Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,032 Commits 4 Branches 45 Tags
Commit Graph

1912 Commits

Author SHA1 Message Date
alwaysjolley
20518bc377
Merge branch 'master' into lemur_vault_plugin 2019-03-01 09:58:43 -05:00
alwaysjolley
5d2f603c84 renamed vault destination plugin to avoid conflict with vault pki plugin 2019-03-01 09:49:52 -05:00
Ronald Moesbergen
63de8047ce Return 'already deleted' instead of 'not found' when cert has already been deleted 2019-02-27 09:38:25 +01:00
Ronald Moesbergen
a9735e129c Merge branch 'master' into allow-cert-deletion 2019-02-27 09:28:48 +01:00
Hossein Shafagh
658c58e4b6 clarifying comments 2019-02-26 17:04:43 -08:00
Hossein Shafagh
9dbae39604 updating cryptography API call, to create right signing algorithm object. 2019-02-26 16:42:26 -08:00
Hossein Shafagh
16a18cc4b7 adding more edge test cases for EC-certs 2019-02-26 16:42:26 -08:00
Hossein Shafagh
aec7c7b0bc
Merge branch 'master' into fixing-signature-verify-ecc 2019-02-26 09:28:48 -08:00
alwaysjolley
53301728fa Moved url to config file instead of plugin option. One one url can be supported 
unless both the token and url are moved to the plugin options.
 2019-02-26 09:15:12 -05:00
Hossein Shafagh
40fac02d8b the check_cert_signature() method was attempting to compare RSA and ECC signatures. 
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
 2019-02-25 19:05:54 -08:00
alwaysjolley
cd65a36437 - support multiple bundle configuration, nginx, apache, cert only 
- update vault destination to support multi cert under one object
- added san list as key value
- read and update object with new keys, keeping other keys, allowing
us to keep an iterable list of keys in an object for deploying multiple
certs to a single node
 2019-02-25 09:42:07 -05:00
Ronald Moesbergen
ef0c08dfd9 Fix: when no alias is entered when exporting a certificate, the alias is set to 'blah'. 
This fix sets it to the common name instead.
 2019-02-21 16:33:43 +01:00
alwaysjolley
eaa73998a0 adding lemur_vault destination plugin 2019-02-19 15:03:15 -05:00
Ronald Moesbergen
29bda6c00d Fix typo's 2019-02-14 11:58:29 +01:00
Ronald Moesbergen
8abf95063c Implement a ALLOW_CERT_DELETION option (boolean, default False). When enabled, the certificate delete API call will work and the UI 
will no longer display deleted certificates. When disabled (the default), the delete API call will not work (405 method not allowed)
 and the UI will show all certificates, regardless of the 'deleted' flag.
 2019-02-14 11:57:27 +01:00
Hossein Shafagh
e034771e36
Merge branch 'master' into special-issuer-for-selfsigned-certs 2019-02-11 12:04:33 -08:00
Hossein Shafagh
605663704b
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst 2019-02-05 12:41:33 -08:00
Hossein Shafagh
e139b92b24
Merge branch 'master' into hshafagh-src-dst-register 2019-02-05 12:41:26 -08:00
Hossein Shafagh
6d1ef933c4 creating a new celery task to sync sources with destinations. This is as a measure to make sure important new destinations are also present as sources. 2019-02-05 10:48:52 -08:00
Hossein Shafagh
2107d58050
Merge branch 'master' into get_by_attributes 2019-02-05 10:31:35 -08:00
Hossein Shafagh
8d261b4120
Merge branch 'master' into special-issuer-for-selfsigned-certs 2019-02-05 10:29:20 -08:00
Marti Raudsepp
51248c1938 Use special issuer values <selfsigned> and <unknown> in special cases 
This way it's easy to find/distinguish selfsigned certificates stored in
Lemur.
