mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 00:49:03 +00:00
836cc044d2
Fixes #30473 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Added/updated automated tests - [ ] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added support for TPM-backed host identity certificates enabling hardware-backed HTTP signature authentication for hosts. * Introduced HTTP signature verification middleware for API requests, applied conditionally for premium licenses. * Hosts presenting identity certificates must authenticate with matching HTTP message signatures during enrollment and authentication. * Added SCEP-based certificate issuance for secure host identity management. * Updated enrollment endpoints to use standardized request/response contract types. * **Bug Fixes** * Enhanced authentication logic to verify consistency between host identity certificates and host records, preventing duplicate or mismatched identities. * **Chores** * Updated dependencies and test infrastructure to support HTTP signature verification and host identity certificate workflows. * Added comprehensive integration and datastore tests for host identity certificate issuance, storage, and authentication. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|---|---|---|
| .. | ||
| digicert | ||
| mdm | ||
| mockimpl | ||
| mockresult | ||
| nanodep | ||
| scep | ||
| software | ||
| datastore.go | ||
| datastore_installers.go | ||
| datastore_mock.go | ||
| datastore_users_helpers.go | ||
| errors.go | ||