alwaysjolley
02719a1de7
Merge branch 'master' into vault_regex
...
fixed conflicts:
lemur/plugins/lemur_vault_dest/plugin.py
2019-06-19 09:53:08 -04:00
alwaysjolley
56917614a2
fixing regex to be more flexable
2019-06-19 09:46:44 -04:00
Marti Raudsepp
8a08edb0f3
manage.py: Restore shebang line
...
This is an executable file but cannot be executed without the interpreter.
The shebang line was lost in commit 8cbc6b8325
2019-06-18 10:51:11 +03:00
Kush Bavishi
f836c6fff6
API additions for viewing expired certs as well. Default behavior modified to show only valid certs and those which have expired less than 1 month ago.
2019-06-17 14:29:48 -07:00
Kush Bavishi
c0f8fbb24f
Modified Permalink behavior to access a newer, faster API
2019-06-11 15:53:47 -07:00
Kush Bavishi
57016f2f45
Merge branch 'master' of https://github.com/Netflix/lemur into FasterPermalink
2019-06-11 14:33:58 -07:00
Kush Bavishi
491d048948
Modified the behavior of Permalink to access a newer, faster API
2019-06-10 09:47:29 -07:00
Curtis
0446aea20e
Update messaging.py
2019-06-06 13:35:45 -07:00
Hossein Shafagh
1ed41d03ea
Merge branch 'master' into duplicate-notifications-(alternative)
2019-06-06 09:10:57 -07:00
Hossein Shafagh
28e26a1baf
to prevent duplicate emails, we might better remove owner and security email address from the notification recipient
2019-06-05 17:57:11 -07:00
Kush Bavishi
45231c2423
Added code to automatically add the common name as a DNS name while creating a certificate.
2019-05-31 14:08:28 -07:00
Curtis
7eb9c80fb2
Merge pull request #2798 from castrapel/domains_enhancements
...
Enhance domains query and sensitive domain checking code
2019-05-30 10:31:24 -07:00
Curtis Castrapel
8b821d0023
Enhance domains query and sensitive domain checking code; Allow creation of opt-out roles via config
2019-05-30 10:21:44 -07:00
Hossein Shafagh
071c083eae
hiding expired certs after 6 months from the main page
2019-05-30 10:21:03 -07:00
Hossein Shafagh
b4d9ab9f0c
Merge branch 'master' of github.com:Netflix/lemur into improving-cert-lookup-time
2019-05-30 08:55:49 -07:00
Hossein Shafagh
13d46ae42e
indexing the not after field in the cert table
2019-05-30 08:55:30 -07:00
Curtis
8bc23f6deb
Merge pull request #2797 from castrapel/get_or_increase_name_simplify
...
Make get_or_increase_name queries less demanding
2019-05-29 12:50:06 -07:00
Curtis
6e4306b3bb
Merge pull request #2795 from ardichoke/fix_vault_api_v2_append
...
Fix Certificate Appending With v2 Vault API
2019-05-29 12:49:36 -07:00
Curtis Castrapel
5e389f3f48
Add certificate1 to test DB
2019-05-29 12:38:17 -07:00
Curtis Castrapel
f81adb1371
Make get_or_increase_name queries less demanding
2019-05-29 12:20:05 -07:00
Curtis Castrapel
fd35a26955
Support read replicas
2019-05-28 12:45:39 -07:00
Ryan DeShone
09c7076e79
Handle double data field in API v2
2019-05-22 17:12:10 -04:00
Curtis Castrapel
1423ac0d98
More metrics
2019-05-21 12:55:33 -07:00
Curtis Castrapel
34c7e5230b
Set a limit on number of retries
2019-05-21 12:52:41 -07:00
Curtis Castrapel
4fac726cf4
Add support for JSON logging
2019-05-17 08:48:26 -07:00
Curtis Castrapel
0320c04be2
nosec comment
2019-05-16 08:14:46 -07:00
Curtis Castrapel
68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
Curtis Castrapel
e3c5490d25
Expose exact response from digicert as error
2019-05-15 13:36:40 -07:00
Curtis Castrapel
26d10e8b98
change ordering in more places
2019-05-15 11:47:53 -07:00
Curtis Castrapel
7e92edc70a
Set resolved cert ID before resolving cert; Ignore sentry exceptions when no records on deletion
2019-05-15 11:43:59 -07:00
Curtis
6eb3836abc
Merge branch 'master' into fast-valid-cert-lookup
2019-05-15 10:20:17 -07:00
Curtis Castrapel
5d8f71c3e4
nt
2019-05-14 13:02:24 -07:00
Curtis Castrapel
565142f985
Add soft timeouts to celery jobs; Check for PEM in LE order
2019-05-14 12:52:30 -07:00
Hossein Shafagh
f452a7ce68
adding a new API for faster certificate lookup.
