7e92edc70a
Set resolved cert ID before resolving cert; Ignore sentry exceptions when no records on deletion
2019-05-15 11:43:59 -07:00
6eb3836abc
Merge branch 'master' into fast-valid-cert-lookup
2019-05-15 10:20:17 -07:00
5d8f71c3e4
nt
2019-05-14 13:02:24 -07:00
565142f985
Add soft timeouts to celery jobs; Check for PEM in LE order
2019-05-14 12:52:30 -07:00
f452a7ce68
adding a new API for faster certificate lookup.
...
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:
cn is a required parameter:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):
http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:
http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
2019-05-11 18:06:51 -07:00
df8d4e0892
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-12 09:38:50 -07:00
6d67ec7e34
removing unused import
2019-04-11 17:34:02 -07:00
512e1a0bdd
fixing typos
2019-04-11 17:17:28 -07:00
557fac39b5
refactoring the sync job into a service method that we can also call when adding a new destination
2019-04-11 17:13:47 -07:00
2459234147
removing lines
2019-04-11 14:34:26 -07:00
ec3d2d7316
fixing typo
2019-04-11 13:51:43 -07:00
266c83367d
avoiding hard-coded plugin names
2019-04-11 13:29:37 -07:00
d628e97035
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-10 09:47:06 -07:00
f3d0536800
removing hardcoded rules, to give more flexibility into defining new source-destinations
2019-04-09 20:49:07 -07:00
dbf34a4d48
Rewrite Java Keystore/Truststore support based on pyjks library
2019-04-06 20:24:46 +03:00
c445297357
Update celery.py
2019-03-12 15:41:24 -07:00
f38e5b0879
Update celery.py
2019-03-12 15:29:04 -07:00
1a5a91ccc7
Update celery.py
2019-03-12 15:11:13 -07:00
3b3faa66f4
Merge branch 'master' into skip_duplicate_tasks
2019-03-12 14:53:42 -07:00
d220e9326c
Skip a task if similar task already active
2019-03-12 14:45:43 -07:00
10cec063c2
Check that stored certificate chain matches certificate
...
Similar to how the private key is checked.
2019-03-04 17:10:59 +02:00
658c58e4b6
clarifying comments
2019-02-26 17:04:43 -08:00
9dbae39604
updating cryptography API call, to create right signing algorithm object.
2019-02-26 16:42:26 -08:00
40fac02d8b
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-02-25 19:05:54 -08:00
605663704b
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-02-05 12:41:33 -08:00
6d1ef933c4
creating a new celery task to sync sources with destinations. This is as a measure to make sure important new destinations are also present as sources.
2019-02-05 10:48:52 -08:00
51248c1938
Use special issuer values <selfsigned> and <unknown> in special cases
...
This way it's easy to find/distinguish selfsigned certificates stored in
Lemur.
2019-02-05 16:56:09 +02:00
e24a94d798
Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes
...
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
2019-01-30 18:11:24 +02:00
48ad20faca
moving the 2 year validity issue to the Verisign plugin, and address it there
2019-01-29 16:17:08 -08:00
a9724e7383
Resolving the 2 years error from UI during cert creation:
...
Though a CA would accept two year validity, we were getting error for being beyond 2 years.
This is because our current conversion is just current date plus 2 years,
1/25/2019 + 2 years ==> 1/25/2019
This is more strictly seen two years and 1 day extra, violating the 2 year's limit.
2019-01-24 17:23:40 -08:00
3567a768d5
Compare certificate hashes to determine if Lemur already has a synced certificate
2019-01-14 13:35:55 -08:00
542e953919
Check that stored private keys match certificates
...
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
even when issuer plugins or other code paths have bugs.
2018-12-31 16:28:20 +02:00
72f6fdb17d
Properly handle Unicode in issuer name sanitization
...
If the point of sanitization is to get rid of all non-alphanumeric
characters then Unicode characters should probably be forbidden too.
We can re-use the same sanitization function as used for cert 'name'
2018-12-21 16:34:12 +02:00
e0ac749734
When parsing SAN's, ignore unknown san_types, because in some cases they can contain unparsable/serializable values, resulting in a TypeError(repr(o) + " is not JSON serializable")
2018-12-06 16:47:53 +01:00
a90154e0ae
LetsEncrypt Celery Flow
2018-11-29 09:29:05 -08:00
e074a14ee9
unit test
2018-11-28 14:27:03 -08:00
a7a05e26bc
Do not re-use CSR during certificate reissuance; Update requirement; Add more logging to celery handler
2018-11-12 09:52:11 -08:00
6f0005c78e
Avoid colliding LetsEncrypt jobs
2018-11-09 10:31:27 -08:00
52e773230d
Add new gin index to optimize ILIKE queries
2018-11-05 10:29:11 -08:00
50761d9d3b
safer reissue, fix celery sync job
2018-10-29 13:22:50 -07:00
56ed416cb7
Celery task for sync job
2018-10-29 09:10:43 -07:00
b709eed3c3
Only resolve pending cert if not attempted in last 5 min
2018-10-23 13:08:43 -07:00
73ed5164cd
deps
2018-10-22 14:51:13 -07:00
a912c3488d
python fix to retrigger tests
2018-10-12 07:25:58 -07:00
13ef965666
nit: comments
2018-10-12 05:56:14 -07:00
6073f9e7b6
datetime ref fix
2018-10-12 05:51:30 -07:00
4b3d458dba
Celery task to delete old pending certs
2018-10-12 05:47:16 -07:00
cc18a68c00
Lemur LetsEncrypt Polling Support
2018-10-11 22:01:05 -07:00
563f0fb9b2
Celery refactoring, celery beat job in configuration
2018-09-17 10:52:12 -07:00
23382b2777
Celery integration
2018-09-13 10:35:54 -07:00
