- add a travis build check
- switch app and service to serilog
- update to iiot libs 2.0
- bump up app service to .net core 2.2
- bump up most nuget dependencies
- Fix webkit Issue #42
- Improve Sample App Home screen with more working links to the actual Azure components being used
- Fix QueryApplication bug found in workshop
- Add CRL Distribution Endpoint extension to Issuer CA certs
- Add Authority Information Access extension to subscriber certs
- Add endpoints to service
- UI bugfixes and test improvements
- Actionlinks were not done properly.
- api csharp didn't return authorizatio exceptions.
- add error/success fields to to most UI pages.
- fixed bug to allow CSR input as Pem.
- catch most app exception errors and display info (Forbidden)
- doc updates
- Refactor Web API
- Unit tests for service Application & CertificateRequest
*Note on breaking change: CosmosDB is now using unique keys and stores enums as strings, delete database before redeploy!*
- use MSI and second keyvault to store app and service secrets
- deploy 'Production' and 'Development' flavors
- adress many server security issues in web.config
- webscout feedback
- SDL: use parameterized queries
- fix an iOS12/webkit issue with openid connect, which prevents login on those devices
-The private key is now only stored in Key Vault. Key generation is back to service, as it slows down operation quite a bit and enforces delete rights for an Approver.
-Fix the docker builds and according build settings
-Other improvements: Use only a single CosmosDB collection (cost)
-license update
-CA certs can contain a CRL distribution point (however service side doesn't support it)
- fix comments and warnings
- create a new key pair in keyvault instead of in the service
- start with deployment script, still lacks a few security settings
Apis like the application query can end up with hundreds of records as a query result. Cont. tokens allow to query data in pages before http requests get too big.
Note: not all Api are fully functional yet, but to avoid future API changes some Api yet act as placeholders.
* Implement continuation token for GetTrustList
* add GetAsync with cont tokens...
* add rest api for app query with cont token
* continuation for cert requests
- Workaround to create CA cert with PK from HSM. So far theCA cert was imported because KeyVault lacks of functionality to create CA certs directly.
- Add test case for revoked and improve other test cases.
- Remove user auth from module and add user cert auth instead
* change theme
* improve Register New handling
* Register form input validation checks
* UI updates
* cleanup validation classes
* fix problem to create key pair for clients
* fix client cert issue
* fix base64 cert request
* add stepwise bitmaps
* validate the CSR
* list app name in requests list
* Project update
* fix build and add sign/writer roles
* enforce hsm policy
* fix app deployment
* do not publish dev json configs
* do not publish dev configs
* add base64 download pages
* fix app id set to 0 on update
* download base64 certs from groups
* apps should be unregistered
* mark cert requests deleted
* update autorest
* unregister bug fix
* typo
* API changes for group revocation
* Api for revoke
* add revoke button
* Implement revoke
* trim index entries
* Project renaming to have consistent nuget packages for api, and namespace for edge module.
* Update broken references in razor pages.
* Update dependencies to release version 1.0.0
* Fix docker builds
* Move nuget.config for ci build
* Move nuget.config for ci build
* Move nuget.config for ci build
* Build for latest windows container image
* Rename test project to be picked up by build pipeline
* Rename test project to be picked up by build pipeline
* Update dependencies
* Integrate opc vault service projects into CI infrastructure
* Update nuget dependencies to latest and fix changed apis.
* Disable tests that rely on credentials for now.
* Set highentropyva bit for binskim
* Fix serveral doc build warnings using inheritdoc tag
* Fix all non-doc warnings
* Update package source to pull development dependencies from myget
* update to latest nuget packages
* enforce gds service authentication
* typo
* Autofac support
* use AD authentication for gdsVault API
* add Azure KeyVault configuration and template appsettings.json
* doc environement / key vault naming of config vars
* use silent token acquisition and use on behalf bearer token to access gdsvault api
* clean up service config, add on behalf helpers
* onbehalf authentication in service
* dependency cleanup
* cert group pages
* Revert "dependency cleanup"
This reverts commit 867fe5c521.
* cert groups work
* download CA cert
* simplify auth
* fix service config
* add scope offline access for refresh token
* add auth to edge server
* improve a few return codes
* configure HSM support ini
* need keycertsign flag
* fix unit tests (mostly)
* exceptions filter should not return internal error
* dependency fixes
* display error message if 'approve or reject fails
* add dummy Edtor for groups
* renew ca cert and display some info on latest
* rbac and status
* rename all to opc vault
* cosmosdb concurrency
* fix cosmosdb and rename to opc vault
* Update cert configuration rest api added
* update config
* Add crete cert group rest api
* call rest api from app
* forgotten gdsvault references
* review feedback
Erich Barnstedt
Martin Regen
YTWANGP
Marc Schier
Marc Schier
Microsoft Open Source
Microsoft GitHub User