Commit Graph

1084 Commits

Author SHA1 Message Date
Curtis Castrapel
7e92edc70a Set resolved cert ID before resolving cert; Ignore sentry exceptions when no records on deletion 2019-05-15 11:43:59 -07:00
Curtis
6eb3836abc
Merge branch 'master' into fast-valid-cert-lookup 2019-05-15 10:20:17 -07:00
Curtis Castrapel
5d8f71c3e4 nt 2019-05-14 13:02:24 -07:00
Curtis Castrapel
565142f985 Add soft timeouts to celery jobs; Check for PEM in LE order 2019-05-14 12:52:30 -07:00
Hossein Shafagh
f452a7ce68 adding a new API for faster certificate lookup.
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:

cn is a required parameter:

http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):

http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:

http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner  and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:

http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
2019-05-11 18:06:51 -07:00
Curtis Castrapel
ed18df22db remove permalink change 2019-05-09 14:54:44 -07:00
Curtis Castrapel
e33a103ca1 Allow searching for certificates by name via API 2019-05-09 14:36:56 -07:00
Curtis
c9c782684d
Merge branch 'master' into add_metrics_reissue_rotate 2019-05-08 07:48:44 -07:00
Curtis Castrapel
87470602fd Gather more metrics on certificate reissue/rotate jobs 2019-05-08 07:48:08 -07:00
Curtis
317c84800c
Merge branch 'master' into jwks_validation_error_control 2019-05-08 06:50:56 -07:00
Curtis Castrapel
0eacbd42d7 Converting userinfo authorization to a config var 2019-05-07 15:31:42 -07:00
Jose Plana
4e6e7edf27 Rename return variable for better readability 2019-05-07 22:53:01 +02:00
Hossein Shafagh
b7ce9ab901
Merge branch 'master' into jwks_validation_error_control 2019-05-07 13:09:02 -07:00
Hossein Shafagh
ff583981b1
Merge branch 'master' into aid_openid_roles_provider_integration 2019-05-07 09:06:02 -07:00
Hossein Shafagh
e58ff476c9
Merge branch 'master' into jwks_validation_error_control 2019-05-07 09:05:41 -07:00
Curtis
22caaa0c95
Merge branch 'master' into fix_userinfo_authorization 2019-05-07 07:48:47 -07:00
Curtis
e65154b48e
Merge branch 'master' into develop 2019-05-07 07:36:51 -07:00
alwaysjolley
ef7a8587fe Merge branch 'lemur_vault_source' of github.com:/alwaysjolley/lemur into lemur_vault_source 2019-05-07 10:06:09 -04:00
alwaysjolley
b0c8901b0a lint cleanup 2019-05-07 10:05:01 -04:00
alwaysjolley
36ce1cc7ef
Merge branch 'master' into lemur_vault_source 2019-05-07 09:41:50 -04:00
alwaysjolley
fb3f0bd72a adding Vault Source plugin 2019-05-07 09:37:30 -04:00
Daniel Iancu
a7af3cf8d2 Fix Cloudflare DNS 2019-05-07 03:05:24 +03:00
Jose Plana
deed1b9685 Don't fail if googleGroups is not found in user profile 2019-05-06 12:30:25 +02:00
Jose Plana
6c99e76c9a Better error management in jwks token validation 2019-05-06 12:27:43 +02:00
Jose Plana
2063baefc9 Fixes userinfo using Bearer token 2019-05-06 12:23:24 +02:00
Curtis Castrapel
3a1da72419 nt 2019-04-29 13:57:04 -07:00
Curtis Castrapel
6e3f394cff Updated requirements ; Revert change and require DNS validation by provider 2019-04-29 13:55:26 -07:00
Curtis Castrapel
1a90e71884 Move ACME host validation logic prior to R53 host modification 2019-04-26 17:27:44 -07:00
Curtis Castrapel
333ba8030a Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname 2019-04-26 15:45:04 -07:00
Curtis Castrapel
1a3ba46873 More retry changes 2019-04-26 10:18:54 -07:00
Curtis Castrapel
