d1519343d1
improving check revoked by only considering authorities which do support revocation and also only including not expired certs
2019-08-07 17:54:10 -07:00
2319858586
Expose new certificate field hasPrivateKey
...
We can also now disable the 'private key' tab when cert doesn't have a
private key.
2019-06-22 15:38:28 +03:00
23caac5576
Merge branch 'master' into temp-ExpiredToggle-3
2019-06-21 08:59:53 -07:00
34cdd29a50
removing the rotation enabled requirement, to keep the endpoint generic
2019-06-20 16:06:26 -07:00
f836c6fff6
API additions for viewing expired certs as well. Default behavior modified to show only valid certs and those which have expired less than 1 month ago.
2019-06-17 14:29:48 -07:00
071c083eae
hiding expired certs after 6 months from the main page
2019-05-30 10:21:03 -07:00
b4d9ab9f0c
Merge branch 'master' of github.com:Netflix/lemur into improving-cert-lookup-time
2019-05-30 08:55:49 -07:00
13d46ae42e
indexing the not after field in the cert table
2019-05-30 08:55:30 -07:00
f81adb1371
Make get_or_increase_name queries less demanding
2019-05-29 12:20:05 -07:00
68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
f452a7ce68
adding a new API for faster certificate lookup.
...
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:
cn is a required parameter:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):
http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:
http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
2019-05-11 18:06:51 -07:00
e33a103ca1
Allow searching for certificates by name via API
2019-05-09 14:36:56 -07:00
87470602fd
Gather more metrics on certificate reissue/rotate jobs
2019-05-08 07:48:08 -07:00
f6afcc6d21
Merge branch 'master' into master
2019-04-17 10:28:46 -07:00
58dd424de8
Prevent potential NoneType not subscriptable
...
Fix when data['extensions']['subAltNames']['names'] is none
2019-04-17 18:33:52 +02:00
770729a72e
Allow csr to be empty during upload
2019-04-13 01:17:12 +02:00
406753fcde
Fix PEP8
2019-04-13 00:49:35 +02:00
a5570d07bc
Added some documentation for API users.
2019-04-13 00:48:19 +02:00
c1b02cc8a5
Allow uploading csr along with certificates
2019-04-13 00:48:19 +02:00
d80a6bb405
Added tests for CSR parsing into CertificateInputSchema
2019-04-01 08:44:40 +02:00
b86e381e20
Parse SubjectAlternativeNames from CSR into Lemur Certificate
2019-03-27 13:46:33 +01:00
4018c68d49
Merge branch 'master' into authority_validation_LE_errors
2019-03-25 08:34:10 -07:00
c2158ff8fb
Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs
2019-03-25 08:28:23 -07:00
9e5496b484
Update schemas.py
2019-03-15 10:19:25 +01:00
f7452e8379
Parse DNSNames from CSR into Lemur Certificate
2019-03-15 09:29:23 +01:00
93ce259fb2
Merge branch 'master' into verify-cert-chain
2019-03-07 12:46:19 -08:00
45cb0f0513
Merge branch 'master' into allow-cert-deletion
2019-03-06 09:35:10 -08:00
54ad3ba777
Merge branch 'master' into verify-cert-chain
2019-03-04 17:55:36 -08:00
dd2900bdbc
Relax search;update requirements
2019-03-04 10:04:06 -08:00
10cec063c2
Check that stored certificate chain matches certificate
...
Similar to how the private key is checked.
2019-03-04 17:10:59 +02:00
63de8047ce
Return 'already deleted' instead of 'not found' when cert has already been deleted
2019-02-27 09:38:25 +01:00
29bda6c00d
Fix typo's
2019-02-14 11:58:29 +01:00
8abf95063c
Implement a ALLOW_CERT_DELETION option (boolean, default False). When enabled, the certificate delete API call will work and the UI
...
will no longer display deleted certificates. When disabled (the default), the delete API call will not work (405 method not allowed)
and the UI will show all certificates, regardless of the 'deleted' flag.
2019-02-14 11:57:27 +01:00
1d2771b014
Merge branch 'master' into get_by_attributes
2019-02-04 21:07:09 -08:00
45fbaf159a
Merge branch 'master' into master
2019-02-01 16:50:09 -08:00
8e93d007be
Merge branch 'master' into get_by_attributes
2019-02-01 16:48:50 -08:00
e24a94d798
Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes
...
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
2019-01-30 18:11:24 +02:00
e5ddf08f48
Merge branch 'master' into master
2019-01-29 16:37:29 -08:00
4b893ab5b4
Expose full certificate RFC 4514 Distinguished Name string
...
Using rfc4514_string() method added in cryptography version 2.5.
2019-01-23 10:03:40 +02:00
4c4fbf3e48
Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted.
2019-01-21 10:25:28 +01:00
31a86687e7
Reduce the expense of joins
2019-01-14 09:20:02 -08:00
c4e6e7c59b
Optimize DB cert filtering
2019-01-14 08:02:27 -08:00
542e953919
Check that stored private keys match certificates
...
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
even when issuer plugins or other code paths have bugs.
2018-12-31 16:28:20 +02:00
a50d80992c
updated query to ignore empty parameters
2018-12-12 12:45:48 +01:00
39b76d18dc
add countdown to async call
2018-11-28 14:41:56 -08:00
e074a14ee9
unit test
2018-11-28 14:27:03 -08:00
2381d0a4bb
Add async call to create pending cert when needed
2018-11-28 11:32:52 -08:00
3ce8abe46e
Left outer join on domains tables to avoid missing results
2018-11-13 14:33:17 -08:00
29be647911
Merge branch 'master' into no_csr_reissue
2018-11-12 09:54:47 -08:00
a7a05e26bc
Do not re-use CSR during certificate reissuance; Update requirement; Add more logging to celery handler
2018-11-12 09:52:11 -08:00
