Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,090 Commits 4 Branches 45 Tags
0e3638b86cded2594d2c0d7a91f29cf1146404cc
Commit Graph

364 Commits

Author SHA1 Message Date
Ronald Moesbergen
8abf95063c Implement a ALLOW_CERT_DELETION option (boolean, default False). When enabled, the certificate delete API call will work and the UI 
will no longer display deleted certificates. When disabled (the default), the delete API call will not work (405 method not allowed)
 and the UI will show all certificates, regardless of the 'deleted' flag.
 2019-02-14 11:57:27 +01:00
Hossein Shafagh
1d2771b014 Merge branch 'master' into get_by_attributes 2019-02-04 21:07:09 -08:00
Hossein Shafagh
45fbaf159a Merge branch 'master' into master 2019-02-01 16:50:09 -08:00
Hossein Shafagh
8e93d007be Merge branch 'master' into get_by_attributes 2019-02-01 16:48:50 -08:00
Marti Raudsepp
e24a94d798 Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes 
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
 2019-01-30 18:11:24 +02:00
Hossein Shafagh
e5ddf08f48 Merge branch 'master' into master 2019-01-29 16:37:29 -08:00
Marti Raudsepp
4b893ab5b4 Expose full certificate RFC 4514 Distinguished Name string 
Using rfc4514_string() method added in cryptography version 2.5.
 2019-01-23 10:03:40 +02:00
Ronald Moesbergen
4c4fbf3e48 Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted. 2019-01-21 10:25:28 +01:00
Curtis Castrapel
31a86687e7 Reduce the expense of joins 2019-01-14 09:20:02 -08:00
Curtis Castrapel
c4e6e7c59b Optimize DB cert filtering 2019-01-14 08:02:27 -08:00
Marti Raudsepp
542e953919 Check that stored private keys match certificates 
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
  even when issuer plugins or other code paths have bugs.
 2018-12-31 16:28:20 +02:00
sirferl
a50d80992c updated query to ignore empty parameters 2018-12-12 12:45:48 +01:00
Curtis Castrapel
39b76d18dc add countdown to async call 2018-11-28 14:41:56 -08:00
Curtis Castrapel
e074a14ee9 unit test 2018-11-28 14:27:03 -08:00
Curtis Castrapel
2381d0a4bb Add async call to create pending cert when needed 2018-11-28 11:32:52 -08:00
Curtis Castrapel
3ce8abe46e Left outer join on domains tables to avoid missing results 2018-11-13 14:33:17 -08:00
Curtis
29be647911 Merge branch 'master' into no_csr_reissue 2018-11-12 09:54:47 -08:00
Curtis Castrapel
a7a05e26bc Do not re-use CSR during certificate reissuance; Update requirement; Add more logging to celery handler 2018-11-12 09:52:11 -08:00
Curtis Castrapel
1643650685 Changing essential part of query 2018-11-07 16:02:04 -08:00
Curtis Castrapel
08a2a2b0e5 Optimize certificate filtering by name 2018-11-07 15:34:25 -08:00
Curtis Castrapel
52e773230d Add new gin index to optimize ILIKE queries 2018-11-05 10:29:11 -08:00
Curtis Castrapel
50761d9d3b safer reissue, fix celery sync job 2018-10-29 13:22:50 -07:00
Curtis
a8b357965e Merge branch 'master' into get_by_attributes 2018-10-29 08:15:42 -07:00
Curtis
2138930102 Merge branch 'master' into get_by_attributes 2018-10-24 07:20:46 -07:00
James Chuong
75069cd52a Add CSR to certificiates 
Add csr column to certificates field, as pending certificates have
exposed the CSR already.  This is required as generating CSR from
existing certificate is will not include SANs due to OpenSSL bug:
https://github.com/openssl/openssl/issues/6481