...
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:
cn is a required parameter:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):
http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:
http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
2019-05-11 18:06:51 -07:00
Curtis Castrapel
ed18df22db
remove permalink change
2019-05-09 14:54:44 -07:00
Curtis Castrapel
e33a103ca1
Allow searching for certificates by name via API
2019-05-09 14:36:56 -07:00
Curtis
c9c782684d
Merge branch 'master' into add_metrics_reissue_rotate
2019-05-08 07:48:44 -07:00
Curtis Castrapel
87470602fd
Gather more metrics on certificate reissue/rotate jobs
2019-05-08 07:48:08 -07:00
Curtis
317c84800c
Merge branch 'master' into jwks_validation_error_control
2019-05-08 06:50:56 -07:00
Curtis Castrapel
0eacbd42d7
Converting userinfo authorization to a config var
2019-05-07 15:31:42 -07:00
Jose Plana
4e6e7edf27
Rename return variable for better readability
2019-05-07 22:53:01 +02:00
Hossein Shafagh
b7ce9ab901
Merge branch 'master' into jwks_validation_error_control
2019-05-07 13:09:02 -07:00
Hossein Shafagh
ff583981b1
Merge branch 'master' into aid_openid_roles_provider_integration
2019-05-07 09:06:02 -07:00
Hossein Shafagh
e58ff476c9
Merge branch 'master' into jwks_validation_error_control
2019-05-07 09:05:41 -07:00
Curtis
22caaa0c95
Merge branch 'master' into fix_userinfo_authorization
2019-05-07 07:48:47 -07:00
Curtis
e65154b48e
Merge branch 'master' into develop
2019-05-07 07:36:51 -07:00
alwaysjolley
ef7a8587fe
Merge branch 'lemur_vault_source' of github.com:/alwaysjolley/lemur into lemur_vault_source
2019-05-07 10:06:09 -04:00
alwaysjolley
b0c8901b0a
lint cleanup
2019-05-07 10:05:01 -04:00
alwaysjolley
36ce1cc7ef
Merge branch 'master' into lemur_vault_source
2019-05-07 09:41:50 -04:00
alwaysjolley
fb3f0bd72a
adding Vault Source plugin
2019-05-07 09:37:30 -04:00
Daniel Iancu
a7af3cf8d2
Fix Cloudflare DNS
2019-05-07 03:05:24 +03:00
Jose Plana
deed1b9685
Don't fail if googleGroups is not found in user profile
2019-05-06 12:30:25 +02:00
Jose Plana
6c99e76c9a
Better error management in jwks token validation
2019-05-06 12:27:43 +02:00
Jose Plana
2063baefc9
Fixes userinfo using Bearer token
2019-05-06 12:23:24 +02:00
Curtis Castrapel
3a1da72419
nt
2019-04-29 13:57:04 -07:00
Curtis Castrapel
6e3f394cff
Updated requirements ; Revert change and require DNS validation by provider
2019-04-29 13:55:26 -07:00
Curtis Castrapel
1a90e71884
Move ACME host validation logic prior to R53 host modification
2019-04-26 17:27:44 -07:00
Curtis Castrapel
333ba8030a
Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname
2019-04-26 15:45:04 -07:00
Curtis Castrapel
1a3ba46873
More retry changes
2019-04-26 10:18:54 -07:00
Curtis Castrapel
1e64851d79
Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries
2019-04-26 10:16:18 -07:00
Curtis
8eef95b58e
Merge branch 'master' into expose_verisign_exception
2019-04-25 19:15:55 -07:00
Curtis Castrapel
dcdfb32883
Expose verisign exceptions
2019-04-25 19:14:15 -07:00
Curtis Castrapel
39584f214b
Process DNS Challenges appropriately (1 challenge -> 1 domain)
2019-04-25 15:12:52 -07:00
Curtis Castrapel
2bc604e5a9
Better metrics and error reporting
2019-04-25 13:50:41 -07:00
Curtis Castrapel
272285f64a
Better exception handling, logging, and metrics for ACME flow
2019-04-24 15:26:23 -07:00
Curtis
0f9b0f39f7
Merge branch 'master' into add-pending-certificate-upload
2019-04-24 09:34:35 -07:00
alwaysjolley
a801112cf6
Merge branch 'master' into lemur_vault_plugin
2019-04-23 07:07:39 -04:00
alwaysjolley
