Commit Graph

665 Commits

Author SHA1 Message Date
Marti Raudsepp
941df0366d Fix roles display on user screen and fix removing user roles () 2017-08-17 09:24:10 -07:00
Marti Raudsepp
7762d6ed52 Reworked sensitive domain name and restriction logic ()
* This is a fix for a potential security issue; the old code had edge
  cases with unexpected behavior.
* LEMUR_RESTRICTED_DOMAINS is no more, instead LEMUR_WHITELISTED_DOMAINS
  is a list of *allowed* domain name patterns. Per discussion in PR 
* Domain restrictions are now checked everywhere: in domain name-like
  CN (common name) values and SAN DNSNames, including raw CSR requests.
* Common name values that contain a space are exempt, since they cannot
  be valid domain names.
2017-08-16 19:24:49 -07:00
Marti Raudsepp
cf805f530f Prevent unintended access to sensitive fields (passwords, private keys) ()
Make sure that fields specified in filter, sortBy, etc. are model fields
and may be accessed. This is fixes a potential security issue.

The filter() function allowed guessing the content of password hashes
one character at a time.

The sort() function allowed the user to call an arbitrary method of an
arbitrary model attribute, for example sortBy=id&sortDir=distinct would
produce an unexpected error.
2017-08-16 09:38:42 -07:00
Rick Breidenstein
f5e120ad2e Update readme.txt () 2017-08-04 12:42:27 -07:00
kevgliss
f5082e2d3a Starting transition away from not_before and not_after. () 2017-07-14 09:24:59 -07:00
kevgliss
61c493fc91 Adding additional failure conditions to sentry tracking. ()
* Adding additional failure conditions to sentry tracking.

* Removing sentry extension as a circular import.
2017-07-13 14:49:04 -07:00
kevgliss
6779e19ac9 Adding enum migration. () 2017-07-13 13:12:53 -07:00
kevgliss
443eb43d1f Adding the ability to specify a per-certificate rotation policy. () 2017-07-12 16:46:11 -07:00
Paul Van de Vreede
53113e5eeb Add auditing for creating or updating a cert. () 2017-07-04 06:39:16 -07:00
kevgliss
169dcb86e2 supporting the ability to push exceptions to sentry () 2017-06-29 14:12:38 -07:00
Ian Stahnke
e4f5224f42 set ses email content type to utf-8 instead of string () 2017-06-28 09:44:19 -07:00
kevgliss
98907e66e9 Minor fixes to S3.put signature () 2017-06-27 16:18:34 -07:00
kevgliss
c05343d58e Adds the ability for destination plugins to be sub-classed from Expor… ()
* Adds the ability for destination plugins to be sub-classed from ExportDestination. These plugins have the extra option of specifying an export plugin before the destination receives the data. Closes .

* fixing tests
2017-06-26 12:03:24 -07:00
Paul Borg
541fbc9a6d Use named kwargs rather than args when calling s3 put () 2017-06-20 11:28:19 -07:00
Asbjørn Kjær
35cc7ef8d7 Adding support for private DigiCert certificates () 2017-06-14 09:20:24 -07:00
Asbjørn Kjær
e77382864b Fixing KeyError on error handling () 2017-06-14 09:07:27 -07:00
kevgliss
d4d6d832b1 Fixing audit filtering and sorting. () 2017-06-02 09:07:22 -07:00
kevgliss
9c92138f2d Fixing autorotation failures. ()
* Fixing issue with auto rotation failing due to a change in the way certificate data is serialized.
2017-06-02 08:59:42 -07:00
kevgliss
5a4806bc43 Allowing description to be optional. () 2017-06-01 17:09:04 -07:00
kevgliss
07969f7e10 Ensuring IPAddresses and IPNetworks are correctly serialized. () 2017-05-26 10:48:26 -07:00
Michael LoSapio
3141b47fba Catch OAuth providers that want the params sent as data () 2017-05-25 10:21:29 -07:00
kevgliss
21d48b32c9 Fixing an issue with uploading to cloudfront. () 2017-05-25 10:10:12 -07:00
kevgliss
11bd42af82 Correct status code for basic-auth ()
* ensuring those using basic auth recieve a correct status code when their password is incorrect

* Fixing oauth status codes
2017-05-23 09:48:31 -07:00
Paul Borg
f6b5012f56 Add Check of DB connections on healthcheck URL () 2017-05-22 17:15:41 -07:00
kevgliss
f9b388c658 Modifying the was s3 uploading works. ()
* Modiying the was s3 uploading works.

