Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,648 Commits 4 Branches 45 Tags 7.5 MiB
0e02e6da79
Commit Graph

249 Commits

Author SHA1 Message Date
Charles Hendrie
3ad7a37f95 Fix import certificate private key encoding (#434) 
When importing a certificate, the private key is passed to the
import/upload process from the UI as a str object. In Python3 this
raises two issues when processing the private key - the private key
validation fails and database insert of the certificate fails.

The fix in both cases is to correctly encode the private key as a bytes
object.
 2016-10-08 17:04:54 -07:00
kevgliss
2d7a6ccf3c Owner email (#414) 
* Ensuring python2 works with unicode strings.

* adding in owner DN

* fixing tests

* Upgrading requests.

* Fixing tests.
 2016-08-25 10:09:46 -07:00
kevgliss
29a330b1f4 Orphaned certificates (#406) 
* Fixing whitespace.

* Fixing syncing.

* Fixing tests
 2016-07-28 13:08:24 -07:00
kevgliss
f38868a97f Fixing various problems with the syncing of endpoints, throttling sta… (#398) 
* Fixing various problems with the syncing of endpoints, throttling stale endpoints etc.
 2016-07-12 08:40:49 -07:00
kevgliss
1ba7181067 Fixed an issue were default notifications were added even when updati… (#395) 
* Fixed an issue were default notifications were added even when updating a certificate, resulting in duplicate notifications.

* Ensuring imported certificates get the same treatment.
 2016-07-07 11:44:11 -07:00
kevgliss
4077893d08 Ensuring that destinations require private keys by default. (#390) 
* Ensuring that destinations require private keys by default.
 2016-07-04 15:30:20 -07:00
kevgliss
54b888bb08 Adding a toy certificate authority. (#378) 2016-06-29 09:05:39 -07:00
kevgliss
fe9703dd94 Closes #284 (#336) 2016-06-27 14:40:46 -07:00
kevgliss
19b928d663 Fixes #367 2016-06-23 13:29:59 -07:00
kevgliss
d9cc4980e8 Fixing destination upload. (#347) 
* Fixing an issue where uploaded certificates would have a name of 'None'

* Clarifying comment.

* Improving order.
 2016-06-03 18:45:58 -07:00
kevgliss
dc198fec8c Docs (#344) 
* Adding release info.

* adding some fields

* Adding Source Plugin change.

* Updating docs
 2016-06-03 08:28:09 -07:00
kevgliss
72e3fb5bfe Fixing several small issues. (#341) 
* Fixing several small issues.

* Fixing tests.
 2016-06-01 11:18:00 -07:00
kevgliss
b2539b843b Fixing and error causing duplicate roles to be created. (#339) 
* Fixing and error causing duplicate roles to be created.

* Fixing python3

* Fixing python2 and python3
 2016-05-31 15:44:54 -07:00
kevgliss
11f4bd503b Fixes (#332) 
* Ensuring domains are returned correctly.

* Ensuring certificates receive owner role
 2016-05-24 17:10:19 -07:00
kevgliss
1ca38015bc Fixes (#329) 
* Modifying the way roles are assigned.

* Adding migration scripts.

* Adding endpoints field for future use.

* Fixing dropdowns.
 2016-05-23 18:38:04 -07:00
kevgliss
656269ff17 Closes #147 (#328) 
* Closes #147

* Fixing tests

* Ensuring we can validate max dates.
 2016-05-23 11:28:25 -07:00
kevgliss
bd727b825d Making roles more apparent for certificates and authorities. (#327) 2016-05-20 12:48:12 -07:00
kevgliss
e04c1e7dc9 Fixing a few things, adding tests. (#326) 2016-05-20 09:03:34 -07:00
kevgliss
615df76dd5 Closes 262 (#324) 
Moves the authority -> role relationship from a 1 -> many to a many -> many. This will allow one role to control and have access to many authorities.
 2016-05-19 13:37:05 -07:00
kevgliss
b187d8f836 Adding a better comparison. (#320) 2016-05-16 19:03:10 -07:00
kevgliss
1763a1a717 254 duplication certificate name (#319) 2016-05-16 15:59:40 -07:00
kevgliss
62b61ed980 Fixing various issues. (#318) 
* Fixing various issues.

