Hossein Shafagh
b885cdf9d0
adding multi profile name support with DigiCert plug.
...
This requires that the configs are a dict, with multiple entries, where the key is the name of the Authority used to issue certs with.
DIGICERT_CIS_PROFILE_NAMES = {"sha2-rsa-ecc-root": "ssl_plus"}
DIGICERT_CIS_ROOTS = {"root": "ROOT"}
DIGICERT_CIS_INTERMEDIATES = {"inter": "INTERMEDIATE_CA_CERT"}
Hence, in DB one need to add
1) the corresponding authority table, with digicert-cis-issuer. Note the names here are used to mapping in the above config
2) the corresponding intermediary in the certificate table , with root_aurhority_id set to the id of the new authority_id
2019-08-07 10:24:38 -07:00
Kush Bavishi
a7c2b970b0
Unit testing Part 1
2019-08-05 14:00:22 -07:00
Hossein Shafagh
ad6c38960a
Merge branch 'master' into ultradnsPlugin
2019-07-31 16:05:36 -07:00
Kush Bavishi
2903799b85
Changed string formatting from "{}".format() to f"{}" for consistency
2019-07-31 14:19:49 -07:00
Hossein Shafagh
e8e4f826ea
updating logging format
2019-07-31 13:09:31 -07:00
Kush Bavishi
5a401b2d87
Added the Zone class and Record class to ultradns.py and removed the respective files
2019-07-31 12:04:42 -07:00
Kush Bavishi
fe075dc9f5
Changed function comments to doc strings.
2019-07-31 12:00:31 -07:00
Kush Bavishi
503df999fa
Updated metrics.send to send function named, followed by status, separated by a period
2019-07-31 11:32:04 -07:00
Kush Bavishi
11cd095131
Reduced the number of calls to get_public_authoritative_nameserver by using a variable
2019-07-31 11:12:28 -07:00
Kush Bavishi
3ba7fdbd49
Updated logger to log a dictionary instead of a string
2019-07-31 11:11:39 -07:00
Hossein Shafagh
0f591e9a3d
Merge branch 'master' into moving-cronjobs-to-celery-v2
2019-07-30 14:13:59 -07:00
Hossein Shafagh
6bf920e66c
Merge branch 'master' into ultradnsPlugin
2019-07-30 14:13:45 -07:00
Hossein Shafagh
7810095796
Merge branch 'master' into better-error-handling-dyn
2019-07-30 13:27:43 -07:00
Kush Bavishi
44bc562e8b
Update ultradns.py
...
Minor logging changes in wait_for_dns_change
2019-07-30 13:08:16 -07:00
Kush Bavishi
3d48b422b5
Removed TODO
2019-07-30 11:39:35 -07:00
Hossein Shafagh
a89cbe9332
moving all cron jobs to become celery jobs
2019-07-30 09:57:15 -07:00
Kush Bavishi
3ad791e1ec
Dynamically obtain the authoritative nameserver for the domain
2019-07-29 18:01:28 -07:00
Kush Bavishi
e993194b4f
Check ultraDNS authoritative server first. Upon success, check Googles DNS server.
