github-personal/certificates
1
0
Fork 0
mirror of https://github.com/outbackdingo/certificates.git synced 2026-01-27 18:18:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,310 Commits 1 Branch 0 Tags
master
Commit Graph

61 Commits

Author SHA1 Message Date
Mariano Cano
f2663dd9d9 Add data support on SCEPCHALLENGE webhooks 
This commit adds support for using template data from SCEPCHALLENGE
webhooks.
 2024-11-11 18:35:28 -08:00
Herman Slatman
f088f92aee Fix for failing Windows SCEP enrollment certificates 2024-09-13 23:47:59 +02:00
Mariano Cano
f3f484cee2 Log errors using slog.Logger 
This commit allows logging errors in a slog.Logger injected in the
context. This type of logger is not currently used directly in step-ca,
but this will change in the future.
 2024-05-15 15:40:40 -07:00
Herman Slatman
b226b6eb4c Prevent exposing any internal details in SCEP failure message 
To be on the safe side, block errors from signing operations from
being returned to the client. We should revisit, and make it return
a more informative error, but with high assurance that no sensitive
information is added to the message.
 2024-04-10 01:59:56 +02:00
Herman Slatman
1abada69b0 Update import aliases from microscep to smallscep 2023-10-24 21:48:24 +02:00
Herman Slatman
4c17f25389 Replace MicroMDM and Mozilla libraries with Smallstep forks 2023-10-24 21:44:34 +02:00
Herman Slatman
25f4b4014d Add base64 to the raw message decoding error 2023-10-04 13:34:26 +02:00
Herman Slatman
965d7aa7f4 Fix linting issues 2023-10-04 13:33:01 +02:00
Herman Slatman
cd78b9fd43 Implement workaround for weird macOS SCEP message in query 
Apparently the macOS SCEP client sends a SCEP message in the query
that's not fully escaped. Only the base64 padding is escaped, the
'+' and '/' characters aren't.

This is a bit of a special case, because the macOS SCEP client
will default to using HTTP POST for the PKIOperation. But if the
CA is configured without the POSTPKIOperation capability, the
macOS SCEP client will use HTTP GET instead. This behavior might
be the same on iOS.
 2023-10-04 13:16:48 +02:00
Herman Slatman
3c12b4f5ad Improve decoding SCEP requests 2023-10-03 16:32:55 +02:00
Herman Slatman
ffe079f31b Merge branch 'master' into herman/scep-provisioner-decrypter 2023-09-23 00:06:56 +02:00
Herman Slatman
ba72710e2d Address code review remarks 2023-09-22 12:40:14 +02:00
Herman Slatman
6d2d21e989 Fix undefined and unused variables 
Forgot to save the latest version...
 2023-09-21 18:15:03 +02:00
Herman Slatman
b6c95d7be2 Add additional properties to SCEP notify webhook request body 2023-09-21 18:12:13 +02:00
Herman Slatman
52bc96760b Add SCEP certificate issuance notification webhook 2023-09-21 12:01:03 +02:00
Dominic Evans
231b5d8406 chore(deps): upgrade github.com/go-chi/chi to v5 
Upgrade chi to the v5 module path to avoid deprecation warning about v4
and earlier on the old module path.

