Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,426 Commits
40 Branches
214 Tags
92 MiB
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7426edb6d7'
${ noResults }
Commit Graph

58 Commits (7426edb6d7c51925964e5732ff43ab2582cb82a4)

Author SHA1 Message Date
Herman Slatman b226b6eb4c
Prevent exposing any internal details in SCEP failure message 
To be on the safe side, block errors from signing operations from
being returned to the client. We should revisit, and make it return
a more informative error, but with high assurance that no sensitive
information is added to the message.
 2 months ago
Herman Slatman 1abada69b0
Update import aliases from `microscep` to `smallscep` 7 months ago
Herman Slatman 4c17f25389
Replace MicroMDM and Mozilla libraries with Smallstep forks 7 months ago
Herman Slatman 25f4b4014d
Add `base64` to the raw message decoding error 8 months ago
Herman Slatman 965d7aa7f4
Fix linting issues 8 months ago
Herman Slatman cd78b9fd43
Implement workaround for weird macOS SCEP message in query 
Apparently the macOS SCEP client sends a SCEP message in the query
that's not fully escaped. Only the base64 padding is escaped, the
'+' and '/' characters aren't.

This is a bit of a special case, because the macOS SCEP client
will default to using HTTP POST for the PKIOperation. But if the
CA is configured without the POSTPKIOperation capability, the
macOS SCEP client will use HTTP GET instead. This behavior might
be the same on iOS.
 8 months ago
Herman Slatman 3c12b4f5ad
Improve decoding SCEP requests 8 months ago
Herman Slatman ffe079f31b
Merge branch 'master' into herman/scep-provisioner-decrypter 8 months ago
Herman Slatman ba72710e2d
Address code review remarks 8 months ago
Herman Slatman 6d2d21e989
Fix undefined and unused variables 
Forgot to save the latest version...
 8 months ago
Herman Slatman b6c95d7be2
Add additional properties to SCEP notify webhook request body 8 months ago
Herman Slatman 52bc96760b
Add SCEP certificate issuance notification webhook 8 months ago
Dominic Evans 231b5d8406 chore(deps): upgrade github.com/go-chi/chi to v5 
Upgrade chi to the v5 module path to avoid deprecation warning about v4
and earlier on the old module path.

See https://github.com/go-chi/chi/blob/v4.1.3/go.mod#L1-L4

Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
 9 months ago
Herman Slatman 36f1dd70bf
Add CSR to `SCEPCHALLENGE` webhook request body 9 months ago
Herman Slatman 557672bb4b
Add some notes for SCEP provisioners 10 months ago
Herman Slatman b2bf2c330b
Simplify SCEP provisioner context handling 1 year ago
Herman Slatman 6985b4be62
Clean up the SCEP authority and provisioner 1 year ago
Herman Slatman 0377fe559b
Add basic version of provisioner specific SCEP decrypter 1 year ago
Herman Slatman e8c1e8719d
Refactor SCEP webhook validation 1 year ago
Herman Slatman 668ff9b515
Cleanup some comments and tests 1 year ago
Herman Slatman 5f0f0f4bcc
Add SCEP webhook validation tests 1 year ago
Herman Slatman 419478d1e5
Make SCEP webhook validation look better 1 year ago
Herman Slatman 27cdcaf5ee
Integrate the SCEP webhook with the existing webhook logic 1 year ago
Herman Slatman 05f7ab979f
Create basic webhook for SCEP challenge validation 1 year ago
max furman ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2 years ago
Mariano Cano 400b1ece0b Remove scep handler after merge. 2 years ago
Mariano Cano 898ca41268 Merge branch 'master' into context-authority 2 years ago
Mariano Cano d51c6b7d83 Make step handler backward compatible 2 years ago
Mariano Cano 9147356d8a Fix linter errors 2 years ago
Herman Slatman 13173ec8a2
Fix SCEP GET requests 2 years ago
Mariano Cano 42435ace64 Use scep authority from context 
This commit also converts all the methods from the handler to
functions.
 2 years ago
Panagiotis Siatras e27124b037
scep: remove Interface and the dependency to pkg/errors (#872) 
* scep: documented the package

* scep/api: removed some top level constants

* scep: removed dependency to pkg/errors

* scep/api: documented the package
 2 years ago
Panagiotis Siatras b98f86a515
scep: minor cleanup (#867) 
* api, scep: removed scep.Error

* scep/api: replaced nextHTTP with http.HandlerFunc

* scep/api: renamed writeSCEPResponse to writeResponse

* scep/api: renamed decodeSCEPRequest to decodeRequest

* scep/api: renamed writeError to fail

* scep/api: replaced pkg/errors with errors

* scep/api: formatted imports

* scep/api: do not export SCEPRequest & SCEPResponse

* scep/api: do not export Handler

* api: flush errors better
 2 years ago
Panagiotis Siatras 80abda22ee
api/log: initial implementation of the package (#859) 
* api/log: initial implementation of the package

* api: refactored to support api/log

* scep/api: refactored to support api/log

* api/log: documented the package

* api: moved log-related tests to api/log
 2 years ago
Herman Slatman 15477f6d7b
Make custom SCEP CA paths automagic 2 years ago
Herman Slatman a3cda9c3d7
Add configuration for custom path segment 
To support SCEP clients that expect a specific path segment in
a SCEP URL, a new "customPath" option was added to the SCEP
provisioner configuration. The configuration can be used to set
a specific path (segment) that the SCEP provisioner will respond to.
 2 years ago
Herman Slatman 3b72d241e0
Add LinkedCA integration for improved SCEP provisioner 2 years ago
Herman Slatman 9c6580ccd2
Fix macOS SCEP client issues 
Fixes #746
 2 years ago
Herman Slatman e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Herman Slatman 54610e890b
Improve error logging 3 years ago
Herman Slatman c3d9cef497
Update to v2.0.0 of github.com/micromdm/scep 3 years ago
Herman Slatman 583d60dc0d
Address (most) PR comments 3 years ago
Herman Slatman 538fe8114d
Fix linter issues 3 years ago
Herman Slatman cc1ecb9438
Store new certificates in database 3 years ago
Herman Slatman 9902dc1079
Add signed failure responses 3 years ago
Herman Slatman 2536a08dc2
Add support for configuring capabilities (cacaps) 3 years ago
Herman Slatman e4d7ea8fa0
Add support for challenge password 3 years ago
Herman Slatman 2d21b09d41
Remove some duplicate and unnecessary logic 3 years ago
Herman Slatman 9df5f513e7
Change to a fixed fork of go.mozilla.org/pkcs7 
Hopefully this will be a temporary change until
the fix is merged in the upstream module.
 3 years ago