85efb6a99e
cleanup tmp files
2019-04-23 07:06:52 -04:00
Hossein Shafagh
9b38761153
Merge branch 'master' into add-pending-certificate-upload
2019-04-22 11:47:02 -07:00
alwaysjolley
f9dadb2670
fixing validation
2019-04-22 09:38:44 -04:00
alwaysjolley
8dccaaf544
simpler validation
2019-04-22 07:58:01 -04:00
alwaysjolley
1667c05742
removed unused functions
2019-04-18 13:57:10 -04:00
alwaysjolley
b39e2e3f66
Merge branch 'master' into lemur_vault_plugin
2019-04-18 13:55:45 -04:00
alwaysjolley
fb3b0e8cd7
adding regex filtering
2019-04-18 13:52:40 -04:00
Jose Plana
7dd9268ca7
Allow uploading a signed cert for a pending certificate.
2019-04-18 00:46:39 +02:00
Curtis
8177e12f3f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:43:44 -07:00
Hossein Shafagh
52f939658f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:31:58 -07:00
Curtis
f6afcc6d21
Merge branch 'master' into master
2019-04-17 10:28:46 -07:00
Javier Ramos
58dd424de8
Prevent potential NoneType not subscriptable
...
Fix when data['extensions']['subAltNames']['names'] is none
2019-04-17 18:33:52 +02:00
Jose Plana
771f2ebc47
Use SAN_CERT_CSR
2019-04-13 11:01:36 +02:00
Jose Plana
770729a72e
Allow csr to be empty during upload
2019-04-13 01:17:12 +02:00
Hossein Shafagh
2ff811ae71
updating cryptography API call, to create right signing algorithm object.
2019-04-13 00:57:48 +02:00
Hossein Shafagh
09796cf7c9
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-04-13 00:57:48 +02:00
Jose Plana
406753fcde
Fix PEP8
2019-04-13 00:49:35 +02:00
Jose Plana
a5570d07bc
Added some documentation for API users.
2019-04-13 00:48:19 +02:00
Jose Plana
c1b02cc8a5
Allow uploading csr along with certificates
2019-04-13 00:48:19 +02:00
Hossein Shafagh
df8d4e0892
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-12 09:38:50 -07:00
Hossein Shafagh
ceb335f3ab
Merge branch 'master' into master
2019-04-12 09:38:41 -07:00
alwaysjolley
9ecc19c481
adding san filter
2019-04-12 09:53:06 -04:00
Hossein Shafagh
6d67ec7e34
removing unused import
2019-04-11 17:34:02 -07:00
Hossein Shafagh
512e1a0bdd
fixing typos
2019-04-11 17:17:28 -07:00
Hossein Shafagh
6ec84a398c
checking for None
2019-04-11 17:13:47 -07:00
Hossein Shafagh
69c00c4db5
upon creating a new destination, we also add it as source, if the plugin defines this as an option
2019-04-11 17:13:47 -07:00
Hossein Shafagh
d7abf2ec18
adding a new util method for setting options
2019-04-11 17:13:47 -07:00
Hossein Shafagh
557fac39b5
refactoring the sync job into a service method that we can also call when adding a new destination
2019-04-11 17:13:47 -07:00
Hossein Shafagh
d1ead4b79c
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
5900828051
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
818da6653d
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
e1a67e9b4e
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
84dfdd0600
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
ba691a26d4
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
b66fac0494
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
1bda246df2
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
9a210c055a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-11 15:36:48 -07:00
Hossein Shafagh
2459234147
removing lines
2019-04-11 14:34:26 -07:00
Hossein Shafagh
60edab9f6d
cleaning up
2019-04-11 14:12:31 -07:00
Hossein Shafagh
ec3d2d7316
fixing typo
2019-04-11 13:51:43 -07:00
Hossein Shafagh
83d408b238
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-11 13:30:12 -07:00
Hossein Shafagh
266c83367d
avoiding hard-coded plugin names
