Commit Graph

425 Commits

Author SHA1 Message Date
Hossein Shafagh 709a9808aa better structure of the query and and removing ilike 2020-10-26 18:32:53 -07:00
sayali 2c22d42a57 Modify description during reissue
Include the certificate ID being reissued and mention that this is created by Lemur as part of reissue
2020-10-23 17:07:14 -07:00
Hossein Shafagh 2b274f723a
Merge branch 'master' into improved-logging 2020-10-23 07:59:30 -07:00
Hossein Shafagh cf87e178c8 making lint happy 2020-10-22 17:33:02 -07:00
Hossein Shafagh 03d1af16e7 better logging for exceptions around all plugins 2020-10-22 15:59:38 -07:00
Hossein Shafagh 2e7e3a82fa
Update cli.py
logging in exception
2020-10-22 11:57:54 -07:00
Hossein Shafagh a4dba0cb35 creating a cli to handle entrust deactivation 2020-10-21 19:52:51 -07:00
Hossein Shafagh 92eec5cc9c revocation should only check for not expired and not revoked certs 2020-10-21 18:52:55 -07:00
sayali 01dddd2a55 iterate over subject details 2020-10-20 17:17:28 -07:00
sayali 788703ce12 Fix cert reissue when L/OU is not set
get_certificate_primitives complains with None L/OU
2020-10-20 16:44:17 -07:00
sayali 9dc476f393 Use cab_compliant option instead of authority name list 2020-10-15 10:44:46 -07:00
Hossein Shafagh 894e35b4e2
Update schemas.py
minor language
2020-10-14 09:48:40 -07:00
sayali b677e6e325 Copy subject details for non-CAB-compliant authorities 2020-10-13 19:40:01 -07:00
sayali fb4df8865b Formatting changes and typo 2020-10-09 17:58:03 -07:00
sayali d52e0d4e09 Certificate edit: update role and notification with owner change 2020-10-09 16:55:30 -07:00
sayali 8928e04385 Fix disable notify 2020-10-08 11:38:52 -07:00
sayali b7d0e62844 Make location optional
Remove form validation and default value in input schema
2020-10-07 13:31:23 -07:00
sayali aaff0f7581 Fixing UT for key_type on upload schema 2020-09-28 19:03:21 -07:00
sayali 7a226241db Add key_type to CertificateUploadInputSchema
Parse cert body to determine algo
2020-09-28 18:13:00 -07:00
sayali cd13832377 Use key_type column for cert get/rotate/reissue/display
Added unit tests
2020-09-23 15:16:19 -07:00
sayali 51549ae795 Adding comment for the property to be removed 2020-09-15 17:37:58 -07:00
sayali 5ae65c2c4d Remove unused import 2020-09-15 14:55:04 -07:00
sayali 02d711282d New column key_type
commenting conflicting property for now
2020-09-14 18:12:33 -07:00
Hossein Shafagh 806aeddd87
Merge branch 'master' into validity 2020-09-11 10:09:01 -07:00
Hossein Shafagh 4923157dc2 expanding key_type to with EC support 2020-09-09 19:54:20 -07:00
Hossein Shafagh 5ab9626cbd overwriting cn and key_type values from CSR, as they take precedence 2020-09-09 19:52:59 -07:00
Hossein Shafagh 6fa15c4cb3 methods to extract cn and key_type from csr 2020-09-09 19:48:21 -07:00
sayali 3242fc1e13 Validity with radio buttons 2020-08-26 19:30:12 -07:00
sayali 6aedd3b0d8 Datepicker enhancements 2020-08-25 18:40:36 -07:00
sayali 240f0b99c8 Max end date as per start date + default validity 3 years 2020-08-18 19:34:59 -07:00
sayali bc5579e9bf max date on UI as per max validity configs 2020-08-18 14:50:42 -07:00
Hossein Shafagh 4985744bd8 fixing UnboundLocalError bug 2020-06-11 16:47:37 -07:00
Hossein Shafagh c40d297735
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-06-09 14:20:31 -07:00
Hossein Shafagh fd3ea2cf46
Merge branch 'master' into json-logging-rotate 2020-06-09 10:58:53 -07:00
Hossein Shafagh 50091cca1d
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-05-27 15:29:47 -07:00
Hossein Shafagh d8948a12d3
Merge branch 'master' into check-revoke-revised 2020-05-27 15:29:19 -07:00
Hossein Shafagh 86c3771044
Merge branch 'master' into json-logging-rotate 2020-05-27 15:28:48 -07:00
Hossein Shafagh d95f02d234
Merge branch 'master' into master 2020-05-27 14:25:07 -07:00
Hossein Shafagh 4eeab91d73 making lint happy 2020-05-22 18:36:39 -07:00
Hossein Shafagh 10dfedee36 making lint happy 2020-05-22 18:33:43 -07:00
Hossein Shafagh 86310ff02d
Merge branch 'master' into check-revoke-revised 2020-05-22 18:25:00 -07:00
Hossein Shafagh 87a53557cd
Merge branch 'master' into json-logging-rotate 2020-05-22 18:24:53 -07:00
Hossein Shafagh 8f16688b0a
Merge branch 'master' into check-revoke-revised 2020-05-22 17:45:50 -07:00
Hossein Shafagh 49a8b80df2 better exception handling when OCSP or CRL or not implemented 2020-05-22 17:36:34 -07:00
Hossein Shafagh c9767b3172 adding logging for revoked certs 2020-05-22 17:32:44 -07:00
Hossein Shafagh 49c4a9c3b2 making the revocation to be scoped based on the authority plugin name 2020-05-22 17:29:30 -07:00
Hossein Shafagh 4923bbf8a7 adding json formatted logging 2020-05-22 16:22:12 -07:00
Hossein Shafagh 09016fd2ee cleaning up the code after more local testing 2020-05-22 16:04:39 -07:00
e11it f83e3f764e
always assign csr_sans to name 2020-05-22 21:52:43 +03:00