2019-07-29 14:59:28 -07:00
Hossein Shafagh
adabe18c90
metric tags, to be able to track which domains where failing during the LetsEncrypt domain validation
2019-07-25 18:56:28 -07:00
Hossein Shafagh
429e6a967c
better error handling for redis
2019-07-25 18:49:19 -07:00
Kush Bavishi
252410c6e9
Updated TTL from 300 to 5
2019-07-22 16:00:20 -07:00
Kush Bavishi
51f3b7dde0
Added the Record class for UltraDNS
2019-07-22 14:23:40 -07:00
Kush Bavishi
0b52aa8c59
Added Zone class to handle ultradns zones
2019-07-22 11:47:48 -07:00
Hossein Shafagh
36ebba6491
source is not dict
2019-07-18 15:16:01 -07:00
Kush Bavishi
e37a7c775e
Initial commit for the UltraDNS plugin to support Lets Encrypt
2019-07-18 14:29:54 -07:00
Hossein Shafagh
09c0fa0f94
updating the function declaration
2019-07-16 17:21:01 -07:00
Hossein Shafagh
cd1aeb15f1
adding testing for redis
2019-07-12 11:50:12 -07:00
Hossein Shafagh
1b1bdbb261
spacing
2019-07-12 10:25:37 -07:00
Hossein Shafagh
97d74bfa1d
fixing the app context issue. we will create an app if no current_app available
2019-07-12 08:47:39 -07:00
Hossein Shafagh
2628ed1a82
better alerting
2019-07-11 23:00:35 -07:00
Curtis Castrapel
8eb639e366
Initial LetsEncrypt / Celery docs
2019-07-09 11:13:11 -07:00
Curtis Castrapel
0c5a8f2039
Relax celery time limit for source syncing; Ensure metric tags are string
2019-07-01 08:35:04 -07:00
Hossein Shafagh
0e037973b2
Revert "Faster permalink"
2019-06-26 10:31:58 -07:00
Curtis
850620c2a2
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:41:08 -07:00
Curtis
5df06501f6
Merge pull request #2814 from intgr/expose-cert-hasprivaatekey
...
Expose new certificate field hasPrivateKey
2019-06-25 09:40:27 -07:00
Curtis
8fbff00850
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:29:06 -07:00
Hossein Shafagh
404b7a25bc
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:27:08 -07:00
alwaysjolley
86a1fb41ac
lint fix
2019-06-25 06:56:37 -04:00
alwaysjolley
55a96ba790
type none
2019-06-24 15:10:10 -04:00
alwaysjolley
6699833297
fixing empty chain
2019-06-24 13:10:08 -04:00
Marti Raudsepp
2319858586
Expose new certificate field hasPrivateKey
...
We can also now disable the 'private key' tab when cert doesn't have a
private key.
2019-06-22 15:38:28 +03:00
Danny Thomas
4565bd7dc6
Update SAN text
2019-06-21 13:33:55 -07:00
Kush Bavishi
960064d5c6
Color change for Show Expired button
2019-06-21 11:32:16 -07:00
Hossein Shafagh
23caac5576
Merge branch 'master' into temp-ExpiredToggle-3
2019-06-21 08:59:53 -07:00
Hossein Shafagh
39d65db7fd
Merge branch 'master' into generalizing-api
2019-06-20 16:13:04 -07:00
Hossein Shafagh
162a300e53
Merge branch 'master' into temp-ExpiredToggle-3
2019-06-20 16:12:55 -07:00
Hossein Shafagh
34cdd29a50
removing the rotation enabled requirement, to keep the endpoint generic
2019-06-20 16:06:26 -07:00
Kush Bavishi
de0462e54f
Added missing semi-colon and changed double quotes to single quotes
2019-06-20 15:41:32 -07:00
Kush Bavishi
68815b8f44
UI changes - Button to show / hide expired certs.
2019-06-20 15:05:26 -07:00
alwaysjolley
bbf50cf0b0
updated dest as well as src
2019-06-20 08:26:32 -04:00
alwaysjolley
02719a1de7
Merge branch 'master' into vault_regex
...
fixed conflicts:
lemur/plugins/lemur_vault_dest/plugin.py
2019-06-19 09:53:08 -04:00
alwaysjolley
56917614a2
fixing regex to be more flexable
2019-06-19 09:46:44 -04:00
Marti Raudsepp
8a08edb0f3
manage.py: Restore shebang line
...
This is an executable file but cannot be executed without the interpreter.
The shebang line was lost in commit 8cbc6b8325
2019-06-18 10:51:11 +03:00
Kush Bavishi
f836c6fff6
API additions for viewing expired certs as well. Default behavior modified to show only valid certs and those which have expired less than 1 month ago.