2019-04-11 13:29:37 -07:00
Hossein Shafagh
f185df4f1e
bringing class AWSDestinationPlugin(DestinationPlugin) after AWSSourcePlugin.slug, such that we can do: sync_as_source_name = AWSSourcePlugin.slug
2019-04-11 13:28:58 -07:00
Curtis Castrapel
2ff57e932c
Update requirements - upgrade to py37
2019-04-10 15:40:48 -07:00
Hossein Shafagh
d628e97035
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-10 09:47:06 -07:00
Hossein Shafagh
bc8c7e114a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-09 20:52:33 -07:00
Hossein Shafagh
f3d0536800
removing hardcoded rules, to give more flexibility into defining new source-destinations
2019-04-09 20:49:07 -07:00
Javier Ramos
bfc4f940da
Merge branch 'master' into master
2019-04-09 18:06:09 +02:00
Hossein Shafagh
64c6bb2475
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-09 08:28:05 -07:00
Marti Raudsepp
dbf34a4d48
Rewrite Java Keystore/Truststore support based on pyjks library
2019-04-06 20:24:46 +03:00
Javier Ramos
d80a6bb405
Added tests for CSR parsing into CertificateInputSchema
2019-04-01 08:44:40 +02:00
Ryan DeShone
e10007ef7b
Add support for Vault KV API v2
...
This adds the ability to target KV API v1 or v2.
2019-03-29 10:32:49 -04:00
Javier Ramos
b86e381e20
Parse SubjectAlternativeNames from CSR into Lemur Certificate
2019-03-27 13:46:33 +01:00
Hossein Shafagh
d2e969b836
better synching of source and destinations
2019-03-26 18:20:14 -07:00
Curtis
4018c68d49
Merge branch 'master' into authority_validation_LE_errors
2019-03-25 08:34:10 -07:00
Curtis Castrapel
c2158ff8fb
Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs
2019-03-25 08:28:23 -07:00
Curtis
8a42cfa345
Merge branch 'master' into ghjaramos/master
2019-03-21 08:07:44 -07:00
alwaysjolley
fa4a5122bc
fixing file read to trim line endings and cleanup
2019-03-20 14:59:04 -04:00
alwaysjolley
f99b11d50e
refactor url and token to support muiltiple instances of vault
2019-03-20 13:51:06 -04:00
Javier Ramos
9e5496b484
Update schemas.py
2019-03-15 10:19:25 +01:00
Javier Ramos
f7452e8379
Parse DNSNames from CSR into Lemur Certificate
2019-03-15 09:29:23 +01:00
alwaysjolley
157db684c3
Merge branch 'master' into lemur_vault_plugin
2019-03-14 11:09:01 -04:00
Curtis
c445297357
Update celery.py
2019-03-12 15:41:24 -07:00
Curtis
f38e5b0879
Update celery.py
2019-03-12 15:29:04 -07:00
Curtis
1a5a91ccc7
Update celery.py
2019-03-12 15:11:13 -07:00
Curtis
3b3faa66f4
Merge branch 'master' into skip_duplicate_tasks
2019-03-12 14:53:42 -07:00
Curtis Castrapel
d220e9326c
Skip a task if similar task already active
2019-03-12 14:45:43 -07:00
alwaysjolley
57d3f3d5a5
Merge branch 'master' into lemur_vault_plugin
2019-03-08 07:08:56 -05:00
alwaysjolley
f1c09a6f8f
fixed comments
2019-03-07 15:58:34 -05:00
Hossein Shafagh
93ce259fb2
Merge branch 'master' into verify-cert-chain
2019-03-07 12:46:19 -08:00
alwaysjolley
7b0a3cf781
Merge branch 'lemur_vault_plugin' of github.com:/alwaysjolley/lemur into lemur_vault_plugin
2019-03-07 15:42:40 -05:00
alwaysjolley
752c9a086b
fixing error handling and better data formating
2019-03-07 15:41:29 -05:00
Hossein Shafagh
92b60b279a
Merge branch 'master' into verify-cert-chain
2019-03-06 11:15:32 -08:00
Hossein Shafagh
43b1d6217a
Merge branch 'master' into allow-cert-deletion
2019-03-06 10:59:33 -08:00
Hossein Shafagh
98ece58342
Merge branch 'master' into lemur_vault_plugin
2019-03-06 10:59:03 -08:00
Hossein Shafagh
45cb0f0513
Merge branch 'master' into allow-cert-deletion
2019-03-06 09:35:10 -08:00
Kevin Glisson
cc6d53fdeb
Ensuring that configs passed via the command line are respected.