Hossein Shafagh 97145b6dee
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-05-22 10:29:28 -07:00
Hossein Shafagh cc4fc66c93
Merge branch 'master' into master 2020-05-22 09:57:46 -07:00
Hossein Shafagh 748268ecd5
Merge branch 'master' into cert-rotation-region-by-region 2020-05-22 09:57:06 -07:00
Hossein Shafagh 2582086d39
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-05-21 15:39:58 -07:00
Hossein Shafagh fd444403bb improved logging.
- adding destination name, fixing broken metric.
2020-05-21 15:32:38 -07:00
Hossein Shafagh 70985f4ff5 revised system arch 2020-05-14 22:37:30 -07:00
Hossein Shafagh cdd9137f4e
Merge branch 'master' into cert-rotation-region-by-region 2020-05-08 15:32:49 -07:00
Hossein Shafagh 529ee04ae7 removing duplicate line 2020-05-08 09:16:46 -07:00
Hossein Shafagh f68900d2b3 improving logging and the possibility of defining which Authorities qualify for auto-rotation 2020-05-07 18:28:01 -07:00
Hossein Shafagh 843ffad60e removing testing comments 2020-05-07 17:10:50 -07:00
Hossein Shafagh 1b6907a404 Certificate rotation region by region
example scheudule:
CELERYBEAT_SCHEDULE = {
    'certificate_rotate': {
        'task': 'lemur.common.celery.certificate_rotate',
        'options': {
            'expires': 180
        },
        'schedule': crontab(minute="*"),
        'kwargs': {'region': 'us-east-1'}
    }
}
2020-05-07 16:28:01 -07:00
Curtis Castrapel 863af7a3e5 Making CLI command ; Running black 2020-04-28 12:16:46 -07:00
Curtis Castrapel 273c3e2793 Celery task to enable autorotate for all certificates attached to endpoints without it enabled 2020-04-28 11:52:43 -07:00
Hossein Shafagh 2a2499a929 simplifying code 2020-03-26 20:45:00 -07:00
Hossein Shafagh 5206997468 expired is now called for new certs, where the not_after field might be in datetime format, and not comparable to utc 2020-03-26 19:01:07 -07:00
Hossein Shafagh 88c40aa93c
Merge branch 'master' into master 2020-03-23 20:31:16 -07:00
Hossein Shafagh 697215f8bc better handling of destination plugin errors, and also checking cert expiration before upload 2020-03-21 20:05:35 -07:00
Ilya Makarov 7bd5173da4 Merge with Netflix/lemur master 2020-03-20 20:52:33 +03:00
Hossein Shafagh 1d4da0e3d8 another polish 2020-03-17 16:59:09 -07:00
Hossein Shafagh ecca003ab4 improving the documentation and method naming 2020-03-17 16:55:36 -07:00
Hossein Shafagh 34d23503de fixing the data bug 2020-03-14 20:41:03 -07:00
Hossein Shafagh 593c35776c adding new methods for getting pending clean 2020-03-14 20:17:05 -07:00
e11it 27a86f5c18
Fix: San values #2921
Not sure is it correct solution
2020-03-03 21:45:33 +03:00
Ilya Labun 5d8eb51ef4
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-01-24 11:28:55 +01:00
rajatsharma94 9984470b58 fix fatal error in schema validator 2020-01-23 15:27:02 +01:00
Ilya Labun bc1a2cf69c Optimize certificates SQL query
Co-authored-by: Javier Ramos <javier.ramos@booking.com>
2020-01-13 14:43:41 +01:00
Ilya Labun 189e8b2725 Eliminate subqueries when showing certificates list 2019-12-20 10:37:47 +01:00
Jay Zarfoss 00a0a27826 used fixedName variable to transport db lookup optimization 2019-11-20 09:44:31 -08:00
Hossein Shafagh a13c45e9cc updating dependencies, and fixing the deprecated arrow.replaces to shift 2019-09-20 13:49:38 -07:00
Hossein Shafagh 8340e0653b making lint happy 2019-08-07 18:04:28 -07:00
Hossein Shafagh d1519343d1 improving check revoked by only considering authorities which do support revocation and also only including not expired certs 2019-08-07 17:54:10 -07:00
Marti Raudsepp 2319858586 Expose new certificate field hasPrivateKey
We can also now disable the 'private key' tab when cert doesn't have a
private key.
2019-06-22 15:38:28 +03:00
Hossein Shafagh 23caac5576
Merge branch 'master' into temp-ExpiredToggle-3 2019-06-21 08:59:53 -07:00
Hossein Shafagh 34cdd29a50 removing the rotation enabled requirement, to keep the endpoint generic 2019-06-20 16:06:26 -07:00
Kush Bavishi f836c6fff6 API additions for viewing expired certs as well. Default behavior modified to show only valid certs and those which have expired less than 1 month ago. 2019-06-17 14:29:48 -07:00
Hossein Shafagh 071c083eae hiding expired certs after 6 months from the main page 2019-05-30 10:21:03 -07:00
Hossein Shafagh b4d9ab9f0c Merge branch 'master' of github.com:Netflix/lemur into improving-cert-lookup-time 2019-05-30 08:55:49 -07:00
Hossein Shafagh 13d46ae42e indexing the not after field in the cert table 2019-05-30 08:55:30 -07:00
Curtis Castrapel f81adb1371 Make get_or_increase_name queries less demanding 2019-05-29 12:20:05 -07:00
Curtis Castrapel 68fd1556b2 Black lint all the things 2019-05-16 07:57:02 -07:00
Hossein Shafagh f452a7ce68 adding a new API for faster certificate lookup.
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:

