Commit Graph

3161 Commits

Author SHA1 Message Date
csine-nflx 77b67f613f removing dependency on distutils from setup.py 2020-09-01 16:07:47 -07:00
csine-nflx 0077452e10 fixing import order to fix travis builds 2020-09-01 15:26:23 -07:00
sayali 8ad4448c85 Match date format for comparison + expected new lines 2020-09-01 12:44:49 -07:00
sayali db4f68f0ed Logs during cert validity truncate for digicert 2020-08-31 18:20:32 -07:00
sayali 9c4fb85dc3 Calculate dates from defaultDays in js 2020-08-31 18:19:32 -07:00
Hossein Shafagh d478def98c removing the custom key Type and doing the conversion in the backend 2020-08-31 16:35:47 -07:00
Hossein Shafagh 9a7a632489 using a standard curve for testing 2020-08-28 09:48:35 -07:00
Hossein Shafagh a50c641044
Merge branch 'master' into ecc-support-for-authority-minting 2020-08-27 15:23:46 -07:00
Hossein Shafagh 9671b34485 adding support for all type of ECC curves which existing CA plugins might support 2020-08-27 14:15:14 -07:00
csine-nflx 91c2976bfc fixing Makefile build issue with @echo 2020-08-27 14:15:14 -07:00
csine-nflx 75eaea3aad fixing setup-git so build continues if ./git/hooks does not exist. 2020-08-27 14:15:14 -07:00
sayali 1fc2e29ab8 Remove 397 days validation as it causes error in API calls
More to come in future
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] 1577f99567 Bump boto3 from 1.14.33 to 1.14.48
Bumps [boto3](https://github.com/boto/boto3) from 1.14.33 to 1.14.48.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.14.33...1.14.48)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] 9d37f8018a Bump arrow from 0.15.8 to 0.16.0
Bumps [arrow](https://github.com/arrow-py/arrow) from 0.15.8 to 0.16.0.
- [Release notes](https://github.com/arrow-py/arrow/releases)
- [Changelog](https://github.com/arrow-py/arrow/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/arrow-py/arrow/compare/0.15.8...0.16.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] beea47fd09 Bump cloudflare from 2.8.9 to 2.8.13
Bumps [cloudflare](https://github.com/cloudflare/python-cloudflare) from 2.8.9 to 2.8.13.
- [Release notes](https://github.com/cloudflare/python-cloudflare/releases)
- [Changelog](https://github.com/cloudflare/python-cloudflare/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/python-cloudflare/compare/2.8.9...2.8.13)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] 4955ec8541 Bump pytest-mock from 3.2.0 to 3.3.0
Bumps [pytest-mock](https://github.com/pytest-dev/pytest-mock) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/pytest-dev/pytest-mock/releases)
- [Changelog](https://github.com/pytest-dev/pytest-mock/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest-mock/compare/v3.2.0...v3.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] ced9696322 Bump inflection from 0.5.0 to 0.5.1
Bumps [inflection](https://github.com/jpvanhal/inflection) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/jpvanhal/inflection/releases)
- [Commits](https://github.com/jpvanhal/inflection/compare/0.5.0...0.5.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] 50d5c15a69 Bump sphinx from 3.2.0 to 3.2.1
Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES)
- [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.2.0...v3.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] 54ca1315ca Bump faker from 4.1.1 to 4.1.2
Bumps [faker](https://github.com/joke2k/faker) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/joke2k/faker/releases)
- [Changelog](https://github.com/joke2k/faker/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/joke2k/faker/compare/v4.1.1...v4.1.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] f7abfff51d Bump nodeenv from 1.4.0 to 1.5.0
Bumps [nodeenv](https://github.com/ekalinin/nodeenv) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/ekalinin/nodeenv/releases)
- [Changelog](https://github.com/ekalinin/nodeenv/blob/master/CHANGES)
- [Commits](https://github.com/ekalinin/nodeenv/compare/1.4.0...1.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] d4dfa63cf5 Bump pre-commit from 2.6.0 to 2.7.1
Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.6.0 to 2.7.1.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pre-commit/pre-commit/compare/v2.6.0...v2.7.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] cbc328d073 Bump factory-boy from 2.12.0 to 3.0.1
Bumps [factory-boy](https://github.com/FactoryBoy/factory_boy) from 2.12.0 to 3.0.1.
- [Release notes](https://github.com/FactoryBoy/factory_boy/releases)
- [Changelog](https://github.com/FactoryBoy/factory_boy/blob/master/docs/changelog.rst)
- [Commits](https://github.com/FactoryBoy/factory_boy/compare/2.12.0...3.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] c5106f5fa4 Bump fakeredis from 1.4.1 to 1.4.3
Bumps [fakeredis](https://github.com/jamesls/fakeredis) from 1.4.1 to 1.4.3.
