Herman Slatman
b226b6eb4c
Prevent exposing any internal details in SCEP failure message
...
To be on the safe side, block errors from signing operations from
being returned to the client. We should revisit, and make it return
a more informative error, but with high assurance that no sensitive
information is added to the message.
2 months ago
Herman Slatman
1abada69b0
Update import aliases from `microscep` to `smallscep`
7 months ago
Herman Slatman
4c17f25389
Replace MicroMDM and Mozilla libraries with Smallstep forks
7 months ago
Herman Slatman
25f4b4014d
Add `base64` to the raw message decoding error
8 months ago
Herman Slatman
965d7aa7f4
Fix linting issues
8 months ago
Herman Slatman
cd78b9fd43
Implement workaround for weird macOS SCEP message in query
...
Apparently the macOS SCEP client sends a SCEP message in the query
that's not fully escaped. Only the base64 padding is escaped, the
'+' and '/' characters aren't.
This is a bit of a special case, because the macOS SCEP client
will default to using HTTP POST for the PKIOperation. But if the
CA is configured without the POSTPKIOperation capability, the
macOS SCEP client will use HTTP GET instead. This behavior might
be the same on iOS.
8 months ago
Herman Slatman
3c12b4f5ad
Improve decoding SCEP requests
8 months ago
Herman Slatman
ffe079f31b
Merge branch 'master' into herman/scep-provisioner-decrypter
8 months ago
Herman Slatman
ba72710e2d
Address code review remarks
8 months ago
Herman Slatman
6d2d21e989
Fix undefined and unused variables
...
Forgot to save the latest version...
8 months ago
Herman Slatman
b6c95d7be2
Add additional properties to SCEP notify webhook request body
8 months ago
Herman Slatman
52bc96760b
Add SCEP certificate issuance notification webhook
8 months ago
Dominic Evans
231b5d8406
chore(deps): upgrade github.com/go-chi/chi to v5
...
Upgrade chi to the v5 module path to avoid deprecation warning about v4
and earlier on the old module path.
See https://github.com/go-chi/chi/blob/v4.1.3/go.mod#L1-L4
Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
9 months ago
Herman Slatman
36f1dd70bf
Add CSR to `SCEPCHALLENGE` webhook request body
9 months ago
Herman Slatman
557672bb4b
Add some notes for SCEP provisioners
10 months ago
Herman Slatman
b2bf2c330b
Simplify SCEP provisioner context handling
1 year ago
Herman Slatman
6985b4be62
Clean up the SCEP authority and provisioner
1 year ago
Herman Slatman
0377fe559b
Add basic version of provisioner specific SCEP decrypter
1 year ago
Herman Slatman
e8c1e8719d
Refactor SCEP webhook validation
1 year ago
Herman Slatman
668ff9b515
Cleanup some comments and tests
1 year ago
Herman Slatman
5f0f0f4bcc
Add SCEP webhook validation tests
1 year ago
Herman Slatman
419478d1e5
Make SCEP webhook validation look better
1 year ago
Herman Slatman
27cdcaf5ee
Integrate the SCEP webhook with the existing webhook logic
1 year ago
Herman Slatman
05f7ab979f
Create basic webhook for SCEP challenge validation
1 year ago
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2 years ago
Mariano Cano
400b1ece0b
Remove scep handler after merge.
2 years ago
Mariano Cano
898ca41268
Merge branch 'master' into context-authority
2 years ago
Mariano Cano
d51c6b7d83
Make step handler backward compatible
2 years ago
Mariano Cano
9147356d8a
Fix linter errors
2 years ago
Herman Slatman
13173ec8a2
Fix SCEP GET requests
2 years ago
Mariano Cano
42435ace64
Use scep authority from context
...
This commit also converts all the methods from the handler to
functions.
2 years ago
Panagiotis Siatras
e27124b037
scep: remove Interface and the dependency to pkg/errors ( #872 )
...
* scep: documented the package
* scep/api: removed some top level constants
* scep: removed dependency to pkg/errors
* scep/api: documented the package
2 years ago
Panagiotis Siatras
b98f86a515
scep: minor cleanup ( #867 )
...
* api, scep: removed scep.Error
* scep/api: replaced nextHTTP with http.HandlerFunc
* scep/api: renamed writeSCEPResponse to writeResponse
* scep/api: renamed decodeSCEPRequest to decodeRequest
* scep/api: renamed writeError to fail
* scep/api: replaced pkg/errors with errors
* scep/api: formatted imports
* scep/api: do not export SCEPRequest & SCEPResponse
* scep/api: do not export Handler
* api: flush errors better
2 years ago
Panagiotis Siatras
80abda22ee
api/log: initial implementation of the package ( #859 )
...
* api/log: initial implementation of the package
* api: refactored to support api/log
* scep/api: refactored to support api/log
* api/log: documented the package
* api: moved log-related tests to api/log
2 years ago
Herman Slatman
15477f6d7b
Make custom SCEP CA paths automagic
2 years ago
Herman Slatman
a3cda9c3d7
Add configuration for custom path segment
...
To support SCEP clients that expect a specific path segment in
a SCEP URL, a new "customPath" option was added to the SCEP
provisioner configuration. The configuration can be used to set
a specific path (segment) that the SCEP provisioner will respond to.
2 years ago
Herman Slatman
3b72d241e0
Add LinkedCA integration for improved SCEP provisioner
2 years ago
Herman Slatman
9c6580ccd2
Fix macOS SCEP client issues
...
Fixes #746
2 years ago
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
3 years ago
max furman
933b40a02a
Introduce gocritic linter and address warnings
3 years ago
Herman Slatman
54610e890b
Improve error logging
3 years ago
Herman Slatman
c3d9cef497
Update to v2.0.0 of github.com/micromdm/scep
3 years ago
Herman Slatman
583d60dc0d
Address (most) PR comments
3 years ago
Herman Slatman
538fe8114d
Fix linter issues
3 years ago
Herman Slatman
cc1ecb9438
Store new certificates in database
3 years ago
Herman Slatman
9902dc1079
Add signed failure responses
3 years ago
Herman Slatman
2536a08dc2
Add support for configuring capabilities (cacaps)
3 years ago
Herman Slatman
e4d7ea8fa0
Add support for challenge password
3 years ago
Herman Slatman
2d21b09d41
Remove some duplicate and unnecessary logic
3 years ago
Herman Slatman
9df5f513e7
Change to a fixed fork of go.mozilla.org/pkcs7
...
Hopefully this will be a temporary change until
the fix is merged in the upstream module.
3 years ago