github-personal/certificates
1
0
Fork 0
mirror of https://github.com/outbackdingo/certificates.git synced 2026-01-27 02:18:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,310 Commits 1 Branch 0 Tags
master
Commit Graph

62 Commits

Author SHA1 Message Date
Mariano Cano
f2663dd9d9 Add data support on SCEPCHALLENGE webhooks 
This commit adds support for using template data from SCEPCHALLENGE
webhooks.
 2024-11-11 18:35:28 -08:00
Herman Slatman
b226b6eb4c Prevent exposing any internal details in SCEP failure message 
To be on the safe side, block errors from signing operations from
being returned to the client. We should revisit, and make it return
a more informative error, but with high assurance that no sensitive
information is added to the message.
 2024-04-10 01:59:56 +02:00
Herman Slatman
041b486c55 Remove usages of Sign without context 2024-02-27 14:16:21 +01:00
Herman Slatman
2a8b80a3e1 Merge branch 'master' into herman/webhook-request-id 2024-02-27 12:17:10 +01:00
Max
d34f0f6a97 Fix linter warnings (#1634) 2023-11-28 20:58:58 -08:00
Herman Slatman
1abada69b0 Update import aliases from microscep to smallscep 2023-10-24 21:48:24 +02:00
Herman Slatman
4c17f25389 Replace MicroMDM and Mozilla libraries with Smallstep forks 2023-10-24 21:44:34 +02:00
Herman Slatman
b6c95d7be2 Add additional properties to SCEP notify webhook request body 2023-09-21 18:12:13 +02:00
Herman Slatman
52bc96760b Add SCEP certificate issuance notification webhook 2023-09-21 12:01:03 +02:00
Herman Slatman
9e3807eaa3 Use SignWithContext in the critical paths 2023-09-19 16:34:29 +02:00
Herman Slatman
36f1dd70bf Add CSR to SCEPCHALLENGE webhook request body 2023-09-07 14:11:53 +02:00
Herman Slatman
9d3b78ae49 Add excludeIntermediate to SCEP provisioner 2023-09-04 14:55:27 +02:00
Herman Slatman
0d09f3e202 Prevent data races with multiple PKCS7 encryption operations 2023-08-04 12:14:29 +02:00
Herman Slatman
e2e9bf5494 Clarify some SCEP properties 2023-08-04 01:55:52 +02:00
Herman Slatman
c0a1837cd9 Verify full decrypter/signer configuration at usage time 
When changing the SCEP configuration it is possible that one
or both of the decrypter configurations required are not available
or have been provided in a way that's not usable for actual SCEP
requests.

Instead of failing hard when provisioners are loaded,
which could result in the CA not starting properly, this type of
problematic configuration errors will now be handled at usage
time instead.
 2023-08-03 16:09:51 +02:00
Herman Slatman
0f35bb1af5 Defer missing decrypter/signer configuration errors to SCEP authority 2023-08-03 15:34:20 +02:00
Herman Slatman
fc1fb51854 Improve SCEP authority initialization and reload 2023-08-02 18:35:38 +02:00
Herman Slatman
7163c4f95f Add helper for getting the appropriate SCEP response signer 2023-08-02 16:01:58 +02:00
Herman Slatman
567fc25404 Use the RSA decryption configuration for signing responses too 2023-07-27 00:55:39 +02:00
Herman Slatman
b2bf2c330b Simplify SCEP provisioner context handling 2023-06-01 16:22:00 +02:00
Herman Slatman
8fc3a46387 Refactor the SCEP authority initialization 
Instead of relying on an intermediate `scep.Service` struct,
initialize the `scep.Authority` directly. This removes one redundant
layer of indirection.
 2023-06-01 15:50:51 +02:00
Herman Slatman
6985b4be62 Clean up the SCEP authority and provisioner 2023-06-01 14:43:32 +02:00
Herman Slatman
180162bd6a Refactor SCEP provisioner and decrypter 2023-06-01 12:10:54 +02:00
Herman Slatman
0377fe559b Add basic version of provisioner specific SCEP decrypter 2023-05-26 23:52:49 +02:00
max furman
8b256f0351 address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Herman Slatman
e8c1e8719d Refactor SCEP webhook validation 2023-05-01 22:09:42 +02:00
Herman Slatman
419478d1e5 Make SCEP webhook validation look better 2023-04-29 01:15:39 +02:00
Herman Slatman
27cdcaf5ee Integrate the SCEP webhook with the existing webhook logic 2023-04-28 17:15:05 +02:00
Herman Slatman
05f7ab979f Create basic webhook for SCEP challenge validation 2023-04-28 15:47:22 +02:00
Andrew Reed
7101fbb0ee Provisioner webhooks (#1001) 2022-09-29 19:16:26 -05:00
max furman
ab0d2503ae Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
d51c6b7d83 Make step handler backward compatible 2022-05-04 19:20:34 -07:00
Mariano Cano
9147356d8a Fix linter errors 2022-05-02 18:47:47 -07:00
Mariano Cano
688f9ceb56 Add scep authority to context. 2022-04-27 18:02:37 -07:00
Panagiotis Siatras
e27124b037 scep: remove Interface and the dependency to pkg/errors (#872) 
* scep: documented the package

* scep/api: removed some top level constants

* scep: removed dependency to pkg/errors

* scep/api: documented the package
 2022-03-24 17:08:23 +02:00
Herman Slatman
5f42ae0bce Remove unused function LoadProvisionerByID from SCEP 2022-01-27 21:06:55 +01:00
Herman Slatman
3b72d241e0 Add LinkedCA integration for improved SCEP provisioner 2022-01-21 16:07:50 +01:00
Herman Slatman
64680bb16d Fix PR comments 2022-01-19 11:31:33 +01:00
Herman Slatman
3612eefc31 Cleanup 2022-01-18 15:54:18 +01:00
Herman Slatman
9c6580ccd2 Fix macOS SCEP client issues 
Fixes #746
 2022-01-14 10:48:23 +01:00
Herman Slatman
54610e890b Improve error logging 2021-05-07 00:23:09 +02:00
Herman Slatman
c3d9cef497 Update to v2.0.0 of github.com/micromdm/scep 2021-03-26 22:04:18 +01:00
Herman Slatman
9bda3c465a Add more template data 2021-03-26 16:11:35 +01:00
Herman Slatman
b97f024f8a Remove superfluous call to StoreCertificate 2021-03-26 14:02:52 +01:00
Herman Slatman
583d60dc0d Address (most) PR comments 2021-03-21 16:42:41 +01:00
Herman Slatman
a4844fee7b Make tests green 2021-03-12 16:58:52 +01:00
Herman Slatman
e1cab4966f Improve initialization of SCEP authority 2021-03-12 15:49:39 +01:00
Herman Slatman
538fe8114d Fix linter issues 2021-03-10 22:39:20 +01:00
Herman Slatman
cc1ecb9438 Store new certificates in database 2021-03-10 22:20:02 +01:00
Herman Slatman
9902dc1079 Add signed failure responses 2021-03-10 21:13:05 +01:00