06:49 +02:00
Herman Slatman
c26041f835 Add ACME EAB nosql tests 2021-10-09 01:02:00 +02:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Herman Slatman
c2bc1351c6 Add provisioner to remove endpoint and clear reference index on delete 2021-09-17 17:48:09 +02:00
Herman Slatman
746c5c9fd9 Disallow creation of EAB keys with non-unique references 2021-09-17 17:25:19 +02:00
Herman Slatman
9c0020352b Add lookup by reference and make reference optional 2021-09-17 17:08:02 +02:00