* Fixing pep8
2017-05-20 12:07:44 -07:00
kevgliss
4093f4669a Switching remaining uses of boto to boto3. () 2017-05-20 11:09:55 -07:00
kevgliss
9594f2cd8d Upgrading moto and fixing test that break due to deprecation. ()
* Upgrading moto and fixing test that break due to deprecation.

* Adding region.
2017-05-20 10:40:22 -07:00
kevgliss
380203eb53 Adding the ability to upload to cloudfront via the 'path' parameter. Cloudfront destinations must be created separately. ()
Closes 
2017-05-18 13:49:17 -07:00
kevgliss
307a73c752 Fixing some confusion between 401 vs 403 error code. 401 indicates that the user should attempt to authenticate again. Where as 403 indicates the user is authenticated but not allowed to complete an action. ()
Closes 
2017-05-18 13:20:17 -07:00
kevgliss
3050aca3e6 Minor fixes to the domains UI. ()
* Fixes checkbox input.

* Fixes notification message.
2017-05-15 19:14:12 -07:00
kevgliss
8c41c6785d Fixes issue where domains without any associated certificates are not searchable. () 2017-05-15 19:07:32 -07:00
kevgliss
092ce0f9d8 Closes . () 2017-05-15 19:07:16 -07:00
kevgliss
914de78576 Adds migration to fix keys on unique index. Closes . () 2017-05-10 12:13:42 -07:00
kevgliss
ecf00fe9d6 Splitting out the default date issuance logic for CIS and CC. CIS assumes years is converted to validity_end while CC prefers validity_years over validity_end. () 2017-05-10 12:05:03 -07:00
Michael Treacher
c71b3a319d Log the audit logs () 2017-05-08 09:43:26 -07:00
Michael Treacher
767147aef1 Check for unknown as status is no longer represented as a boolean () 2017-05-08 09:43:19 -07:00
Michael Treacher
ce5a45037a Fix for status representation in the view () 2017-05-05 11:04:40 -07:00
kevgliss
9c9ca37586 Enabling hex serial numbers without breaking backward compatibility. ()
* Enabling hex serial numbers without breaking backward compatibility.

* Fixing tests.
2017-05-05 11:04:09 -07:00
Ian Stahnke
5c41dafc97 fix unit and interval transposition in schemas.py () () 2017-04-30 12:23:34 -07:00
Paul Van de Vreede
989e3733a2 Add docker setup for running tests on a docker enabled dev environment. () 2017-04-28 09:28:06 -07:00
kevgliss
fbc24ea400 There is an issue when iterating over extensions where certificates might not have been issued in adherence with basic constraints. Here we log these errors instead of failing out right. () 2017-04-27 17:45:34 -07:00
kevgliss
4905020e77 ensuring stdout has a default log level () 2017-04-27 10:11:47 -07:00
kevgliss
75787d20bc ensuring that lemur's default user has a valid email () 2017-04-27 09:53:35 -07:00
kevgliss
ca9f120988 fixing some pep8 issues () 2017-04-27 09:44:39 -07:00
Rick Breidenstein
e86954e8ea Destination Plugin/Lemur_linuxdst ()
* Added lemur_linuxdst

* Revert "Added lemur_linuxdst"

This reverts commit 010c19bd1937320189ee5a0660f9e356221121f3.

* added plugin\lemur_linuxdst

Destination plugin for a target linux host

* Update remote_host.py

* Update plugin.py

* Update remote_host.py

* Update plugin.py

* Update plugin.py

* chaning var and funct names

* Write data with local temp

* .

* .

