588ac1d6a6
Digicert cis fixes ( #540 )
2016-11-29 17:15:39 -08:00
058d2938fb
migrating off of openssl ( #539 )
2016-11-29 11:30:44 -08:00
727bc87ede
Log fixes ( #534 )
...
* tying up some loose ends with event logging
* Ensuring creators can access
2016-11-28 14:13:16 -08:00
250558baf3
Ensuring that authority owners can access certificates issued by that… ( #526 )
...
* Ensuring that authority owners can access certificates issued by that authority
2016-11-25 20:35:07 -08:00
8e5323e2d7
migrating flask imports ( #525 )
2016-11-22 21:11:20 -08:00
6eca2eb147
Re-working the way audit logs work.
...
* Adding more checks.
2016-11-21 11:28:11 -08:00
744e204817
Initial work on #74 . ( #514 )
...
* Initial work on #74 .
* Fixing tests.
* Adding migration script.
* Excluding migrations from coverage report.
2016-11-21 09:19:14 -08:00
d45e7d6b85
[WIP] - 422 elb rotate ( #493 )
...
* Initial work on certificate rotation.
* Adding ability to get additional certificate info.
* - Adding endpoint rotation.
- Removes the g requirement from all services to enable easier testing.
2016-11-18 11:27:46 -08:00
6fd47edbe3
Adds the ability to clone existing certificates. ( #513 )
2016-11-17 16:19:52 -08:00
a616310eb7
Fixing an issue were aws certificates plugins might not have a chain. ( #512 )
2016-11-17 14:47:10 -08:00
9ac1756011
removing new 'active' logic for the time being ( #505 )
2016-11-16 15:56:24 -08:00
851d74da3d
Ensuring that private key is in string format before it gets stored ( #504 )
...
* Ensuring that private key is in string format before it gets stored
* Fixing failing test.
2016-11-16 15:05:25 -08:00
eaf34b1c8b
Disabling the protect active flag ( #498 )
2016-11-16 09:31:02 -08:00
e9219adfb5
Ensuring model's have a basic __repr__. ( #499 )
2016-11-16 09:30:54 -08:00
114deba06e
Adding the ability to silence notifications on creation. ( #490 )
2016-11-12 09:29:42 -08:00
0334f1094d
fixing documentation typo ( #489 )
2016-11-11 13:35:24 -08:00
953d3a08e7
Adding example request to documentation. ( #487 )
2016-11-11 12:54:12 -08:00
e6b291d034
Time ( #482 )
...
* adding python 3.5 as a target
* adding env flag
* Aligning on arrow dates.
2016-11-09 10:56:22 -08:00
4afedaf537
Fixes ( #476 )
...
* Ensures that Vault can accept bytes and strings.
* Make restricted domains optional.
* Fixing notify flag.
2016-11-04 09:16:41 -07:00
1ac1a44e83
San alt name ( #468 )
2016-10-31 11:00:15 -07:00
a8f44944b1
Closes #415
2016-10-17 23:23:14 -07:00
f921b67fff
Removing the ability to use spaces in custom names. ( #455 )
2016-10-15 04:56:25 -07:00
c367e4f73f
Prevents the silencing of notifications that are actively deployed. ( #454 )
...
* Renaming 'active' to 'notify' as this is clearer and more aligned to what this value is actually controlling. 'active' is now a property that depends on whether any endpoints were found to be using the certificate. Also added logic for issue #405 disallowing for a certificates' notifications to be silenced when it is actively deployed on an endpoint.
* Adding migration script to alter 'active' column.
2016-10-15 00:12:11 -07:00
dcb18a57c4
Adds option to restrict certificate expiration dates to weekdays. ( #453 )
...
* Adding ability to restrict certificate creation to weekdays.
* Ensuring that we test for weekends.
2016-10-15 00:04:35 -07:00
c05a49f8c9
Fixes an issuer where a member of a role is not able to add new users to said role. ( #445 )
2016-10-11 17:24:15 -07:00
72a390c563
Ensure the openssl and cryptography work under python3. ( #438 )
2016-10-09 00:06:15 -07:00
3ad7a37f95
Fix import certificate private key encoding ( #434 )
...