2019-06-17 14:29:48 -07:00
Kush Bavishi
c0f8fbb24f
Modified Permalink behavior to access a newer, faster API
2019-06-11 15:53:47 -07:00
Kush Bavishi
57016f2f45
Merge branch 'master' of https://github.com/Netflix/lemur into FasterPermalink
2019-06-11 14:33:58 -07:00
Kush Bavishi
491d048948
Modified the behavior of Permalink to access a newer, faster API
2019-06-10 09:47:29 -07:00
Curtis
0446aea20e
Update messaging.py
2019-06-06 13:35:45 -07:00
Hossein Shafagh
1ed41d03ea
Merge branch 'master' into duplicate-notifications-(alternative)
2019-06-06 09:10:57 -07:00
Hossein Shafagh
28e26a1baf
to prevent duplicate emails, we might better remove owner and security email address from the notification recipient
2019-06-05 17:57:11 -07:00
Kush Bavishi
45231c2423
Added code to automatically add the common name as a DNS name while creating a certificate.
2019-05-31 14:08:28 -07:00
Curtis
7eb9c80fb2
Merge pull request #2798 from castrapel/domains_enhancements
...
Enhance domains query and sensitive domain checking code
2019-05-30 10:31:24 -07:00
Curtis Castrapel
8b821d0023
Enhance domains query and sensitive domain checking code; Allow creation of opt-out roles via config
2019-05-30 10:21:44 -07:00
Hossein Shafagh
071c083eae
hiding expired certs after 6 months from the main page
2019-05-30 10:21:03 -07:00
Hossein Shafagh
b4d9ab9f0c
Merge branch 'master' of github.com:Netflix/lemur into improving-cert-lookup-time
2019-05-30 08:55:49 -07:00
Hossein Shafagh
13d46ae42e
indexing the not after field in the cert table
2019-05-30 08:55:30 -07:00
Curtis
8bc23f6deb
Merge pull request #2797 from castrapel/get_or_increase_name_simplify
...
Make get_or_increase_name queries less demanding
2019-05-29 12:50:06 -07:00
Curtis
6e4306b3bb
Merge pull request #2795 from ardichoke/fix_vault_api_v2_append
...
Fix Certificate Appending With v2 Vault API
2019-05-29 12:49:36 -07:00
Curtis Castrapel
5e389f3f48
Add certificate1 to test DB
2019-05-29 12:38:17 -07:00
Curtis Castrapel
f81adb1371
Make get_or_increase_name queries less demanding
2019-05-29 12:20:05 -07:00
Curtis Castrapel
fd35a26955
Support read replicas
2019-05-28 12:45:39 -07:00
Ryan DeShone
09c7076e79
Handle double data field in API v2
2019-05-22 17:12:10 -04:00
Curtis Castrapel
1423ac0d98
More metrics
2019-05-21 12:55:33 -07:00
Curtis Castrapel
34c7e5230b
Set a limit on number of retries
2019-05-21 12:52:41 -07:00
Curtis Castrapel
4fac726cf4
Add support for JSON logging
2019-05-17 08:48:26 -07:00
Curtis Castrapel
0320c04be2
nosec comment
2019-05-16 08:14:46 -07:00
Curtis Castrapel
68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
Curtis Castrapel
e3c5490d25
Expose exact response from digicert as error
2019-05-15 13:36:40 -07:00
Curtis Castrapel
26d10e8b98
change ordering in more places
2019-05-15 11:47:53 -07:00
Curtis Castrapel
7e92edc70a
Set resolved cert ID before resolving cert; Ignore sentry exceptions when no records on deletion
2019-05-15 11:43:59 -07:00
Curtis
6eb3836abc
Merge branch 'master' into fast-valid-cert-lookup
2019-05-15 10:20:17 -07:00
Curtis Castrapel
5d8f71c3e4
nt
2019-05-14 13:02:24 -07:00
Curtis Castrapel
565142f985
Add soft timeouts to celery jobs; Check for PEM in LE order
2019-05-14 12:52:30 -07:00
Hossein Shafagh
f452a7ce68
adding a new API for faster certificate lookup.