2019-03-05 15:39:37 -08:00
alwaysjolley
a1cb8ee266
fixing lint
2019-03-05 07:37:04 -05:00
alwaysjolley
880eaad6cb
Merge branch 'lemur_vault_plugin' of github.com:/alwaysjolley/lemur into lemur_vault_plugin
2019-03-05 07:22:18 -05:00
alwaysjolley
4a027797e0
fixing linting issues
2019-03-05 07:19:22 -05:00
Hossein Shafagh
54ad3ba777
Merge branch 'master' into verify-cert-chain
2019-03-04 17:55:36 -08:00
Hossein Shafagh
c9bcd29082
Merge branch 'master' into lemur_vault_plugin
2019-03-04 17:55:00 -08:00
Curtis Castrapel
dd2900bdbc
Relax search;update requirements
2019-03-04 10:04:06 -08:00
Marti Raudsepp
10cec063c2
Check that stored certificate chain matches certificate
...
Similar to how the private key is checked.
2019-03-04 17:10:59 +02:00
alwaysjolley
20518bc377
Merge branch 'master' into lemur_vault_plugin
2019-03-01 09:58:43 -05:00
alwaysjolley
5d2f603c84
renamed vault destination plugin to avoid conflict with vault pki plugin
2019-03-01 09:49:52 -05:00
Ronald Moesbergen
63de8047ce
Return 'already deleted' instead of 'not found' when cert has already been deleted
2019-02-27 09:38:25 +01:00
Ronald Moesbergen
a9735e129c
Merge branch 'master' into allow-cert-deletion
2019-02-27 09:28:48 +01:00
Hossein Shafagh
658c58e4b6
clarifying comments
2019-02-26 17:04:43 -08:00
Hossein Shafagh
9dbae39604
updating cryptography API call, to create right signing algorithm object.
2019-02-26 16:42:26 -08:00
Hossein Shafagh
16a18cc4b7
adding more edge test cases for EC-certs
2019-02-26 16:42:26 -08:00
Hossein Shafagh
aec7c7b0bc
Merge branch 'master' into fixing-signature-verify-ecc
2019-02-26 09:28:48 -08:00
alwaysjolley
53301728fa
Moved url to config file instead of plugin option. One one url can be supported
...
unless both the token and url are moved to the plugin options.
2019-02-26 09:15:12 -05:00
Hossein Shafagh
40fac02d8b
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-02-25 19:05:54 -08:00
alwaysjolley
cd65a36437
- support multiple bundle configuration, nginx, apache, cert only
...
- update vault destination to support multi cert under one object
- added san list as key value
- read and update object with new keys, keeping other keys, allowing
us to keep an iterable list of keys in an object for deploying multiple
certs to a single node
2019-02-25 09:42:07 -05:00
Ronald Moesbergen
ef0c08dfd9
Fix: when no alias is entered when exporting a certificate, the alias is set to 'blah'.
...
This fix sets it to the common name instead.
2019-02-21 16:33:43 +01:00
alwaysjolley
eaa73998a0
adding lemur_vault destination plugin
2019-02-19 15:03:15 -05:00
Ronald Moesbergen
29bda6c00d
Fix typo's
2019-02-14 11:58:29 +01:00
Ronald Moesbergen
8abf95063c
Implement a ALLOW_CERT_DELETION option (boolean, default False). When enabled, the certificate delete API call will work and the UI
...
will no longer display deleted certificates. When disabled (the default), the delete API call will not work (405 method not allowed)
and the UI will show all certificates, regardless of the 'deleted' flag.
2019-02-14 11:57:27 +01:00
Hossein Shafagh
e034771e36
Merge branch 'master' into special-issuer-for-selfsigned-certs
2019-02-11 12:04:33 -08:00
Hossein Shafagh
605663704b
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-02-05 12:41:33 -08:00
Hossein Shafagh
e139b92b24
Merge branch 'master' into hshafagh-src-dst-register
2019-02-05 12:41:26 -08:00
Hossein Shafagh
6d1ef933c4
creating a new celery task to sync sources with destinations. This is as a measure to make sure important new destinations are also present as sources.