* typo

* tested plugin successfully

* Update plugin.py

* Update remote_host.py

* removed whitespace

* set permissions on exported keys to 600

sftp.chmod(dst_dir_cn + '/' + dst_file, (stat.S_IRUSR))

* Update plugin.py

* Update remote_host.py

* Update plugin.py

* added 'paramiko==2.1.2'

required for lemur_linuxdst plugin

* data stored in clear text at rest

* Update plugin.py

* Update plugin.py

* Update remote_host.py
2017-04-27 09:19:49 -07:00
Paul Van de Vreede
604cd60dbe Return correct intermediate certificate on digicert creation. ()
This commit also removes the unused DIGICERT_INTERMEDIATE env
var as it is not used.
2017-04-27 09:14:20 -07:00
Michael Treacher
05f4ae8e58 Hexify cert serial ()
* Hexify serial at the serialization layer

* Fix for flakey test. Change test to test for uppercased string
2017-04-27 09:13:04 -07:00
kevgliss
88ac783fd2 PEP8 Fixes () 2017-04-25 09:23:18 -07:00
Travis McPeak
bc66ede9aa Fixing Bandit findings and adding travis Bandit job ()
* Fixes for Bandit

This commit fixes a couple of issues so that Bandit can run
cleanly using medium+ severity and confidence filtering.

* Adding Lemur Bandit job to TravisCI
2017-04-24 18:37:03 -07:00
Michael Treacher
1c295896e6 Add test for when there are no notifications on a certificate () 2017-04-24 09:04:49 -07:00
kevgliss
01aa372e59 Version bump. () 2017-04-08 13:23:48 -07:00
kevgliss
81aff42e03 Removing this exception handling, that error should be caught above. () 2017-04-07 16:01:40 -07:00
Michael Treacher
7f019583f2 Don’t set ‘custom_expiration_date’ if validity years is set in the UI. ()
* Don’t set ‘custom_expiration_date’ if validity years is set in the UI.

* Use single quotes instead of double quotes.
2017-04-04 17:11:17 -07:00
kevgliss
f91ae5b319 Fixes bug where authority status was not set correctly. () 2017-03-29 10:10:51 -07:00
kevgliss
f0dde845db Adding ability to exclude certificates from expiration ()
* adding ability to exclude certificates from expiration

* fixing tests
2017-03-15 11:25:19 -07:00
kevgliss
b0ea027769 Underscores should not be in hostnames () 2017-03-15 08:41:06 -07:00
Neil Schelly
8762e1c5ae Issue bugfix ()
* Ensures that both AKI serial/issue _and_ keyid won't be included.
Validation issues crop up if both types of AKI fields are present.

* Ensure that SAN extension includes the certificate's common name

* Fix scenario where subAltNames are getting dropped when applying a template

* Ensure that SAN includes the CN

* Ensuring that getting here without a SAN extension won't break things.

* New cleaner approach

* Some bits of handling the extensions are a bit hacky, requiring access to attributes inside the objects in x509.
I think this is pretty clean though.

* lintian check

* Fixing tests
2017-03-10 09:09:18 -08:00
kevgliss
3c5b2618c0 Rely on the lemur generating the correct name for rotated certificates. ()
* Rely on the lemur generating the correct name for rotated certificates.

* Fixing tests.
2017-03-09 13:09:20 -08:00
kevgliss
602c5580d3 Only validates values if present in options. Fixing authority test to parse plugin information. () 2017-03-06 20:38:04 -08:00
kevgliss
b715687617 Ensuring that we don't fail cleaning if it doesn't exist. () 2017-03-03 16:03:52 -08:00
kevgliss
c46fa5d69c Ensures the rotation has a value during migration. () 2017-03-03 15:16:25 -08:00
kevgliss
310e1d4501 Adds support for filtering by UI. Closes . () 2017-03-03 15:07:26 -08:00
kevgliss
fc957b63ff Source syncing tweaks. ()
* Allow owner to be specified when syncing certs.

* Ensuring non-endpoint plugins don't fail to complete syncing.