cn is a required parameter:

http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):

http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:

http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner  and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:

http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
2019-05-11 18:06:51 -07:00
Curtis Castrapel e33a103ca1 Allow searching for certificates by name via API 2019-05-09 14:36:56 -07:00
Curtis Castrapel 87470602fd Gather more metrics on certificate reissue/rotate jobs 2019-05-08 07:48:08 -07:00
Curtis f6afcc6d21
Merge branch 'master' into master 2019-04-17 10:28:46 -07:00
Javier Ramos 58dd424de8
Prevent potential NoneType not subscriptable
Fix when data['extensions']['subAltNames']['names'] is none
2019-04-17 18:33:52 +02:00
Jose Plana 770729a72e Allow csr to be empty during upload 2019-04-13 01:17:12 +02:00
Jose Plana 406753fcde Fix PEP8 2019-04-13 00:49:35 +02:00
Jose Plana a5570d07bc Added some documentation for API users. 2019-04-13 00:48:19 +02:00
Jose Plana c1b02cc8a5 Allow uploading csr along with certificates 2019-04-13 00:48:19 +02:00
Javier Ramos d80a6bb405 Added tests for CSR parsing into CertificateInputSchema 2019-04-01 08:44:40 +02:00
Javier Ramos b86e381e20 Parse SubjectAlternativeNames from CSR into Lemur Certificate 2019-03-27 13:46:33 +01:00