Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,077 Commits 4 Branches 45 Tags 7.5 MiB
409e12a9d6
Commit Graph

1499 Commits

Author SHA1 Message Date
Hossein Shafagh
4e4a7e9cab
Merge branch 'master' into entrust-revised 2020-09-23 13:33:24 -07:00
Hossein Shafagh
e5961146b9 session hook complains about metadata 
+ consistent language.
 2020-09-23 14:22:58 -06:00
sayali
12af0ecb45 UT get_key_type_from_certificate 2020-09-23 11:46:38 -07:00
sayali
710290f590 Formatting changes 2020-09-23 11:45:36 -07:00
Hossein Shafagh
19b693f636
Update c301c59688d2_.py 
language
 2020-09-23 10:21:23 -07:00
Hossein Shafagh
e3fa072608
Update c301c59688d2_.py 
language
 2020-09-23 10:17:30 -07:00
sayali
921e8d8236 Add error message to the logs 2020-09-22 18:46:15 -07:00
sayali
9211178e77 Added date-time and modified log file name 2020-09-22 18:31:38 -07:00
sayali
8de9842092 Backfill the key_type column: DB Upgrade 2020-09-22 18:22:45 -07:00
Hossein Shafagh
1632b4b078 making lint happy, running make test-python doesn't run lint 2020-09-18 21:58:53 -07:00
Hossein Shafagh
21e9a4508d TypeError: 'float' object cannot be interpreted as an integer 2020-09-18 17:42:28 -07:00
Hossein Shafagh
c892cd5ae1 removing anything that remotely looks like a secret in code to set a good example 2020-09-18 17:38:52 -07:00
Hossein Shafagh
cc855e2758 modern python style 2020-09-18 17:16:07 -07:00
Hossein Shafagh
edab32d9a1 setting the required entrust configs 2020-09-18 17:03:22 -07:00
Hossein Shafagh
416f39222a testing 2020-09-18 17:02:19 -07:00
Hossein Shafagh
fae3793255 entrrust plugin revised 2020-09-18 11:09:32 -07:00
sayali
51549ae795 Adding comment for the property to be removed 2020-09-15 17:37:58 -07:00
sayali
d8cca855e8 Merge branch 'master' of github.com:Netflix/lemur into key_type_column 2020-09-15 15:16:13 -07:00
sayali
5ae65c2c4d Remove unused import 2020-09-15 14:55:04 -07:00
sayali
676562ffde Match column type to db schema 
No functional change
 2020-09-14 18:13:35 -07:00
sayali
02d711282d New column key_type 
commenting conflicting property for now
 2020-09-14 18:12:33 -07:00
sirferl
02c7a5ca7c another round of lint errors 2020-09-14 16:34:56 +02:00
sirferl
e011cc9251 added several enhancements following advice from peer 2020-09-14 16:24:53 +02:00
sirferl
9778eb7b25 fixed lint errors 2020-09-14 15:56:02 +02:00
sirferl
5bb0143da4 lint errors and removed _path from the API-Cert variables 2020-09-14 15:42:36 +02:00
sirferl
84496b0f55 fixed a few problems 2020-09-14 15:18:46 +02:00
sirferl
b8e3162c5f added revoke functionality 2020-09-14 14:20:11 +02:00
sirferl
b337b27146 added response handler 2020-09-14 12:23:58 +02:00
sirferl
01678a714f added required vars check 2020-09-14 09:50:55 +02:00
Hossein Shafagh
8adca442e1
Merge branch 'master' into entrust-plugin 2020-09-11 17:11:57 -07:00
sayali
09a2a8fc76 Log message change 
PR comments
 2020-09-11 15:53:34 -07:00
Hossein Shafagh
806aeddd87
Merge branch 'master' into validity 2020-09-11 10:09:01 -07:00
Hossein Shafagh
6e588f9c7b
Merge branch 'master' into validity 2020-09-11 09:06:11 -07:00
sirferl
1c9c377751
Lint errors 2020-09-11 12:31:15 +02:00
sirferl
fd52438d61
yet lint errors 2020-09-11 12:30:53 +02:00
sirferl
de9ad82011
Fixed Lint complaints 2020-09-11 12:24:33 +02:00
sirferl
a99a84b0b2 entrust plugin inital edit 2020-09-10 16:04:31 +02:00
sirferl
f47f108f43 ientrust plgin - first version 2020-09-10 16:03:29 +02:00
Hossein Shafagh
a7be8b6dce adding support for different types of CSR encodings 2020-09-09 19:54:53 -07:00
Hossein Shafagh
4923157dc2 expanding key_type to with EC support 2020-09-09 19:54:20 -07:00
Hossein Shafagh
aff7ad7ea2 testing 2020-09-09 19:53:59 -07:00
Hossein Shafagh
60fd2134ca removing duplicate curves, and marking them in existing mapping 2020-09-09 19:53:35 -07:00
Hossein Shafagh
5ab9626cbd overwriting cn and key_type values from CSR, as they take precedence 2020-09-09 19:52:59 -07:00
Hossein Shafagh
6fa15c4cb3 methods to extract cn and key_type from csr 2020-09-09 19:48:21 -07:00
Hossein Shafagh
de0c38e9ba mapping of curve name to key_type 2020-09-09 19:47:51 -07:00
sayali
8ad4448c85 Match date format for comparison + expected new lines 2020-09-01 12:44:49 -07:00
sayali
db4f68f0ed Logs during cert validity truncate for digicert 2020-08-31 18:20:32 -07:00
sayali
9c4fb85dc3 Calculate dates from defaultDays in js 2020-08-31 18:19:32 -07:00
Hossein Shafagh
d478def98c removing the custom key Type and doing the conversion in the backend 2020-08-31 16:35:47 -07:00
Hossein Shafagh
9a7a632489 using a standard curve for testing 2020-08-28 09:48:35 -07:00
Hossein Shafagh
9671b34485 adding support for all type of ECC curves which existing CA plugins might support 2020-08-27 14:15:14 -07:00