 2019-02-05 16:56:09 +02:00
Hossein Shafagh
1d2771b014
Merge branch 'master' into get_by_attributes 2019-02-04 21:07:09 -08:00
Hossein Shafagh
f249a82d71 renaming destination to source. 2019-02-04 16:10:48 -08:00
Hossein Shafagh
44a060b159 adding support for creating a source while creating a new dst, while the destination is from AWS 2019-02-04 15:36:39 -08:00
sirferl
c1cf8d7a92
Merge branch 'master' into ADCS-plugin 2019-02-02 19:21:22 +01:00
Hossein Shafagh
45fbaf159a
Merge branch 'master' into master 2019-02-01 16:50:09 -08:00
Hossein Shafagh
8e93d007be
Merge branch 'master' into get_by_attributes 2019-02-01 16:48:50 -08:00
Hossein Shafagh
6705a0e030
Merge branch 'master' into ADCS-plugin 2019-02-01 16:38:39 -08:00
sirferl
36ab1c0bec
Merge branch 'master' into ADCS-plugin 2019-02-01 19:10:46 +01:00
Marti Raudsepp
e24a94d798 Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes 
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
 2019-01-30 18:11:24 +02:00
Curtis
e475d90e2e
Merge branch 'master' into master 2019-01-30 07:20:44 -08:00
Hossein Shafagh
e5ddf08f48
Merge branch 'master' into master 2019-01-29 16:37:29 -08:00
Hossein Shafagh
7f4f4ffded
Merge branch 'master' into master 2019-01-29 16:30:15 -08:00
Hossein Shafagh
48ad20faca moving the 2 year validity issue to the Verisign plugin, and address it there 2019-01-29 16:17:08 -08:00
Curtis
1e708bf1c7
Merge branch 'master' into password_noninteractive 2019-01-29 15:21:34 -08:00
Curtis Castrapel
d2317acfc5 allowing create_user with noninteractive PW;updating reqs 2019-01-29 15:17:40 -08:00
Curtis
29638c7f3b
Merge branch 'master' into master 2019-01-29 14:59:55 -08:00
Curtis
93021a5d89
Merge branch 'master' into expose-cert-distinguished-name 2019-01-29 14:56:31 -08:00
alwaysjolley
c68a9cf80a fixing linting issues 2019-01-29 11:10:56 -05:00
alwaysjolley
254a3079f2 fix whitespace 2019-01-29 11:01:55 -05:00
alwaysjolley
b4d1b80e04 Adding support for cfssl auth mode signing 2019-01-29 10:13:44 -05:00
sirferl
c77ccdf46e
Merge branch 'master' into ADCS-plugin 2019-01-28 17:57:46 +01:00
Hossein Shafagh
c47fa0f9a2 adjusting the tests to reflect on the new full year convert limit! 2019-01-24 17:52:22 -08:00
Hossein Shafagh
a9724e7383 Resolving the 2 years error from UI during cert creation: 
Though a CA would accept two year validity, we were getting error for being beyond 2 years.
This is because our current conversion is just current date plus 2 years,
1/25/2019 + 2 years ==> 1/25/2019
This is more strictly seen two years and 1 day extra, violating the 2 year's limit.
 2019-01-24 17:23:40 -08:00
Marti Raudsepp
4b893ab5b4 Expose full certificate RFC 4514 Distinguished Name string 
Using rfc4514_string() method added in cryptography version 2.5.
 2019-01-23 10:03:40 +02:00
Ronald Moesbergen
4c4fbf3e48 Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted. 2019-01-21 10:25:28 +01:00
Ronald Moesbergen
cb35f19d6c Add 'delete_cert' to enum log_type in logs table 2019-01-21 10:22:03 +01:00
Curtis Castrapel
0336d68ee2 Merge remote-tracking branch 'upstream/master' 2019-01-17 14:56:12 -08:00
Curtis Castrapel
7f88c24e83 Fix LetsEncrypt Dyn flow for duplicate CN/SAN 2019-01-17 14:56:04 -08:00