...
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:
cn is a required parameter:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):
http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:
http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
2019-05-11 18:06:51 -07:00
Curtis Castrapel
ed18df22db
remove permalink change
2019-05-09 14:54:44 -07:00
Curtis Castrapel
e33a103ca1
Allow searching for certificates by name via API
2019-05-09 14:36:56 -07:00
Curtis
c9c782684d
Merge branch 'master' into add_metrics_reissue_rotate
2019-05-08 07:48:44 -07:00
Curtis Castrapel
87470602fd
Gather more metrics on certificate reissue/rotate jobs
2019-05-08 07:48:08 -07:00
Curtis
317c84800c
Merge branch 'master' into jwks_validation_error_control
2019-05-08 06:50:56 -07:00
Curtis Castrapel
0eacbd42d7
Converting userinfo authorization to a config var
2019-05-07 15:31:42 -07:00
Jose Plana
4e6e7edf27
Rename return variable for better readability
2019-05-07 22:53:01 +02:00
Hossein Shafagh
b7ce9ab901
Merge branch 'master' into jwks_validation_error_control
2019-05-07 13:09:02 -07:00
Hossein Shafagh
ff583981b1
Merge branch 'master' into aid_openid_roles_provider_integration
2019-05-07 09:06:02 -07:00
Hossein Shafagh
e58ff476c9
Merge branch 'master' into jwks_validation_error_control
2019-05-07 09:05:41 -07:00
Curtis
22caaa0c95
Merge branch 'master' into fix_userinfo_authorization
2019-05-07 07:48:47 -07:00
Curtis
e65154b48e
Merge branch 'master' into develop
2019-05-07 07:36:51 -07:00
alwaysjolley
ef7a8587fe
Merge branch 'lemur_vault_source' of github.com:/alwaysjolley/lemur into lemur_vault_source
2019-05-07 10:06:09 -04:00
alwaysjolley
b0c8901b0a
lint cleanup
2019-05-07 10:05:01 -04:00
alwaysjolley
36ce1cc7ef
Merge branch 'master' into lemur_vault_source
2019-05-07 09:41:50 -04:00
alwaysjolley
fb3f0bd72a
adding Vault Source plugin
2019-05-07 09:37:30 -04:00
Daniel Iancu
a7af3cf8d2
Fix Cloudflare DNS
2019-05-07 03:05:24 +03:00
Jose Plana
deed1b9685
Don't fail if googleGroups is not found in user profile
2019-05-06 12:30:25 +02:00
Jose Plana
6c99e76c9a
Better error management in jwks token validation
2019-05-06 12:27:43 +02:00
Jose Plana
2063baefc9
Fixes userinfo using Bearer token
2019-05-06 12:23:24 +02:00
Curtis Castrapel
3a1da72419
nt
2019-04-29 13:57:04 -07:00
Curtis Castrapel
6e3f394cff
Updated requirements ; Revert change and require DNS validation by provider
2019-04-29 13:55:26 -07:00
Curtis Castrapel
1a90e71884
Move ACME host validation logic prior to R53 host modification
2019-04-26 17:27:44 -07:00
Curtis Castrapel
333ba8030a
Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname
2019-04-26 15:45:04 -07:00
Curtis Castrapel
1a3ba46873
More retry changes
2019-04-26 10:18:54 -07:00
Curtis Castrapel
1e64851d79
Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries
2019-04-26 10:16:18 -07:00
Curtis
8eef95b58e
Merge branch 'master' into expose_verisign_exception
2019-04-25 19:15:55 -07:00
Curtis Castrapel
dcdfb32883
Expose verisign exceptions
2019-04-25 19:14:15 -07:00
Curtis Castrapel
39584f214b
Process DNS Challenges appropriately (1 challenge -> 1 domain)
2019-04-25 15:12:52 -07:00
Curtis Castrapel
2bc604e5a9
Better metrics and error reporting
2019-04-25 13:50:41 -07:00