sayali
1fc2e29ab8 Remove 397 days validation as it causes error in API calls 
More to come in future
 2020-08-27 14:15:14 -07:00
sirferl
ab4cda2298 Extended ADCS_TEMPLATE_ Variable 
If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
 2020-08-27 14:15:14 -07:00
sayali
7a9500eee0 Lint error fix 2020-08-27 14:15:14 -07:00
sayali
5ed109e998 Max end date as per start date + default validity 3 years 2020-08-27 14:15:14 -07:00
sayali
7011a4df8b max date on UI as per max validity configs 2020-08-27 14:15:14 -07:00
sayali
4d7c6844e5 Make Organizational Unit optional 2020-08-27 14:15:14 -07:00
sayali
2645c4a82d mention 397 for digicert plugin 2020-08-27 14:15:14 -07:00
sayali
3cb386cc0f maximum 1 year validity for digicert 2020-08-27 14:15:14 -07:00
sayali
e06dea106f Modify unit test test_determine_end_date to match new config 2020-08-27 14:15:14 -07:00
sayali
d7d483fa9b Renaming PUBLIC_CA to PUBLIC_CA_AUTHORITY_NAMES 2020-08-27 14:15:14 -07:00
sayali
25125f3257 Cert validity should not exceed 397 days for publicly trusted issuers 2020-08-27 14:15:14 -07:00
sayali
404d213e8f Modified cert description to have cert id being cloned 2020-08-27 14:15:14 -07:00
sayali
e75e472a1a Do not inherit replacement info during cert clone 2020-08-27 14:15:14 -07:00
sayali
69b64c63ea Honor selected algorithm during certificate cloning 2020-08-27 14:15:14 -07:00
Hossein Shafagh
f4bcd1cf30 lack of an empty config file was resulting into this error 
```
Traceback (most recent call last):
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
    self.acme.request_certificate(mock_acme, [], mock_order)
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
    current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
 2020-08-27 14:15:14 -07:00
Hossein Shafagh
5a6e4e5b43 Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore. 
https://letsencrypt.org/certificates/

Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html

This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
 2020-08-27 14:15:14 -07:00
Hossein Shafagh
c169ad291e adding the correct signing algorithm, and a missing key Type 2020-08-27 13:29:56 -07:00
sayali
3242fc1e13 Validity with radio buttons 2020-08-26 19:30:12 -07:00
sayali
6aedd3b0d8 Datepicker enhancements 2020-08-25 18:40:36 -07:00
sayali
3efe14c43f Remove 397 days validation as it causes error in API calls 
More to come in future
 2020-08-25 16:26:20 -07:00
sirferl
4f148f3bc3
Merge branch 'master' into master 2020-08-20 11:33:18 +02:00
sirferl
1b73b1d080
Merge branch 'master' into master 2020-08-19 12:29:02 +02:00
sirferl
c2116df652
Extended ADCS_TEMPLATE_ Variable 
If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
 2020-08-19 12:25:52 +02:00
sayali
5b96b3a032 Lint error fix 2020-08-18 20:03:15 -07:00
sayali
240f0b99c8 Max end date as per start date + default validity 3 years 2020-08-18 19:34:59 -07:00
sayali
bc5579e9bf max date on UI as per max validity configs 2020-08-18 14:50:42 -07:00
sayali
5b3f40467b Make Organizational Unit optional 2020-08-18 14:50:42 -07:00
sayali
6ff8910f87 mention 397 for digicert plugin 2020-08-11 18:53:19 -07:00
sayali
d7ca1570be maximum 1 year validity for digicert 2020-08-11 18:02:42 -07:00
sayali
bde2829e72 Modify unit test test_determine_end_date to match new config 2020-08-11 17:10:29 -07:00
sayali
18a3514974 Renaming PUBLIC_CA to PUBLIC_CA_AUTHORITY_NAMES 2020-08-10 18:06:45 -07:00
sayali
7a83799bcd Cert validity should not exceed 397 days for publicly trusted issuers 2020-08-10 17:30:34 -07:00
Hossein Shafagh
9bcfcebb3a
Merge branch 'master' into bootswatch-fix 2020-08-04 14:09:33 -07:00
sayali
817a4c3d90 Modified cert description to have cert id being cloned 2020-08-03 19:24:06 -07:00
sayali
c3d8501401 Do not inherit replacement info during cert clone 2020-08-03 19:23:24 -07:00
sayali
c15a2c62d1 Honor selected algorithm during certificate cloning 2020-08-03 19:22:13 -07:00
Hossein Shafagh
3c1d6998fb
Merge branch 'master' into pinning-to-cross-signed-LE-ICA 2020-07-24 10:25:11 -07:00
Raul Benencia
0fd83d13ae Fix intermediate CA creation on cryptography plugin 2020-07-23 13:58:32 -07:00
Hossein Shafagh
2317967802 lack of an empty config file was resulting into this error 
```
Traceback (most recent call last):
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
    self.acme.request_certificate(mock_acme, [], mock_order)
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
    current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
 2020-07-15 17:04:49 -07:00
Hossein Shafagh
d5ae45a0d0 Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore. 
https://letsencrypt.org/certificates/

Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html

This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
 2020-07-14 17:35:13 -07:00
Hossein Shafagh
e0c2f4274e
Merge branch 'master' into patch-1 2020-07-02 10:16:02 -07:00
Javier Ramos
aa11088944
Remove f from non-f string 2020-07-02 16:48:41 +02:00
Javier Ramos
1f598e3752
Fix unmatched field in Authorization 
The field in the formatted string was not matching the args
 2020-07-02 16:41:19 +02:00
Javier Ramos
7a5a5531cc
Raise ValidationError if CSR contains invalid CN 
If we supply a CSR that contains an empty field in the Subject, Lemur will crash with an error 500 as the ValueError exception is not captured. This change captures the exception and raises a ValidationError which in this case is a 400 sent back to client. Example to reproduce:

    Subject: C=ZZ, ST=Something, L=, O=My_Org, OU=My_Dept, CN=www.booking.com

The empty L= causes a ValueError which needs to be captured.
 2020-07-01 15:44:06 +02:00
Hossein Shafagh
4985744bd8 fixing UnboundLocalError bug 2020-06-11 16:47:37 -07:00
csine-nflx
a7a309136f fixing whitespace and imports 2020-06-11 14:15:40 -07:00
csine-nflx
f834d10f9a moving ultradns tests to separate file 2020-06-11 14:04:17 -07:00
Hossein Shafagh
c40d297735
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-06-09 14:20:31 -07:00
Hossein Shafagh
fd3ea2cf46
Merge branch 'master' into json-logging-rotate 2020-06-09 10:58:53 -07:00