2019-02-05 10:48:52 -08:00
Hossein Shafagh
2107d58050
Merge branch 'master' into get_by_attributes
2019-02-05 10:31:35 -08:00
Hossein Shafagh
8d261b4120
Merge branch 'master' into special-issuer-for-selfsigned-certs
2019-02-05 10:29:20 -08:00
Marti Raudsepp
51248c1938
Use special issuer values <selfsigned> and <unknown> in special cases
...
This way it's easy to find/distinguish selfsigned certificates stored in
Lemur.
2019-02-05 16:56:09 +02:00
Hossein Shafagh
1d2771b014
Merge branch 'master' into get_by_attributes
2019-02-04 21:07:09 -08:00
Hossein Shafagh
f249a82d71
renaming destination to source.
2019-02-04 16:10:48 -08:00
Hossein Shafagh
44a060b159
adding support for creating a source while creating a new dst, while the destination is from AWS
2019-02-04 15:36:39 -08:00
sirferl
c1cf8d7a92
Merge branch 'master' into ADCS-plugin
2019-02-02 19:21:22 +01:00
Hossein Shafagh
45fbaf159a
Merge branch 'master' into master
2019-02-01 16:50:09 -08:00
Hossein Shafagh
8e93d007be
Merge branch 'master' into get_by_attributes
2019-02-01 16:48:50 -08:00
Hossein Shafagh
6705a0e030
Merge branch 'master' into ADCS-plugin
2019-02-01 16:38:39 -08:00
sirferl
36ab1c0bec
Merge branch 'master' into ADCS-plugin
2019-02-01 19:10:46 +01:00
Marti Raudsepp
e24a94d798
Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes
...
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
2019-01-30 18:11:24 +02:00
Curtis
e475d90e2e
Merge branch 'master' into master
2019-01-30 07:20:44 -08:00
Hossein Shafagh
e5ddf08f48
Merge branch 'master' into master
2019-01-29 16:37:29 -08:00
Hossein Shafagh
7f4f4ffded
Merge branch 'master' into master
2019-01-29 16:30:15 -08:00
Hossein Shafagh
48ad20faca
moving the 2 year validity issue to the Verisign plugin, and address it there
2019-01-29 16:17:08 -08:00
Curtis
1e708bf1c7
Merge branch 'master' into password_noninteractive
2019-01-29 15:21:34 -08:00
Curtis Castrapel
d2317acfc5
allowing create_user with noninteractive PW;updating reqs
2019-01-29 15:17:40 -08:00
Curtis
29638c7f3b
Merge branch 'master' into master
2019-01-29 14:59:55 -08:00
Curtis
93021a5d89
Merge branch 'master' into expose-cert-distinguished-name
2019-01-29 14:56:31 -08:00
alwaysjolley
c68a9cf80a
fixing linting issues
2019-01-29 11:10:56 -05:00
alwaysjolley
254a3079f2
fix whitespace
2019-01-29 11:01:55 -05:00
alwaysjolley
b4d1b80e04
Adding support for cfssl auth mode signing
2019-01-29 10:13:44 -05:00
sirferl
c77ccdf46e
Merge branch 'master' into ADCS-plugin
2019-01-28 17:57:46 +01:00
Hossein Shafagh
c47fa0f9a2
adjusting the tests to reflect on the new full year convert limit!
2019-01-24 17:52:22 -08:00
Hossein Shafagh
a9724e7383
Resolving the 2 years error from UI during cert creation:
...
Though a CA would accept two year validity, we were getting error for being beyond 2 years.
This is because our current conversion is just current date plus 2 years,
1/25/2019 + 2 years ==> 1/25/2019
This is more strictly seen two years and 1 day extra, violating the 2 year's limit.
2019-01-24 17:23:40 -08:00
Marti Raudsepp
4b893ab5b4
Expose full certificate RFC 4514 Distinguished Name string
...
Using rfc4514_string() method added in cryptography version 2.5.
2019-01-23 10:03:40 +02:00
Ronald Moesbergen
4c4fbf3e48
Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted.
2019-01-21 10:25:28 +01:00
Ronald Moesbergen
cb35f19d6c
Add 'delete_cert' to enum log_type in logs table
2019-01-21 10:22:03 +01:00
Curtis Castrapel
0336d68ee2
Merge remote-tracking branch 'upstream/master'
2019-01-17 14:56:12 -08:00