When importing a certificate, the private key is passed to the
import/upload process from the UI as a str object. In Python3 this
raises two issues when processing the private key - the private key
validation fails and database insert of the certificate fails.
The fix in both cases is to correctly encode the private key as a bytes
object.
2016-10-08 17:04:54 -07:00
2d7a6ccf3c
Owner email ( #414 )
...
* Ensuring python2 works with unicode strings.
* adding in owner DN
* fixing tests
* Upgrading requests.
* Fixing tests.
2016-08-25 10:09:46 -07:00
29a330b1f4
Orphaned certificates ( #406 )
...
* Fixing whitespace.
* Fixing syncing.
* Fixing tests
2016-07-28 13:08:24 -07:00
f38868a97f
Fixing various problems with the syncing of endpoints, throttling sta… ( #398 )
...
* Fixing various problems with the syncing of endpoints, throttling stale endpoints etc.
2016-07-12 08:40:49 -07:00
1ba7181067
Fixed an issue were default notifications were added even when updati… ( #395 )
...
* Fixed an issue were default notifications were added even when updating a certificate, resulting in duplicate notifications.
* Ensuring imported certificates get the same treatment.
2016-07-07 11:44:11 -07:00
4077893d08
Ensuring that destinations require private keys by default. ( #390 )
...
* Ensuring that destinations require private keys by default.
2016-07-04 15:30:20 -07:00
54b888bb08
Adding a toy certificate authority. ( #378 )
2016-06-29 09:05:39 -07:00
fe9703dd94
Closes #284 ( #336 )
2016-06-27 14:40:46 -07:00
19b928d663
Fixes #367
2016-06-23 13:29:59 -07:00
d9cc4980e8
Fixing destination upload. ( #347 )
...
* Fixing an issue where uploaded certificates would have a name of 'None'
* Clarifying comment.
* Improving order.
2016-06-03 18:45:58 -07:00
dc198fec8c
Docs ( #344 )
...
* Adding release info.
* adding some fields
* Adding Source Plugin change.
* Updating docs
2016-06-03 08:28:09 -07:00
72e3fb5bfe
Fixing several small issues. ( #341 )
...
* Fixing several small issues.
* Fixing tests.
2016-06-01 11:18:00 -07:00
b2539b843b
Fixing and error causing duplicate roles to be created. ( #339 )
...
* Fixing and error causing duplicate roles to be created.
* Fixing python3
* Fixing python2 and python3
2016-05-31 15:44:54 -07:00
11f4bd503b
Fixes ( #332 )
...
* Ensuring domains are returned correctly.
* Ensuring certificates receive owner role
2016-05-24 17:10:19 -07:00
1ca38015bc
Fixes ( #329 )
...
* Modifying the way roles are assigned.
* Adding migration scripts.
* Adding endpoints field for future use.
* Fixing dropdowns.
2016-05-23 18:38:04 -07:00
656269ff17
Closes #147 ( #328 )
...
* Closes #147
* Fixing tests
* Ensuring we can validate max dates.
2016-05-23 11:28:25 -07:00
bd727b825d
Making roles more apparent for certificates and authorities. ( #327 )
2016-05-20 12:48:12 -07:00
e04c1e7dc9
Fixing a few things, adding tests. ( #326 )
2016-05-20 09:03:34 -07:00
615df76dd5
Closes 262 ( #324 )
...
Moves the authority -> role relationship from a 1 -> many to a many -> many. This will allow one role to control and have access to many authorities.
2016-05-19 13:37:05 -07:00
b187d8f836
Adding a better comparison. ( #320 )
2016-05-16 19:03:10 -07:00
1763a1a717
254 duplication certificate name ( #319 )
2016-05-16 15:59:40 -07:00
62b61ed980
Fixing various issues. ( #318 )
...
* Fixing various issues.
* Fixing tests
2016-05-16 11:09:50 -07:00
a0c8765588
Various bug fixes. ( #314 )
2016-05-12 12:38:44 -07:00
f9655213b3
Marshmallowing notifications. ( #308 )
2016-05-10 11:27:57 -07:00
df0ad4d875
Authorities marshmallow addition ( #303 )
2016-05-09 11:00:16 -07:00
6ec3bad49a
Closes #278 ( #298 )
...