* Adding in some additional error handling.
2017-03-03 14:53:56 -08:00
kevgliss
d53f64890c Adding max notification constraint. ()
* Adds additional constraints to the max notification time. With an increasing number of certificates we need to limit the max notification time to reduce the number of certificates that need to be analyzed for notification eligibility.
2017-03-03 12:59:16 -08:00
Neil Schelly
5f5583e2cb UI adjustments for mutually exclusive (radio button version) encipher/decipher-only Key Usage ()
* UI adjustments to make Key Agreement, Encipher Only, and Decipher Only relationship more user-friendly

* whitespace typo

* Issue  switching Encipher/Decipher Only options to be mutually exclusive and un-checkable radio buttons.

* Found a bug in the fields schema that was dropping Key Agreement bit if encipher/decipher only weren't checked
2017-02-16 13:26:56 -08:00
kevgliss
cf6ad94509 Adjusting the way that certificates are requested. ()
* Adjusting the way that certificates are requested.

* Fixing tests.
2017-02-16 13:24:05 -08:00
Gus E
08bb9c73a0 allow attributes to be excluded from a cert subject ()
* allow more flexibility in cert subject name

* clean up logic/remove unnecessary code
2017-02-16 13:21:52 -08:00
Neil Schelly
8e49194764 Issue 688 cert templates ()
* subAltNames were getting wiped out every time a template was selected

* isCritical variables aren't presented in the UI, nor is this information used in determining to use them.
2017-02-10 12:43:41 -08:00
kevgliss
8afcb50a39 Fixing the re-issuance process. Ensuring that certificates that are r… ()
* Fixing the re-issuance process. Ensuring that certificates that are re-issued go through the normal schema validation.

* Fixing tests.
2017-02-03 11:21:53 -08:00
Nevins
0326e1031f adding generic OAuth2 provider ()
* adding support for Okta Oauth2

* renaming to OAuth2

* adding documentation of options

* fixing flake8 problems
2017-02-03 10:36:49 -08:00
Neil Schelly
117009c0a2 Lemur cryptography refactor and updates ()
* Renaming the function so it sounds less root-specific

* Refactoring lemur_cryptography
* Adding to the certificate interface an easy way to request the subject and public_key of a certificate
* Turning the create authority functionality into a wrapper of creating a CSR in the certificate codebase and issueing that certificate in this plugin. (Dependent on https://github.com/Netflix/lemur/pull/666 changes first)
* Ensuring that intermediate certificates and signed certificates retain their chain cert data

* Handling extensions that are the responsibility of the CA
Implementing authority_key_identifier for lemur_cryptography signatures and including skeletons of handling the certificate_info_access and crl_distribution_points

* Fixing errors found with linter

* Updating plugin unit tests

* Changing this for Python3. Underlying cryptography library expects these to be bytes now.

* Updating tests to match new function names/interfaces

* Another naming update in the plugin tests

* Appears that create_csr won't like this input without an owner.

* Undoing last commit and putting it into the right place this time.

* create_csr should be good now with these options, and chain certs will be blank in tests

* This won't be blank in issue_certificate, like it will in creating an authority.

* Much cleaner

* unnecessary import
2017-02-01 10:34:24 -08:00
kevgliss
317b7cabb3 Ensuring usage matched OIDs. () 2017-01-28 23:22:20 -08:00
kevgliss
a59bc1f436 Fixes ()
* Adding some additional logging.
2017-01-28 16:40:37 -08:00
kevgliss
c24810b876 Modifying variable to fit epextions. () 2017-01-28 14:07:12 -08:00
kevgliss
bc94353850 Closes , also fixes several issues . () 2017-01-27 21:05:25 -08:00
Neil Schelly
f13a3505f3 X509 extensions issue#646 ()
* Allowing that create_csr can be called with an additional flag in the csr_config to adjust the BasicConstraints for a CA.

* If there are no SANs, skip adding a blank list of SANs.

* Adding handling for all the extended key usage, key usage, and subject key identifier extensions.

* Fixing lint checks. I was overly verbose.

* This implements marshalling of the certificate extensions into x509 ExtensionType objects in the schema validation code.