Change-Id: I9ea86c4f87067ee6d791d77dc1cce8f469cb2a22
 2018-10-23 17:46:04 -07:00
Curtis Castrapel
73ed5164cd deps 2018-10-22 14:51:13 -07:00
Non Sequitur
81d114092e Merge branch 'github' into get_by_attributes 2018-10-17 12:00:36 -04:00
Non Sequitur
48017a9d4c Added get_by_attributes to the certificates service, for fetching certs based on arbitrary attributes. Also associated test and extra tests for other service methods 2018-10-17 11:42:09 -04:00
Curtis Castrapel
cc18a68c00 Lemur LetsEncrypt Polling Support 2018-10-11 22:01:05 -07:00
Curtis Castrapel
e91d8ec81b add indexes to domains and certificates tables to optimize load time 2018-10-11 11:36:50 -07:00
Non Sequitur
50919d85a8 Merge remote-tracking branch 'upstream/master' into improved_verify 2018-09-27 11:19:06 -04:00
Mike Culbertson
590fac4aa8 docstring update in verify.py 2018-09-27 10:11:13 -04:00
Mike Culbertson
652d7f65dd flake8 tweak 2018-09-27 09:28:21 -04:00
Curtis Castrapel
563f0fb9b2 Celery refactoring, celery beat job in configuration 2018-09-17 10:52:12 -07:00
Curtis Castrapel
23382b2777 Celery integration 2018-09-13 10:35:54 -07:00
Curtis Castrapel
7d42e4ce67 Fix certificate import issues 2018-09-10 10:34:47 -07:00
Mike Culbertson
2815ddf6c8 Moved cert object to be passed to both ocsp/crl methods so we can report in better detail on the certs. Ensured proper returns of False (revoked) True (good) None (unknown) throughout the methods. 2018-08-31 13:34:55 -04:00
Mike Culbertson
34c88494b8 More specific exception catch for cert parsing. line shortening. 2018-08-31 12:19:55 -04:00
Mike Culbertson
7dbca821c3 Reducing the stacked exceptions plus a bit of pep8 2018-08-31 12:01:49 -04:00
Curtis Castrapel
1ad61b1550 allow null validity periods 2018-08-17 07:57:55 -07:00
Curtis Castrapel
bb026b8b59 Allow LetsEncrypt renewals and requesting certificates without specifying DNS provider 2018-08-13 14:22:59 -07:00
Marti Raudsepp
82158aece6 Fill in missing cert rotation_policy; don't ignore validation errors when re-issuing certs 
CertificateInputSchema requires the rotation_policy field, but
certificates created before the field existed have set to NULL. Thus
saving such certificates failed and probably caused other errors.

Made cert re-issuing (get_certificate_primitives) more strict so such
errors are harder to miss in the future.
 2018-08-03 20:06:21 +03:00
Mike Grima
d6b482755b Proper flask_restful boolean parsing. 
This is documented here: https://github.com/flask-restful/flask-restful/issues/488
 2018-07-30 13:49:41 -07:00
Curtis Castrapel
f93e938cda no bare except 2018-07-20 10:53:47 -07:00
Curtis Castrapel
5a01840784 Explicit capture exception during create failure 2018-07-20 10:47:19 -07:00
Steven Reiling
7f3454128d Adds an optional interval variable to notification service's 
create_default_expiration_notifications and introduces a new optional
configuration variable, LEMUR_SECURITY_TEAM_EMAIL_INTERVALS, to allow admins
control over the centralized email notification defaults.
 2018-07-13 14:08:31 -07:00
Marti Raudsepp
0398c6e723 Clean up module imports 
Example:
* import lemur.common.utils -> from lemur.common import utils
* import sqlalchemy.types as types -> from sqlalchemy import types
 2018-07-07 23:56:23 +03:00
Marti Raudsepp
d690ea32bc Cache parsed certificate instead of re-parsing for each field 
Use @cached_property decorator to cache the results of parse_certificate().

This significantly cuts down on the number of times certs need to be
parsed for a list view.
 2018-07-03 17:31:44 +03:00
Marti Raudsepp
50846eb682 Expose certificate dateCreated via API 2018-07-02 18:24:18 +03:00
Curtis Castrapel
544a02ca3f Addressing comments. Updating copyrights. Added function to determine authorative name server 2018-05-29 10:23:01 -07:00