1e64851d79 Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries 2019-04-26 10:16:18 -07:00
Curtis
8eef95b58e
Merge branch 'master' into expose_verisign_exception 2019-04-25 19:15:55 -07:00
Curtis Castrapel
dcdfb32883 Expose verisign exceptions 2019-04-25 19:14:15 -07:00
Curtis Castrapel
39584f214b Process DNS Challenges appropriately (1 challenge -> 1 domain) 2019-04-25 15:12:52 -07:00
Curtis Castrapel
2bc604e5a9 Better metrics and error reporting 2019-04-25 13:50:41 -07:00
Curtis Castrapel
272285f64a Better exception handling, logging, and metrics for ACME flow 2019-04-24 15:26:23 -07:00
Curtis
0f9b0f39f7
Merge branch 'master' into add-pending-certificate-upload 2019-04-24 09:34:35 -07:00
alwaysjolley
a801112cf6
Merge branch 'master' into lemur_vault_plugin 2019-04-23 07:07:39 -04:00
alwaysjolley
85efb6a99e cleanup tmp files 2019-04-23 07:06:52 -04:00
Hossein Shafagh
9b38761153
Merge branch 'master' into add-pending-certificate-upload 2019-04-22 11:47:02 -07:00
alwaysjolley
f9dadb2670 fixing validation 2019-04-22 09:38:44 -04:00
alwaysjolley
8dccaaf544 simpler validation 2019-04-22 07:58:01 -04:00
alwaysjolley
1667c05742 removed unused functions 2019-04-18 13:57:10 -04:00
alwaysjolley
b39e2e3f66 Merge branch 'master' into lemur_vault_plugin 2019-04-18 13:55:45 -04:00
alwaysjolley
fb3b0e8cd7 adding regex filtering 2019-04-18 13:52:40 -04:00
Jose Plana
7dd9268ca7 Allow uploading a signed cert for a pending certificate. 2019-04-18 00:46:39 +02:00
Curtis
8177e12f3f
Merge branch 'master' into rewrite-java-keystore-use-pyjks 2019-04-17 10:43:44 -07:00
Hossein Shafagh
52f939658f
Merge branch 'master' into rewrite-java-keystore-use-pyjks 2019-04-17 10:31:58 -07:00
Curtis
f6afcc6d21
Merge branch 'master' into master 2019-04-17 10:28:46 -07:00
Javier Ramos
58dd424de8
Prevent potential NoneType not subscriptable
Fix when data['extensions']['subAltNames']['names'] is none
2019-04-17 18:33:52 +02:00
Jose Plana
771f2ebc47 Use SAN_CERT_CSR 2019-04-13 11:01:36 +02:00
Jose Plana
770729a72e Allow csr to be empty during upload 2019-04-13 01:17:12 +02:00
Hossein Shafagh
2ff811ae71 updating cryptography API call, to create right signing algorithm object. 2019-04-13 00:57:48 +02:00
Hossein Shafagh
09796cf7c9 the check_cert_signature() method was attempting to compare RSA and ECC signatures.
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-04-13 00:57:48 +02:00
Jose Plana
406753fcde Fix PEP8 2019-04-13 00:49:35 +02:00
Jose Plana
a5570d07bc Added some documentation for API users. 2019-04-13 00:48:19 +02:00
Jose Plana
c1b02cc8a5 Allow uploading csr along with certificates 2019-04-13 00:48:19 +02:00
Hossein Shafagh
df8d4e0892
Merge branch 'master' into rewrite-java-keystore-use-pyjks 2019-04-12 09:38:50 -07:00
Hossein Shafagh
ceb335f3ab
Merge branch 'master' into master 2019-04-12 09:38:41 -07:00
alwaysjolley
9ecc19c481 adding san filter 2019-04-12 09:53:06 -04:00
Hossein Shafagh
6d67ec7e34 removing unused import 2019-04-11 17:34:02 -07:00
Hossein Shafagh
512e1a0bdd fixing typos 2019-04-11 17:17:28 -07:00
Hossein Shafagh
6ec84a398c checking for None 2019-04-11 17:13:47 -07:00
Hossein Shafagh
69c00c4db5 upon creating a new destination, we also add it as source, if the plugin defines this as an option 2019-04-11 17:13:47 -07:00
Hossein Shafagh
d7abf2ec18 adding a new util method for setting options 2019-04-11 17:13:47 -07:00
Hossein Shafagh
557fac39b5 refactoring the sync job into a service method that we can also call when adding a new destination 2019-04-11 17:13:47 -07:00