* Will create x509 ExtensionType objects in the schema validation stage
* Allows errors parsing incoming options to bubble up to the requestor as ValidationErrors.
* Cleans up create_csr a lot in the certificates/service.py
* Makes BasicConstraints _just another extension_, rather than a hard-coded one
* Adds BasicConstraints option for path_length to the UI for creating an authority
* Removes SAN types which cannot be handled from the UI for authorities and certificates.
* Fixes Certificate() object model so that it doesn't just hard-code only SAN records in the extensions property and actually returns the extensions how you expect to see them. Since Lemur is focused on using these data in the "CSR" phase of things, extensions that don't get populated until signing will be in dict() form.* Trying out schema validation of extensions
2017-01-27 12:31:29 -08:00
Tom Lianza
4af871f408 Added migration to cover what seem to be missing fields. () 2017-01-27 09:07:20 -08:00
Nevins
162d5ccb62 Gracefully handle importing certificates with missing data ()
* fixing index out of range issue

* catching exceptions is common values aren't set

* fixing lint errors

* fixing unrelated lint/import error
2017-01-24 13:48:53 -08:00
Neil Schelly
f353956353 Many fixes to authority/certificate extensions pages ()
* Aligning certificate creation between authority and certificate workflows
* Correctly missing and mis-named fields in schemas
* Re-ordering KeyUsage and ExtendedKeyUsage for consistency and clarity
* Adding client authentication to the authority options.

* Missing blank lines for pyflakes linting

* Updating tests for new fields/names/typos
2017-01-18 14:31:17 -08:00
Neil Schelly
02cfb2d877 Stealing this code form the attachSubAltName function in the certificates workflow. ()
The function was wiping out any extensions that weren't SAN names from the authority UI.
2017-01-18 14:24:15 -08:00
Neil Schelly
1b6f88f6fd Fixing handling of adding custom OIDs in UI ()
* is_critical wasn't in the schema, so was getting dropped.
* isCritical in the Javascript wasn't getting assigned if it was unchecked. Now, it will be assumed false if missing.
* The display of critical or not in the list of added custom OIDs was unclear when it was just true/false with no heading. Now it will be displayed as critical or nothing instead.
* The namespace for the checkbox for isCritical was wrong, and didn't get processed with the oid/type/value variables.
2017-01-18 14:20:44 -08:00
Neil Schelly
25340fd744 Combining Authority Key Identifier extension options in the schema. ()
* Combining Authority Key Identifier extension options in the schema.
This makes processing them in the cert/csr generation stage make more sense because they are two options in the same x.509 extension. They were already in the same part of the schema for authorities, but this makes the certificates follow the same pattern, and it allows them to share the same schema/validation layout.

* Updating schema tests to match changes

* Fixing an idiot typo

* I promise to stop using Travis as a typo-corrector soon.
2017-01-18 14:16:19 -08:00
Neil Schelly
7f2b44db04 Correcting grammar for subca ValidationError message for clarity () 2017-01-18 12:34:16 -08:00
kevgliss
d67b6c6120 Chains are not always a given. () 2017-01-08 17:27:50 -08:00
kevgliss
83128f3019 Fixing elb sync issues. ()
* Fixing elb sync issues.

* Fixing de-duplications of names.
2017-01-05 16:06:34 -08:00
kevgliss
7aa5ba9c6b Fixing an IAM syncing issue. Were duplicates were not properly sync'd… ()
* Fixing an IAM syncing issue. Were duplicates were not properly sync'd with Lemur. This resulted in a visibility gap. Even 'duplicates' need to sync'd to Lemur such that we can track rotation correctly. Failing on duplicates lead to missing those certificates and the endpoints onto which they were deployed. This commit removes the duplicate handling altogether.

* Fixing tests.
2017-01-04 17:46:47 -08:00
kevgliss
e5dee2d7e6 Adding additional metrics for when destinations fail to upload. () 2016-12-28 09:52:23 -08:00
kevgliss
b0232b804e Removing cloned date defaults. () 2016-12-27 11:35:53 -08:00
kevgliss
de7cec35c6 Clean refactor ()
* Adding rotation to the UI.

* Removing spinkit dependency.

* refactoring source cleaning
2016-12-27 10:31:33 -08:00
kevgliss
700c57b807 Rotation ui ()
* Adding rotation to the UI.

* Removing spinkit dependency.
2016-12-26 15:55:11 -08:00
kevgliss
ce75bba2c3 Replacement refactor. ()
* Deprecating replacement keyword.

