Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,719 Commits 4 Branches 45 Tags
Commit Graph

726 Commits

Author SHA1 Message Date
sayali
28381737dc Removed OU from digicert plugin 2020-10-13 19:40:15 -07:00
Mathias Petermann
817fc3f0fe
Merge branch 'master' into feature/store-acme-account-details 2020-10-11 14:37:31 +02:00
Hossein Shafagh
0fc050e17b
Merge branch 'master' into dymanic-digicert-ICAs 2020-10-09 17:53:54 -07:00
Hossein Shafagh
42e9b8b627 removing the intermediary from being optional 2020-10-09 15:40:25 -07:00
sirferl
5a968ffe63 Lint errors 2020-10-09 12:05:57 +02:00
sirferl
d43e240a2a dded ELIF at determine_end_date, becuase of error. 2020-10-09 11:41:44 +02:00
sirferl
a6a4f458e0 added Tests and removed problems in test-setup 2020-10-09 11:35:04 +02:00
Hossein Shafagh
1a270cd315 switching from static DigiCert ICAs to dynamic ones to support: 
https://knowledge.digicert.com/alerts/DigiCert-ICA-Update.html
 2020-10-07 20:06:20 -07:00
Mathias Petermann
57534d86cd Disable account saving by default 2020-10-07 12:28:22 +02:00
Mathias Petermann
8353396940 Improve tests 2020-10-07 12:28:22 +02:00
Mathias Petermann
9abd3e97e7 Add test loading acme account from authority 2020-10-07 12:28:22 +02:00
Mathias Petermann
bf66de0bfd Add Test for saving the accound details 2020-10-07 12:28:22 +02:00
Mathias Petermann
e0708410d0 Add store_account value to options in test_setup_acme_client_success 2020-10-07 12:28:22 +02:00
Mathias Petermann
eed628dbab Implement storage of acme account 2020-10-07 12:28:22 +02:00
Mathias Petermann
898b5da661 Add store_account option to acme plugin 2020-10-07 12:28:22 +02:00
Hossein Shafagh
e5961146b9 session hook complains about metadata 
+ consistent language.
 2020-09-23 14:22:58 -06:00
Hossein Shafagh
cc855e2758 modern python style 2020-09-18 17:16:07 -07:00
Hossein Shafagh
416f39222a testing 2020-09-18 17:02:19 -07:00
Hossein Shafagh
fae3793255 entrrust plugin revised 2020-09-18 11:09:32 -07:00
sirferl
02c7a5ca7c another round of lint errors 2020-09-14 16:34:56 +02:00
sirferl
e011cc9251 added several enhancements following advice from peer 2020-09-14 16:24:53 +02:00
sirferl
9778eb7b25 fixed lint errors 2020-09-14 15:56:02 +02:00
sirferl
5bb0143da4 lint errors and removed _path from the API-Cert variables 2020-09-14 15:42:36 +02:00
sirferl
84496b0f55 fixed a few problems 2020-09-14 15:18:46 +02:00
sirferl
b8e3162c5f added revoke functionality 2020-09-14 14:20:11 +02:00
sirferl
b337b27146 added response handler 2020-09-14 12:23:58 +02:00
sirferl
01678a714f added required vars check 2020-09-14 09:50:55 +02:00
Hossein Shafagh
8adca442e1
Merge branch 'master' into entrust-plugin 2020-09-11 17:11:57 -07:00
sayali
09a2a8fc76 Log message change 
PR comments
 2020-09-11 15:53:34 -07:00
sirferl
1c9c377751
Lint errors 2020-09-11 12:31:15 +02:00
sirferl
fd52438d61
yet lint errors 2020-09-11 12:30:53 +02:00
sirferl
de9ad82011
Fixed Lint complaints 2020-09-11 12:24:33 +02:00
sirferl
a99a84b0b2 entrust plugin inital edit 2020-09-10 16:04:31 +02:00
sirferl
f47f108f43 ientrust plgin - first version 2020-09-10 16:03:29 +02:00
sayali
8ad4448c85 Match date format for comparison + expected new lines 2020-09-01 12:44:49 -07:00
sayali
db4f68f0ed Logs during cert validity truncate for digicert 2020-08-31 18:20:32 -07:00
sirferl
1b73b1d080
Merge branch 'master' into master 2020-08-19 12:29:02 +02:00
sirferl
c2116df652
Extended ADCS_TEMPLATE_ Variable 
If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
 2020-08-19 12:25:52 +02:00
sayali
6ff8910f87 mention 397 for digicert plugin 2020-08-11 18:53:19 -07:00
sayali
d7ca1570be maximum 1 year validity for digicert 2020-08-11 18:02:42 -07:00
sayali
bde2829e72 Modify unit test test_determine_end_date to match new config 2020-08-11 17:10:29 -07:00
sayali
7a83799bcd Cert validity should not exceed 397 days for publicly trusted issuers 2020-08-10 17:30:34 -07:00
Hossein Shafagh
3c1d6998fb
Merge branch 'master' into pinning-to-cross-signed-LE-ICA 2020-07-24 10:25:11 -07:00
Raul Benencia
0fd83d13ae Fix intermediate CA creation on cryptography plugin 2020-07-23 13:58:32 -07:00
Hossein Shafagh
2317967802 lack of an empty config file was resulting into this error 
```
Traceback (most recent call last):
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
    self.acme.request_certificate(mock_acme, [], mock_order)
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
    current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
 2020-07-15 17:04:49 -07:00
Hossein Shafagh
d5ae45a0d0 Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore. 
https://letsencrypt.org/certificates/

Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html

This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
 2020-07-14 17:35:13 -07:00
Javier Ramos
aa11088944
Remove f from non-f string 2020-07-02 16:48:41 +02:00
csine-nflx
a7a309136f fixing whitespace and imports 2020-06-11 14:15:40 -07:00
csine-nflx
f834d10f9a moving ultradns tests to separate file 2020-06-11 14:04:17 -07:00
Hossein Shafagh
c3b36d697f clarification 2020-06-08 15:17:45 -07:00