- [Release notes](https://github.com/jamesls/fakeredis/releases)
- [Commits](https://github.com/jamesls/fakeredis/compare/1.4.1...1.4.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] 07f1d751c4 Bump acme from 1.6.0 to 1.7.0
Bumps [acme](https://github.com/letsencrypt/letsencrypt) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/letsencrypt/letsencrypt/releases)
- [Commits](https://github.com/letsencrypt/letsencrypt/compare/v1.6.0...v1.7.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
sirferl ab4cda2298 Extended ADCS_TEMPLATE_ Variable
If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
2020-08-27 14:15:14 -07:00
sayali 7a9500eee0 Lint error fix 2020-08-27 14:15:14 -07:00
sayali e79dda3384 doc update DEFAULT_MAX_VALIDITY_DAYS 2020-08-27 14:15:14 -07:00
sayali 5ed109e998 Max end date as per start date + default validity 3 years 2020-08-27 14:15:14 -07:00
sayali 599a6943e2 Updating LEMUR_DEFAULT_ORGANIZATIONAL_UNIT to empty string 2020-08-27 14:15:14 -07:00
sayali 7011a4df8b max date on UI as per max validity configs 2020-08-27 14:15:14 -07:00
sayali 4d7c6844e5 Make Organizational Unit optional 2020-08-27 14:15:14 -07:00
sayali 2645c4a82d mention 397 for digicert plugin 2020-08-27 14:15:14 -07:00
sayali 8d2fffba87 Add new configs to the doc 2020-08-27 14:15:14 -07:00
sayali 3cb386cc0f maximum 1 year validity for digicert 2020-08-27 14:15:14 -07:00
sayali e06dea106f Modify unit test test_determine_end_date to match new config 2020-08-27 14:15:14 -07:00
dependabot-preview[bot] 747df683a9 Bump sphinx from 3.1.2 to 3.2.0
Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.1.2 to 3.2.0.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES)
- [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.1.2...v3.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
sayali 8a1563db54 Updating Lemur docs to capture Digicert validity config changes 2020-08-27 14:15:14 -07:00
sayali d7d483fa9b Renaming PUBLIC_CA to PUBLIC_CA_AUTHORITY_NAMES 2020-08-27 14:15:14 -07:00
sayali 25125f3257 Cert validity should not exceed 397 days for publicly trusted issuers 2020-08-27 14:15:14 -07:00
dependabot-preview[bot] a7082f7332 Bump cloudflare from 2.8.8 to 2.8.9
Bumps [cloudflare](https://github.com/cloudflare/python-cloudflare) from 2.8.8 to 2.8.9.
- [Release notes](https://github.com/cloudflare/python-cloudflare/releases)
- [Changelog](https://github.com/cloudflare/python-cloudflare/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/python-cloudflare/compare/2.8.8...2.8.9)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
sayali 404d213e8f Modified cert description to have cert id being cloned 2020-08-27 14:15:14 -07:00
sayali e75e472a1a Do not inherit replacement info during cert clone 2020-08-27 14:15:14 -07:00
sayali 69b64c63ea Honor selected algorithm during certificate cloning 2020-08-27 14:15:14 -07:00
Hossein Shafagh d07464f3b1 updating documentation for cross-signed ICA 2020-08-27 14:15:14 -07:00
dependabot-preview[bot] de0e646cf9 Bump boto3 from 1.14.28 to 1.14.33
Bumps [boto3](https://github.com/boto/boto3) from 1.14.28 to 1.14.33.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.14.28...1.14.33)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] 5c5e53b8ec Bump botocore from 1.17.28 to 1.17.33
Bumps [botocore](https://github.com/boto/botocore) from 1.17.28 to 1.17.33.
- [Release notes](https://github.com/boto/botocore/releases)
- [Changelog](https://github.com/boto/botocore/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/botocore/compare/1.17.28...1.17.33)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
dependabot-preview[bot] 85f18afa81 Bump pytest from 5.4.3 to 6.0.1
Bumps [pytest](https://github.com/pytest-dev/pytest) from 5.4.3 to 6.0.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/5.4.3...6.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-27 14:15:14 -07:00
csine-nflx bc8eda2a6b fixing Dockerfile, Lemur builds now 2020-08-27 14:15:14 -07:00
Hossein Shafagh f4bcd1cf30 lack of an empty config file was resulting into this error
```
Traceback (most recent call last):
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
    self.acme.request_certificate(mock_acme, [], mock_order)
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
    current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
2020-08-27 14:15:14 -07:00
Hossein Shafagh 5a6e4e5b43 Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore.
https://letsencrypt.org/certificates/

Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html

This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
2020-08-27 14:15:14 -07:00