* Def renaming.
2016-12-26 11:09:50 -08:00
kevgliss
46f8ebd136 Modifying the way rotation works. ()
* Modifying the way rotation works.

* Adding docs.

* Fixing tests.
2016-12-23 13:18:42 -08:00
kevgliss
f8279d6972 Fixes a bug where pagination was incorrect. () 2016-12-21 18:39:21 -08:00
kevgliss
072ca4da4f Adding some additional output to rotation command. () 2016-12-21 13:34:14 -08:00
kevgliss
8c5c30dfd4 Adding some additional output to expiration command. () 2016-12-21 11:01:21 -08:00
kevgliss
74723d1a1f Adding ability to modify ELBv2 endpoints. () 2016-12-21 08:23:14 -08:00
kevgliss
cdcae4efb0 Closes () 2016-12-20 14:26:39 -08:00
kevgliss
f7c795c7f6 Closes . () 2016-12-20 14:26:29 -08:00
kevgliss
beba2ba092 Adding additional reporting and refactoring existing setup. () 2016-12-20 12:48:14 -08:00
kevgliss
9ac10a97ce Fix acme tests ()
* Ensures that in-active users are not allowed to login.

* Ensuring acme issuer loads correctly.
2016-12-19 22:59:23 -08:00
kevgliss
2f5f82d797 Ensures that in-active users are not allowed to login. () 2016-12-19 22:58:57 -08:00
kevgliss
c7fdb2acd7 adding required variables () 2016-12-18 18:21:22 -08:00
kevgliss
51c7216b70 Fixing configuration value. ()
* Fixing and configuration value.

* Pinning fake factory.
2016-12-18 18:21:12 -08:00
Marti Raudsepp
0f3ffaade0 Fall back to CN for CA name when organization is not available ()
In-house CAs may not have the organization field filled out.
2016-12-16 16:27:25 -08:00
kevgliss
156b98f7f0 Ensuring that rotation only happens for certificates with endpoints to rotate. () 2016-12-15 15:20:21 -08:00
kevgliss
a09faac9a7 Endpoint sync fixes () 2016-12-15 10:26:59 -08:00
kevgliss
d20c552248 Fixing issues with rotation. ()
* Fixing issues with rotation.

* Fixing tests
2016-12-14 17:30:13 -08:00
Marti Raudsepp
b327963925 Plugin base classes: update method signatures & fix raise ()
This way IDEs can verify method overrides in subclasses, otherwise these
are flagged as erroneous.

Changed base classes to properly raise NotImplementedError; previously
they would cause "TypeError: exceptions must derive from BaseException"

Also fixed exception handling in sources.service.clean().
2016-12-14 13:42:29 -08:00
Marti Raudsepp
1eb3d563c6 Fix error reporting for certs without private key () 2016-12-14 13:25:56 -08:00
kevgliss
02991c70a9 Allow Lemur "start" to use the global config. ()
* allowing our runserver to use the config specified by -c

* Maintaining config for gunicorn
2016-12-14 13:23:50 -08:00
Marti Raudsepp
71ddbb409c Minor documentation fixes/tweaks ()
Mostly typos, grammar errors and inconsistent indentation in code
examples.

Some errors detected using Topy (https://github.com/intgr/topy), all
changes verified by hand.
2016-12-14 09:29:04 -08:00
kevgliss
565c9ae98d adding missing init () 2016-12-13 09:21:31 -08:00
kevgliss
03d5a6cfe1 Refactors how notifications are generated. () 2016-12-12 11:22:49 -08:00
kevgliss
1c3ac21291 Ensuring the digicert session is handled correctly () 2016-12-11 08:38:59 -08:00
kevgliss
968dd52f6f Fixes ()
* Fixing email notification