* Fixing tests
 2016-05-16 11:09:50 -07:00
kevgliss
a0c8765588 Various bug fixes. (#314) 2016-05-12 12:38:44 -07:00
kevgliss
f9655213b3 Marshmallowing notifications. (#308) 2016-05-10 11:27:57 -07:00
kevgliss
df0ad4d875 Authorities marshmallow addition (#303) 2016-05-09 11:00:16 -07:00
kevgliss
6ec3bad49a Closes #278 (#298) 
* Closes #278
 2016-05-05 15:28:17 -07:00
kevgliss
52f44c3ea6 Closes #278 and #199, Starting transition to marshmallow (#299) 
* Closes #278  and #199, Starting transition to marshmallow
 2016-05-05 12:52:08 -07:00
kevgliss
3f89d6d009 Merge pull request #271 from kevgliss/195 
Closes #195
 2016-04-08 12:01:10 -07:00
kevgliss
62d03b0d41 Closes #216 2016-04-01 16:54:33 -07:00
kevgliss
bfcfdb83a7 Closes #195 2016-04-01 14:27:57 -07:00
kevgliss
576265e09c Closes #246 2016-04-01 09:19:36 -07:00
kevgliss
028d86c0bb Adding a new flag to export plugins 'requires_key' that specifies whether the export plugin needs access to the private key. Defaults to True. 2016-01-29 12:45:18 -08:00
kevgliss
2ba48995fe Fixing documentation for filter format 2016-01-29 11:47:16 -08:00
kevgliss
1e524a49c0 making 'replacements' a non-require attribute for importing. Closes #226 2016-01-29 09:02:51 -08:00
kevgliss
0a4f5ad64d Fixing an assumption that 'subAltNames' are always passed to the API. 2016-01-10 17:33:19 -08:00
kevgliss
3f024c1ef4 Adds ability for domains to be marked as sensitive and only be allowed to be issued by an admin closes #5 2015-12-30 15:11:08 -08:00
kevgliss
cabe2ae18d Adding the ability to issue third party created CSRs 2015-12-29 10:49:33 -08:00
kevgliss
9cadebcd50 adding example requests 2015-11-30 13:51:27 -08:00
kevgliss
ec896461a7 Adding final touches to #125 2015-11-30 09:47:36 -08:00
kevgliss
8eeed821d3 Adding UI elements 2015-11-27 13:27:14 -08:00
kevgliss
920d595c12 Initial work on #125 2015-11-25 14:54:08 -08:00
kevgliss
1c6e9caa40 Closes #144 2015-11-24 16:07:44 -08:00
kevgliss
d6b3f5af81 Closes #122 2015-11-24 14:53:22 -08:00
Robert Picard
40eb950e94 Use MultiFernet for encryption 
Facilitates key rotation and uses more secure encryption than what
sqlalchemy-utils does.