See https://github.com/go-chi/chi/blob/v4.1.3/go.mod#L1-L4

Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
 2023-09-20 11:26:32 +01:00
Herman Slatman
36f1dd70bf Add CSR to SCEPCHALLENGE webhook request body 2023-09-07 14:11:53 +02:00
Herman Slatman
557672bb4b Add some notes for SCEP provisioners 2023-07-26 19:11:51 +02:00
Herman Slatman
b2bf2c330b Simplify SCEP provisioner context handling 2023-06-01 16:22:00 +02:00
Herman Slatman
6985b4be62 Clean up the SCEP authority and provisioner 2023-06-01 14:43:32 +02:00
Herman Slatman
0377fe559b Add basic version of provisioner specific SCEP decrypter 2023-05-26 23:52:49 +02:00
Herman Slatman
e8c1e8719d Refactor SCEP webhook validation 2023-05-01 22:09:42 +02:00
Herman Slatman
668ff9b515 Cleanup some comments and tests 2023-05-01 11:55:05 +02:00
Herman Slatman
5f0f0f4bcc Add SCEP webhook validation tests 2023-05-01 11:14:50 +02:00
Herman Slatman
419478d1e5 Make SCEP webhook validation look better 2023-04-29 01:15:39 +02:00
Herman Slatman
27cdcaf5ee Integrate the SCEP webhook with the existing webhook logic 2023-04-28 17:15:05 +02:00
Herman Slatman
05f7ab979f Create basic webhook for SCEP challenge validation 2023-04-28 15:47:22 +02:00
max furman
ab0d2503ae Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
400b1ece0b Remove scep handler after merge. 2022-05-12 17:39:36 -07:00
Mariano Cano
898ca41268 Merge branch 'master' into context-authority 2022-05-12 17:14:46 -07:00
Mariano Cano
d51c6b7d83 Make step handler backward compatible 2022-05-04 19:20:34 -07:00
Mariano Cano
9147356d8a Fix linter errors 2022-05-02 18:47:47 -07:00
Herman Slatman
13173ec8a2 Fix SCEP GET requests 2022-05-01 22:29:17 +02:00
Mariano Cano
42435ace64 Use scep authority from context 
This commit also converts all the methods from the handler to
functions.
 2022-04-27 18:06:53 -07:00
Panagiotis Siatras
e27124b037 scep: remove Interface and the dependency to pkg/errors (#872) 
* scep: documented the package

* scep/api: removed some top level constants

* scep: removed dependency to pkg/errors

* scep/api: documented the package
 2022-03-24 17:08:23 +02:00
Panagiotis Siatras
b98f86a515 scep: minor cleanup (#867) 
* api, scep: removed scep.Error

* scep/api: replaced nextHTTP with http.HandlerFunc

* scep/api: renamed writeSCEPResponse to writeResponse

* scep/api: renamed decodeSCEPRequest to decodeRequest

* scep/api: renamed writeError to fail

* scep/api: replaced pkg/errors with errors

* scep/api: formatted imports

* scep/api: do not export SCEPRequest & SCEPResponse

* scep/api: do not export Handler

* api: flush errors better
 2022-03-24 14:58:50 +02:00
Panagiotis Siatras
80abda22ee api/log: initial implementation of the package (#859) 
* api/log: initial implementation of the package

* api: refactored to support api/log

* scep/api: refactored to support api/log

* api/log: documented the package

* api: moved log-related tests to api/log
 2022-03-22 14:31:18 +02:00
Herman Slatman
15477f6d7b Make custom SCEP CA paths automagic 2022-03-15 23:28:56 +01:00
Herman Slatman
a3cda9c3d7 Add configuration for custom path segment 
To support SCEP clients that expect a specific path segment in
a SCEP URL, a new "customPath" option was added to the SCEP
provisioner configuration. The configuration can be used to set
a specific path (segment) that the SCEP provisioner will respond to.
 2022-03-07 13:24:26 +01:00
Herman Slatman
3b72d241e0 Add LinkedCA integration for improved SCEP provisioner 2022-01-21 16:07:50 +01:00
Herman Slatman
9c6580ccd2 Fix macOS SCEP client issues 
Fixes #746
 2022-01-14 10:48:23 +01:00
Herman Slatman
e7a988b2cd Pin golangci-lint to v1.43.0 and fix issues 2021-11-13 01:30:03 +01:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Herman Slatman
54610e890b Improve error logging 2021-05-07 00:23:09 +02:00
Herman Slatman
c3d9cef497 Update to v2.0.0 of github.com/micromdm/scep 2021-03-26 22:04:18 +01:00
Herman Slatman
583d60dc0d Address (most) PR comments 2021-03-21 16:42:41 +01:00
Herman Slatman
538fe8114d Fix linter issues 2021-03-10 22:39:20 +01:00
Herman Slatman
cc1ecb9438 Store new certificates in database 2021-03-10 22:20:02 +01:00
Herman Slatman
9902dc1079 Add signed failure responses 2021-03-10 21:13:05 +01:00
Herman Slatman
2536a08dc2 Add support for configuring capabilities (cacaps) 2021-03-07 00:50:00 +01:00