* Closes #278
2016-05-05 15:28:17 -07:00
52f44c3ea6
Closes #278 and #199 , Starting transition to marshmallow ( #299 )
...
* Closes #278 and #199 , Starting transition to marshmallow
2016-05-05 12:52:08 -07:00
3f89d6d009
Merge pull request #271 from kevgliss/195
...
Closes #195
2016-04-08 12:01:10 -07:00
62d03b0d41
Closes #216
2016-04-01 16:54:33 -07:00
bfcfdb83a7
Closes #195
2016-04-01 14:27:57 -07:00
576265e09c
Closes #246
2016-04-01 09:19:36 -07:00
028d86c0bb
Adding a new flag to export plugins 'requires_key' that specifies whether the export plugin needs access to the private key. Defaults to True.
2016-01-29 12:45:18 -08:00
2ba48995fe
Fixing documentation for filter format
2016-01-29 11:47:16 -08:00
1e524a49c0
making 'replacements' a non-require attribute for importing. Closes #226
2016-01-29 09:02:51 -08:00
0a4f5ad64d
Fixing an assumption that 'subAltNames' are always passed to the API.
2016-01-10 17:33:19 -08:00
3f024c1ef4
Adds ability for domains to be marked as sensitive and only be allowed to be issued by an admin closes #5
2015-12-30 15:11:08 -08:00
cabe2ae18d
Adding the ability to issue third party created CSRs
2015-12-29 10:49:33 -08:00
9cadebcd50
adding example requests
2015-11-30 13:51:27 -08:00
ec896461a7
Adding final touches to #125
2015-11-30 09:47:36 -08:00
8eeed821d3
Adding UI elements
2015-11-27 13:27:14 -08:00
920d595c12
Initial work on #125
2015-11-25 14:54:08 -08:00
1c6e9caa40
Closes #144
2015-11-24 16:07:44 -08:00
d6b3f5af81
Closes #122
2015-11-24 14:53:22 -08:00
40eb950e94
Use MultiFernet for encryption
...
Facilitates key rotation and uses more secure encryption than what
sqlalchemy-utils does.
Fixes #117 and #119 .
2015-10-13 16:58:58 -07:00
168f46a436
Adding the ability to track a certificates signing key algorithm
2015-10-06 12:51:59 -07:00
5cfa9d4bc5
description should be optional
2015-09-29 16:37:32 -07:00
7ebd0bf5d4
making fields required
2015-09-24 08:42:31 -07:00
06a69c09a0
Fixing a bug where notifications associated during certificate creation would not be respected.
2015-09-22 13:01:05 -07:00
be6a5b859e
adding notification example
2015-09-22 09:46:54 -07:00
aaae4d5a1f
unifying lemur defaults
2015-09-04 15:52:56 -07:00
3b109ec578
Cleaning up temporary file creation, and revocation checking
2015-09-02 09:19:06 -07:00
45158c64a2
cleaning up temporary file creation
2015-09-02 09:19:06 -07:00
aca69ce03c
Closes #53
2015-09-02 09:15:11 -07:00
bf8ce354e5
Closes #55
2015-09-02 09:13:47 -07:00
8d09d865b1
Closes #57
2015-09-02 09:13:47 -07:00
8977c5ddbf
Ensuring notifications follow owner
2015-08-29 12:02:50 -07:00
9a04371680
Adding ability to define distinguished names in config
2015-08-27 12:59:40 -07:00
a07db5625b
Fixing an issue were extensions were implicitly required
2015-08-22 10:22:36 -07:00
4b7a55c89f
Fixing issue with a certificate with no role not being viewable
2015-08-21 16:08:53 -07:00
6b2da2fe6b
Fixes #35
2015-08-19 18:05:18 -07:00
eb55d5465f
Making LEMUR_DEFAULT_SECURITY_EMAIL optional
2015-08-17 16:03:57 -07:00
32ef793c4d
Switch to relying on the configuration key in the configuration file
2015-08-08 16:12:29 -07:00
fc68552d0f
Making Lemur py3 compatible
2015-08-03 21:07:28 -07:00
7d169f7c4c
Fixing up some of the sync related code
2015-08-03 13:51:27 -07:00
cdb3814469
Fixing notification deduplication and roll up
2015-08-02 09:14:27 -07:00
c9e9a9ed7c
Fixing upload description
2015-08-02 07:45:10 -07:00
02b717dd7c
