b9b49116d0
* Add Vault APIS to create, list, delete ACME EAB keys - Add Vault authenticated APIs to create, list and delete ACME EAB keys. - Add supporting tests for all new apis * Add require_eab to acme configuration * Add EAB support to ACME * Add EAB support to ACME * PR feedback 1 - Address missing err return within DeleteEab - Move verifyEabPayload to acme_jws.go no code changes in this PR - Update error message returned for error on account storage with EAB. * PR feedback 2 - Verify JWK signature payload after signature verification * Introduce an ACME eab_policy in configuration - Instead of a boolean on/off for require_eab, introduce named policies for ACME behaviour enforcing eab. - The default policy of always-required, will force new accounts to have an EAB, and all operations in the future, will make sure the account has an EAB associated with it. - Two other policies, not-required will allow any anonymous users to use ACME within PKI and 'new-account-required' will enforce new accounts going forward to require an EAB, but existing accounts will still be allowed to use ACME if they don't have an EAB associated with the account. - Having 'always-required' as a policy, will override the environment variable to disable public acme as well. * Add missing go-docs to new tests. * Add valid eab_policy values in error message. |
||
|---|---|---|
| .. | ||
| pkiext_binary | ||
| nginx_test.go | ||
| README.md | ||
| test_helpers.go | ||
| zlint_test.go | ||
What is pkiext?
pkiext exists to split the Docker tests into a separate package from the
main PKI tests. Because the Docker tests execute in a smaller runner with
fewer resources, and we were hitting timeouts waiting for the entire PKI
test suite to run, we need to split the larger non-Docker PKI tests from
the smaller Docker tests, to ensure the former can execute.
This package should lack any non-test related targets.