fleet

mirror of https://github.com/fleetdm/fleet synced 2026-05-09 18:20:48 +00:00

History

Victor Lyuboslavsky 836cc044d2 Fleet server verifies HTTP signature (#30825 ) Fixes #30473 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Added/updated automated tests - [ ] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * New Features * Added support for TPM-backed host identity certificates enabling hardware-backed HTTP signature authentication for hosts. * Introduced HTTP signature verification middleware for API requests, applied conditionally for premium licenses. * Hosts presenting identity certificates must authenticate with matching HTTP message signatures during enrollment and authentication. * Added SCEP-based certificate issuance for secure host identity management. * Updated enrollment endpoints to use standardized request/response contract types. * Bug Fixes * Enhanced authentication logic to verify consistency between host identity certificates and host records, preventing duplicate or mismatched identities. * Chores * Updated dependencies and test infrastructure to support HTTP signature verification and host identity certificate workflows. * Added comprehensive integration and datastore tests for host identity certificate issuance, storage, and authentication. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-07-16 20:08:27 +02:00
..
httpsig.go	Fleet server verifies HTTP signature (#30825 )	2025-07-16 20:08:27 +02:00
middleware.go	Fleet server verifies HTTP signature (#30825 )	2025-07-16 20:08:27 +02:00

Victor Lyuboslavsky 836cc044d2

Fleet server verifies HTTP signature (#30825 )

Fixes #30473 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added support for TPM-backed host identity certificates enabling
hardware-backed HTTP signature authentication for hosts.
* Introduced HTTP signature verification middleware for API requests,
applied conditionally for premium licenses.
* Hosts presenting identity certificates must authenticate with matching
HTTP message signatures during enrollment and authentication.
* Added SCEP-based certificate issuance for secure host identity
management.
* Updated enrollment endpoints to use standardized request/response
contract types.

* **Bug Fixes**
* Enhanced authentication logic to verify consistency between host
identity certificates and host records, preventing duplicate or
mismatched identities.

* **Chores**
* Updated dependencies and test infrastructure to support HTTP signature
verification and host identity certificate workflows.
* Added comprehensive integration and datastore tests for host identity
certificate issuance, storage, and authentication.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

2025-07-16 20:08:27 +02:00

httpsig.go

Fleet server verifies HTTP signature (#30825 )

2025-07-16 20:08:27 +02:00

middleware.go

Fleet server verifies HTTP signature (#30825 )

2025-07-16 20:08:27 +02:00