* Adding endpoint expiration

* Fixing endpoint type for ELBs

* Allowing verisign to include additional SANs
2016-12-08 15:52:27 -08:00
kevgliss
a4b32b0d31 Fixing up notification testing () 2016-12-08 11:33:40 -08:00
kevgliss
be1415fbd4 Ensuring new cli is available () 2016-12-08 09:11:19 -08:00
kevgliss
b5901a1570 adding needed migration files () 2016-12-07 17:31:59 -08:00
kevgliss
bdc6dc8683 Fixing a bug were extensions got a default value () 2016-12-07 17:28:18 -08:00
kevgliss
5087fa67dc skipping a few tests that aren't ready yet () 2016-12-07 16:52:00 -08:00
kevgliss
fc205713c8 Certificate rotation enhancements () 2016-12-07 16:24:59 -08:00
kevgliss
9adc5ad59e Adding last updated time () 2016-12-07 15:43:57 -08:00
kevgliss
f63ccd033d Ensuring that endpoints without output_schema work as expected () 2016-12-07 15:40:29 -08:00
kevgliss
00da52f32e Ensuring that CSRs are correctly validated under python3 () 2016-12-06 12:25:43 -08:00
kevgliss
e94cf6ddc9 Ensuring that certificates returned from digicert are in the proper format () 2016-12-06 12:05:18 -08:00
kevgliss
81272a2f7a Moving validation to server start. () 2016-12-05 16:43:38 -08:00
kevgliss
e622a49b72 Adding better error handling around certificate rotation () 2016-12-05 15:12:55 -08:00
kevgliss
9030aed8a4 Ensuring that our syncing process can find duplicate certifcates that do no need to be sync'd () 2016-12-05 11:08:29 -08:00
kevgliss
344abbda66 fixing signature () 2016-12-02 13:48:50 -08:00
kevgliss
834814f867 adding additional status code metrics () 2016-12-02 13:02:59 -08:00
kevgliss
7f823a04cd Ensuring that acme and cryptography respect different key types () 2016-12-02 10:54:18 -08:00
kevgliss
0f5e925a1a Ensuring that default-issuer is set () 2016-12-02 09:54:16 -08:00
kevgliss
a40bc65fd4 Default authority. ()
* Enabling the specification of a default authority, if no default is found then the first available authority is selected

* PEP8

* Skipping tests relying on keytool
2016-12-01 15:42:03 -08:00
kevgliss
81bf98c746 Enabling RSA2048 and RSA4096 as available key types ()
* Enabling RSA2048 and RSA4096 as available key types

* Fixing re-issuance
2016-12-01 15:41:53 -08:00
kevgliss
e1bbf9d80c Improving endpoint rotation logic () 2016-11-30 15:11:17 -08:00
kevgliss
abb91fbb65 fixing a few minor issue with cloning () 2016-11-30 10:54:53 -08:00
kevgliss
f9b16a2110 csr as string () 2016-11-29 18:50:20 -08:00
kevgliss
588ac1d6a6 Digicert cis fixes () 2016-11-29 17:15:39 -08:00
kevgliss
058d2938fb migrating off of openssl () 2016-11-29 11:30:44 -08:00
kevgliss
3db3214cbe installing the digicert CIS plugin () 2016-11-29 10:02:40 -08:00
kevgliss
bfc80f982c minor fixes and downgrading requests () 2016-11-28 16:50:26 -08:00
kevgliss
727bc87ede Log fixes ()
* tying up some loose ends with event logging

* Ensuring creators can access
2016-11-28 14:13:16 -08:00
kevgliss
e2143d3ee8 tweaking the way data is returned () 2016-11-28 12:29:03 -08:00
kevgliss
b46ff4158a Initial workon the digicert high issuance api. () 2016-11-28 10:50:58 -08:00
kevgliss
250558baf3 Ensuring that authority owners can access certificates issued by that… ()
* Ensuring that authority owners can access certificates issued by that authority
2016-11-25 20:35:07 -08:00
kevgliss
8e5323e2d7 migrating flask imports () 2016-11-22 21:11:20 -08:00
kevgliss
d5d036b412 adding a work around for new gunicorn () 2016-11-22 16:47:29 -08:00
kevgliss
9d03e75d9b tweaking a few things to support the new marshmallow () 2016-11-22 15:14:19 -08:00
kevgliss
06a3f3ea0d version bump () 2016-11-21 15:29:31 -08:00
kevgliss
12ae0a587d teaking the way exceptions are handled () 2016-11-21 15:26:17 -08:00