Curtis Castrapel
272285f64a
Better exception handling, logging, and metrics for ACME flow
2019-04-24 15:26:23 -07:00
Curtis
0f9b0f39f7
Merge branch 'master' into add-pending-certificate-upload
2019-04-24 09:34:35 -07:00
alwaysjolley
a801112cf6
Merge branch 'master' into lemur_vault_plugin
2019-04-23 07:07:39 -04:00
alwaysjolley
85efb6a99e
cleanup tmp files
2019-04-23 07:06:52 -04:00
Hossein Shafagh
9b38761153
Merge branch 'master' into add-pending-certificate-upload
2019-04-22 11:47:02 -07:00
alwaysjolley
f9dadb2670
fixing validation
2019-04-22 09:38:44 -04:00
alwaysjolley
8dccaaf544
simpler validation
2019-04-22 07:58:01 -04:00
alwaysjolley
1667c05742
removed unused functions
2019-04-18 13:57:10 -04:00
alwaysjolley
b39e2e3f66
Merge branch 'master' into lemur_vault_plugin
2019-04-18 13:55:45 -04:00
alwaysjolley
fb3b0e8cd7
adding regex filtering
2019-04-18 13:52:40 -04:00
Jose Plana
7dd9268ca7
Allow uploading a signed cert for a pending certificate.
2019-04-18 00:46:39 +02:00
Curtis
8177e12f3f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:43:44 -07:00
Hossein Shafagh
52f939658f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:31:58 -07:00
Curtis
f6afcc6d21
Merge branch 'master' into master
2019-04-17 10:28:46 -07:00
Javier Ramos
58dd424de8
Prevent potential NoneType not subscriptable
...
Fix when data['extensions']['subAltNames']['names'] is none
2019-04-17 18:33:52 +02:00
Jose Plana
771f2ebc47
Use SAN_CERT_CSR
2019-04-13 11:01:36 +02:00
Jose Plana
770729a72e
Allow csr to be empty during upload
2019-04-13 01:17:12 +02:00
Hossein Shafagh
2ff811ae71
updating cryptography API call, to create right signing algorithm object.
2019-04-13 00:57:48 +02:00
Hossein Shafagh
09796cf7c9
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-04-13 00:57:48 +02:00
Jose Plana
406753fcde
Fix PEP8
2019-04-13 00:49:35 +02:00
Jose Plana
a5570d07bc
Added some documentation for API users.
2019-04-13 00:48:19 +02:00
Jose Plana
c1b02cc8a5
Allow uploading csr along with certificates
2019-04-13 00:48:19 +02:00
Hossein Shafagh
df8d4e0892
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-12 09:38:50 -07:00
Hossein Shafagh
ceb335f3ab
Merge branch 'master' into master
2019-04-12 09:38:41 -07:00
alwaysjolley
9ecc19c481
adding san filter
2019-04-12 09:53:06 -04:00
Hossein Shafagh
6d67ec7e34
removing unused import
2019-04-11 17:34:02 -07:00
Hossein Shafagh
512e1a0bdd
fixing typos
2019-04-11 17:17:28 -07:00
Hossein Shafagh
6ec84a398c
checking for None
2019-04-11 17:13:47 -07:00
Hossein Shafagh
69c00c4db5
upon creating a new destination, we also add it as source, if the plugin defines this as an option
2019-04-11 17:13:47 -07:00
Hossein Shafagh
d7abf2ec18
adding a new util method for setting options
2019-04-11 17:13:47 -07:00
Hossein Shafagh
557fac39b5
refactoring the sync job into a service method that we can also call when adding a new destination
2019-04-11 17:13:47 -07:00
Hossein Shafagh
d1ead4b79c
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
5900828051
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
818da6653d
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
e1a67e9b4e
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
84dfdd0600
removing the announcement
2019-04-11 17:13:47 -07:00