Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,432 Commits 4 Branches 45 Tags 7.5 MiB
Commit Graph

89 Commits

Author SHA1 Message Date
Emmanuel Garette 6f7ddb3a25 WIP: add OpenSSH plugin 2020-11-14 11:50:56 +01:00
sayali 01dddd2a55 iterate over subject details 2020-10-20 17:17:28 -07:00
sayali 788703ce12 Fix cert reissue when L/OU is not set 
get_certificate_primitives complains with None L/OU
 2020-10-20 16:44:17 -07:00
Hossein Shafagh 894e35b4e2
Update schemas.py 
minor language
 2020-10-14 09:48:40 -07:00
sayali b677e6e325 Copy subject details for non-CAB-compliant authorities 2020-10-13 19:40:01 -07:00
sayali fb4df8865b Formatting changes and typo 2020-10-09 17:58:03 -07:00
sayali d52e0d4e09 Certificate edit: update role and notification with owner change 2020-10-09 16:55:30 -07:00
sayali 8928e04385 Fix disable notify 2020-10-08 11:38:52 -07:00
sayali b7d0e62844 Make location optional 
Remove form validation and default value in input schema
 2020-10-07 13:31:23 -07:00
sayali aaff0f7581 Fixing UT for key_type on upload schema 2020-09-28 19:03:21 -07:00
sayali 7a226241db Add key_type to CertificateUploadInputSchema 
Parse cert body to determine algo
 2020-09-28 18:13:00 -07:00
sayali cd13832377 Use key_type column for cert get/rotate/reissue/display 
Added unit tests
 2020-09-23 15:16:19 -07:00
Hossein Shafagh 5ab9626cbd overwriting cn and key_type values from CSR, as they take precedence 2020-09-09 19:52:59 -07:00
e11it f83e3f764e
always assign csr_sans to name 2020-05-22 21:52:43 +03:00
e11it 27a86f5c18
Fix: San values #2921 
Not sure is it correct solution
 2020-03-03 21:45:33 +03:00
rajatsharma94 9984470b58 fix fatal error in schema validator 2020-01-23 15:27:02 +01:00
Ilya Labun 189e8b2725 Eliminate subqueries when showing certificates list 2019-12-20 10:37:47 +01:00
Marti Raudsepp 2319858586 Expose new certificate field hasPrivateKey 
We can also now disable the 'private key' tab when cert doesn't have a
private key.
 2019-06-22 15:38:28 +03:00
Curtis Castrapel 68fd1556b2 Black lint all the things 2019-05-16 07:57:02 -07:00
Curtis f6afcc6d21
Merge branch 'master' into master 2019-04-17 10:28:46 -07:00
Javier Ramos 58dd424de8
Prevent potential NoneType not subscriptable 
Fix when data['extensions']['subAltNames']['names'] is none
 2019-04-17 18:33:52 +02:00
Jose Plana 770729a72e Allow csr to be empty during upload 2019-04-13 01:17:12 +02:00
Jose Plana 406753fcde Fix PEP8 2019-04-13 00:49:35 +02:00
Jose Plana c1b02cc8a5 Allow uploading csr along with certificates 2019-04-13 00:48:19 +02:00
Javier Ramos d80a6bb405 Added tests for CSR parsing into CertificateInputSchema 2019-04-01 08:44:40 +02:00
Javier Ramos b86e381e20 Parse SubjectAlternativeNames from CSR into Lemur Certificate 2019-03-27 13:46:33 +01:00
Curtis 4018c68d49
Merge branch 'master' into authority_validation_LE_errors 2019-03-25 08:34:10 -07:00
Curtis Castrapel c2158ff8fb Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs 2019-03-25 08:28:23 -07:00
Javier Ramos 9e5496b484
Update schemas.py 2019-03-15 10:19:25 +01:00
Javier Ramos f7452e8379 Parse DNSNames from CSR into Lemur Certificate 2019-03-15 09:29:23 +01:00
Marti Raudsepp 10cec063c2 Check that stored certificate chain matches certificate 
Similar to how the private key is checked.
 2019-03-04 17:10:59 +02:00
Marti Raudsepp 4b893ab5b4 Expose full certificate RFC 4514 Distinguished Name string 
Using rfc4514_string() method added in cryptography version 2.5.
 2019-01-23 10:03:40 +02:00
Marti Raudsepp 542e953919 Check that stored private keys match certificates 
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
  even when issuer plugins or other code paths have bugs.
 2018-12-31 16:28:20 +02:00
James Chuong 75069cd52a Add CSR to certificiates 
Add csr column to certificates field, as pending certificates have
exposed the CSR already.  This is required as generating CSR from
existing certificate is will not include SANs due to OpenSSL bug:
https://github.com/openssl/openssl/issues/6481

Change-Id: I9ea86c4f87067ee6d791d77dc1cce8f469cb2a22
 2018-10-23 17:46:04 -07:00
Curtis Castrapel cc18a68c00 Lemur LetsEncrypt Polling Support 2018-10-11 22:01:05 -07:00
Curtis Castrapel 7d42e4ce67 Fix certificate import issues 2018-09-10 10:34:47 -07:00
Curtis Castrapel 1ad61b1550 allow null validity periods 2018-08-17 07:57:55 -07:00
Curtis Castrapel bb026b8b59 Allow LetsEncrypt renewals and requesting certificates without specifying DNS provider 2018-08-13 14:22:59 -07:00
Steven Reiling 7f3454128d Adds an optional interval variable to notification service's 
create_default_expiration_notifications and introduces a new optional
configuration variable, LEMUR_SECURITY_TEAM_EMAIL_INTERVALS, to allow admins
control over the centralized email notification defaults.
 2018-07-13 14:08:31 -07:00
Marti Raudsepp 50846eb682 Expose certificate dateCreated via API 2018-07-02 18:24:18 +03:00
Curtis Castrapel 544a02ca3f Addressing comments. Updating copyrights. Added function to determine authorative name server 2018-05-29 10:23:01 -07:00
Curtis Castrapel a9b9b27a0b fix tests 2018-05-10 12:58:04 -07:00
Curtis Castrapel 52e7ff9919 Allow specification of dns provider name only 2018-05-10 12:58:04 -07:00
Curtis Castrapel 6500559f8e Fix issue with automatically renewing acme certificates 2018-05-08 14:54:10 -07:00
Curtis Castrapel e68b3d2cbd 0.7 release 2018-05-07 09:58:24 -07:00
Curtis Castrapel 1be3f8368f dyn support 2018-05-04 15:01:01 -07:00
Curtis Castrapel 3e64dd4653 Additional work 2018-05-04 15:01:01 -07:00
Curtis Castrapel 7704f51441 Working acme flow. Pending DNS providers UI 2018-04-24 09:38:57 -07:00
Curtis Castrapel 44e3b33aaa More stuff. Will prioritize this more next week 2018-04-20 14:49:54 -07:00
Curtis Castrapel 18c64fafe4 address comment 2018-02-27 12:34:18 -08:00