Fixing upload, and removing old unneeded code
2015-08-02 05:57:26 -07:00
aef1587635
Adding default notifications
2015-08-01 19:08:46 -07:00
46652ba117
Purging ELB and Listener specific models
2015-08-01 15:47:14 -07:00
e247d635fc
Adding backend code for sources models
2015-08-01 15:29:34 -07:00
c5a6a0570a
adding link to python packaging documentation
2015-07-31 19:02:44 -07:00
1e748a64d7
Initial support for notification plugins closes #8 , closes #9 , closes #7 , closes #4 , closes #16
2015-07-29 17:13:06 -07:00
c02390d63b
PEP8
2015-07-23 09:08:07 -07:00
a4ed83cb62
Refactoring out challenge
2015-07-23 08:52:30 -07:00
8d576aa3d8
Fixing tests
2015-07-22 10:51:55 -07:00
c75e20a1ea
Pleasing the PEP8 gods
2015-07-21 13:06:13 -07:00
0c7204cdb9
Refactored 'accounts' to be more general with 'destinations'
2015-07-10 17:06:57 -07:00
5156371913
Modify the naming structure for certificates. AWS is pretty picky about what is a valid name.
2015-07-08 16:39:00 -07:00
002f83092d
Changing the signature of save_cert, we don't create a csr_config anymore so it doesn't make sense to store it. Additionally 'challenge' is a verisign specific thing and should be factored out. We have stopped saving it as well.
2015-07-08 16:37:48 -07:00
f660450043
Aligning config variables
2015-07-07 17:23:46 -07:00
8239aa55e1
fixing conflicts
2015-07-07 16:26:37 -07:00
82c4be29a4
fixing merge conflict
2015-07-07 15:36:39 -07:00
c59bf3f257
Fixing tests
2015-07-06 10:53:12 -07:00
3f49bb95ff
Starting to move to new plugin architecture.
2015-07-04 12:47:57 -07:00
b17e12bed4
Doc fix
2015-07-03 12:59:48 -07:00
95bab9331d
Enabling CSR generation and reducing complexity of encryption/decrypting the 'key' dir.
2015-07-03 10:30:17 -07:00
8cbc6b8325
Initial work at removing openssl
2015-07-02 15:48:56 -07:00
bc0f9534c2
Refactoring 'create_name' out of our certificate class, fixed an issuer were key size was being calculated and removing unused functions
2015-07-02 15:48:56 -07:00
096d88bc9b
Ensuring a 404 is returned when we can't find the specified certificate
2015-07-02 15:48:56 -07:00
f28d3a54c5
API change in cryptography
2015-07-02 15:48:55 -07:00
37669b906c
Fixes an issue where the issuer has special chars in the name. AWS dislikes special chars in certificate names so we strip them out here. In general we want to have the name tracked by Lemur be the same as what is uploaded to various destinations.
2015-07-02 15:48:54 -07:00
1a01209e78
Merge pull request #10 from kevgliss/tests
...
Tests
2015-06-29 14:10:54 -07:00
964d1c1c52
Refactoring 'create_name' out of our certificate class, fixed an issuer were key size was being calculated and removing unused functions
2015-06-26 16:18:31 -07:00
1f9d943a4c
Ensuring a 404 is returned when we can't find the specified certificate
2015-06-26 16:17:22 -07:00
c6ae689dc8
Adding role tests
2015-06-26 10:31:55 -07:00
b1f93c5dd2
Merge pull request #3 from kevgliss/hotfix/upload
...
API change in cryptography
2015-06-25 13:57:45 -07:00
e92113d28f
API change in cryptography
2015-06-25 13:50:46 -07:00
be97f3dcc2
Fixes an issue where the issuer has special chars in the name. AWS dislikes special chars in certificate names so we strip them out here. In general we want to have the name tracked by Lemur be the same as what is uploaded to various destinations.
2015-06-24 16:51:44 -07:00
4330ac9c05
initial commit
2015-06-22 13:47:27 -07:00
kevgliss
Charles Hendrie
Robert Picard
kevgliss