Hossein Shafagh
d1ead4b79c removing the announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh
5900828051 simple hardcoded announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh
818da6653d removing the announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh
e1a67e9b4e simple hardcoded announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh
84dfdd0600 removing the announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh
ba691a26d4 simple hardcoded announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh
b66fac0494 removing the announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh
1bda246df2 simple hardcoded announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh
9a210c055a
Merge branch 'master' into hshafagh-src-dst-register 2019-04-11 15:36:48 -07:00
Hossein Shafagh
2459234147 removing lines 2019-04-11 14:34:26 -07:00
Hossein Shafagh
60edab9f6d cleaning up 2019-04-11 14:12:31 -07:00
Hossein Shafagh
ec3d2d7316 fixing typo 2019-04-11 13:51:43 -07:00
Hossein Shafagh
83d408b238
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst 2019-04-11 13:30:12 -07:00
Hossein Shafagh
266c83367d avoiding hard-coded plugin names 2019-04-11 13:29:37 -07:00
Hossein Shafagh
f185df4f1e bringing class AWSDestinationPlugin(DestinationPlugin) after AWSSourcePlugin.slug, such that we can do: sync_as_source_name = AWSSourcePlugin.slug 2019-04-11 13:28:58 -07:00
Curtis Castrapel
2ff57e932c Update requirements - upgrade to py37 2019-04-10 15:40:48 -07:00
Hossein Shafagh
d628e97035
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst 2019-04-10 09:47:06 -07:00
Hossein Shafagh
bc8c7e114a
Merge branch 'master' into hshafagh-src-dst-register 2019-04-09 20:52:33 -07:00
Hossein Shafagh
f3d0536800 removing hardcoded rules, to give more flexibility into defining new source-destinations 2019-04-09 20:49:07 -07:00
Javier Ramos
bfc4f940da
Merge branch 'master' into master 2019-04-09 18:06:09 +02:00
Hossein Shafagh
64c6bb2475
Merge branch 'master' into rewrite-java-keystore-use-pyjks 2019-04-09 08:28:05 -07:00
Marti Raudsepp
dbf34a4d48 Rewrite Java Keystore/Truststore support based on pyjks library 2019-04-06 20:24:46 +03:00
Javier Ramos
d80a6bb405 Added tests for CSR parsing into CertificateInputSchema 2019-04-01 08:44:40 +02:00
Ryan DeShone
e10007ef7b Add support for Vault KV API v2
This adds the ability to target KV API v1 or v2.
2019-03-29 10:32:49 -04:00
Javier Ramos
b86e381e20 Parse SubjectAlternativeNames from CSR into Lemur Certificate 2019-03-27 13:46:33 +01:00
Hossein Shafagh
d2e969b836 better synching of source and destinations 2019-03-26 18:20:14 -07:00
Curtis
4018c68d49
Merge branch 'master' into authority_validation_LE_errors 2019-03-25 08:34:10 -07:00
Curtis Castrapel
c2158ff8fb Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs 2019-03-25 08:28:23 -07:00
Curtis
8a42cfa345
Merge branch 'master' into ghjaramos/master 2019-03-21 08:07:44 -07:00
alwaysjolley
fa4a5122bc fixing file read to trim line endings and cleanup 2019-03-20 14:59:04 -04:00
alwaysjolley
f99b11d50e refactor url and token to support muiltiple instances of vault 2019-03-20 13:51:06 -04:00
Javier Ramos
9e5496b484
Update schemas.py 2019-03-15 10:19:25 +01:00
Javier Ramos
f7452e8379 Parse DNSNames from CSR into Lemur Certificate 2019-03-15 09:29:23 +01:00
alwaysjolley
157db684c3
Merge branch 'master' into lemur_vault_plugin 2019-03-14 11:09:01 -04:00