Fixes #117 and #119.
 2015-10-13 16:58:58 -07:00
kevgliss
168f46a436 Adding the ability to track a certificates signing key algorithm 2015-10-06 12:51:59 -07:00
kevgliss
5cfa9d4bc5 description should be optional 2015-09-29 16:37:32 -07:00
kevgliss
7ebd0bf5d4 making fields required 2015-09-24 08:42:31 -07:00
kevgliss
06a69c09a0 Fixing a bug where notifications associated during certificate creation would not be respected. 2015-09-22 13:01:05 -07:00
kevgliss
be6a5b859e adding notification example 2015-09-22 09:46:54 -07:00
kevgliss
aaae4d5a1f unifying lemur defaults 2015-09-04 15:52:56 -07:00
kevgliss
3b109ec578 Cleaning up temporary file creation, and revocation checking 2015-09-02 09:19:06 -07:00
kevgliss
45158c64a2 cleaning up temporary file creation 2015-09-02 09:19:06 -07:00
kevgliss
aca69ce03c Closes #53 2015-09-02 09:15:11 -07:00
kevgliss
bf8ce354e5 Closes #55 2015-09-02 09:13:47 -07:00
kevgliss
8d09d865b1 Closes #57 2015-09-02 09:13:47 -07:00
kevgliss
8977c5ddbf Ensuring notifications follow owner 2015-08-29 12:02:50 -07:00
kevgliss
9a04371680 Adding ability to define distinguished names in config 2015-08-27 12:59:40 -07:00
kevgliss
a07db5625b Fixing an issue were extensions were implicitly required 2015-08-22 10:22:36 -07:00
kevgliss
4b7a55c89f Fixing issue with a certificate with no role not being viewable 2015-08-21 16:08:53 -07:00
kevgliss
6b2da2fe6b Fixes #35 2015-08-19 18:05:18 -07:00
kevgliss
eb55d5465f Making LEMUR_DEFAULT_SECURITY_EMAIL optional 2015-08-17 16:03:57 -07:00
kevgliss
32ef793c4d Switch to relying on the configuration key in the configuration file 2015-08-08 16:12:29 -07:00
kevgliss
fc68552d0f Making Lemur py3 compatible 2015-08-03 21:07:28 -07:00
kevgliss
7d169f7c4c Fixing up some of the sync related code 2015-08-03 13:51:27 -07:00
kevgliss
cdb3814469 Fixing notification deduplication and roll up 2015-08-02 09:14:27 -07:00
kevgliss
c9e9a9ed7c Fixing upload description 2015-08-02 07:45:10 -07:00
kevgliss
02b717dd7c Fixing upload, and removing old unneeded code 2015-08-02 05:57:26 -07:00
kevgliss
aef1587635 Adding default notifications 2015-08-01 19:08:46 -07:00
kevgliss
46652ba117 Purging ELB and Listener specific models 2015-08-01 15:47:14 -07:00
kevgliss
e247d635fc Adding backend code for sources models 2015-08-01 15:29:34 -07:00
kevgliss
c5a6a0570a adding link to python packaging documentation 2015-07-31 19:02:44 -07:00
kevgliss
1e748a64d7 Initial support for notification plugins closes #8, closes #9, closes #7, closes #4, closes #16 2015-07-29 17:13:06 -07:00
kevgliss
c02390d63b PEP8 2015-07-23 09:08:07 -07:00
kevgliss
a4ed83cb62 Refactoring out challenge 2015-07-23 08:52:30 -07:00
kevgliss
8d576aa3d8 Fixing tests 2015-07-22 10:51:55 -07:00
kevgliss
c75e20a1ea Pleasing the PEP8 gods 2015-07-21 13:06:13 -07:00
kevgliss
0c7204cdb9 Refactored 'accounts' to be more general with 'destinations' 2015-07-10 17:06:57 -07:00
kevgliss
5156371913 Modify the naming structure for certificates. AWS is pretty picky about what is a valid name. 2015-07-08 16:39:00 -07:00
kevgliss
002f83092d Changing the signature of save_cert, we don't create a csr_config anymore so it doesn't make sense to store it. Additionally 'challenge' is a verisign specific thing and should be factored out. We have stopped saving it as well. 2015-07-08 16:37:48 -07:00
kevgliss
f660450043 Aligning config variables 2015-07-07 17:23:46 -07:00
kevgliss
8239aa55e1 fixing conflicts 2015-07-07 16:26:37 -07:00
kevgliss
82c4be29a4 fixing merge conflict 2015-07-07 15:36:39 -07:00
kevgliss
c59bf3f257 Fixing tests 2015-07-06 10:53:12 -07:00
kevgliss
3f49bb95ff Starting to move to new plugin architecture. 2015-07-04 12:47:57 -07:00
kevgliss
b17e12bed4 Doc fix 2015-07-03 12:59:48 -07:00
kevgliss
95bab9331d Enabling CSR generation and reducing complexity of encryption/decrypting the 'key' dir. 2015-07-03 10:30:17 -07:00
kevgliss
8cbc6b8325 Initial work at removing openssl 2015-07-02 15:48:56 -07:00
Kevin Glisson
bc0f9534c2 Refactoring 'create_name' out of our certificate class, fixed an issuer were key size was being calculated and removing unused functions 2015-07-02 15:48:56 -07:00
Kevin Glisson
096d88bc9b Ensuring a 404 is returned when we can't find the specified certificate 2015-07-02 15:48:56 -07:00
Kevin Glisson
f28d3a54c5 API change in cryptography 2015-07-02 15:48:55 -07:00
Kevin Glisson
37669b906c Fixes an issue where the issuer has special chars in the name. AWS dislikes special chars in certificate names so we strip them out here. In general we want to have the name tracked by Lemur be the same as what is uploaded to various destinations. 2015-07-02 15:48:54 -07:00
kevgliss
1a01209e78 Merge pull request #10 from kevgliss/tests 
Tests
 2015-06-29 14:10:54 -07:00
Kevin Glisson
964d1c1c52 Refactoring 'create_name' out of our certificate class, fixed an issuer were key size was being calculated and removing unused functions 2015-06-26 16:18:31 -07:00
Kevin Glisson
1f9d943a4c Ensuring a 404 is returned when we can't find the specified certificate 2015-06-26 16:17:22 -07:00
Kevin Glisson
c6ae689dc8 Adding role tests 2015-06-26 10:31:55 -07:00
kevgliss
b1f93c5dd2 Merge pull request #3 from kevgliss/hotfix/upload 
API change in cryptography
 2015-06-25 13:57:45 -07:00
Kevin Glisson
e92113d28f API change in cryptography 2015-06-25 13:50:46 -07:00
Kevin Glisson
be97f3dcc2 Fixes an issue where the issuer has special chars in the name. AWS dislikes special chars in certificate names so we strip them out here. In general we want to have the name tracked by Lemur be the same as what is uploaded to various destinations. 2015-06-24 16:51:44 -07:00
Kevin Glisson
4330ac9c05 initial commit 2015-06-22 13:47:27 -07:00