Hossein Shafagh
30915d30be
Merge branch 'master' into log_update
2020-10-23 14:13:17 -07:00
Hossein Shafagh
01bd357b1c
Merge branch 'master' into sns
2020-10-23 11:38:35 -07:00
Hossein Shafagh
1495fb3595
now fixing the month to minute bug
2020-10-23 10:18:24 -07:00
Hossein Shafagh
bc6fb02fc2
fixing testing
2020-10-23 10:16:38 -07:00
Hossein Shafagh
e01863097b
fixing the time bug, sub-second to second, and month to minute!
2020-10-23 10:16:23 -07:00
Jasmine Schladen
a5cea4fb9a
Skip revoked certs when looking for certs to notify
2020-10-23 09:42:03 -07:00
Jasmine Schladen
233f9768e8
Fix error handling
2020-10-23 09:35:46 -07:00
Jasmine Schladen
98962ae5f5
Merge branch 'master' into sns
2020-10-23 08:50:26 -07:00
Hossein Shafagh
41ac43013d
Merge branch 'master' into notification-plugin-field-fix
2020-10-23 08:43:29 -07:00
Hossein Shafagh
2b274f723a
Merge branch 'master' into improved-logging
2020-10-23 07:59:30 -07:00
Jasmine Schladen
71df6b8560
Fix plugin field on notification edit
2020-10-22 18:15:26 -07:00
Hossein Shafagh
8610af8b83
more precise language
2020-10-22 17:54:46 -07:00
Hossein Shafagh
820106e333
Merge branch 'master' into expanding-S3-plugin
2020-10-22 17:35:20 -07:00
Hossein Shafagh
9ce0010bf1
handle_respone can also handle the no data response
2020-10-22 17:33:39 -07:00
Hossein Shafagh
cf87e178c8
making lint happy
2020-10-22 17:33:02 -07:00
Hossein Shafagh
97f80b79dc
adjusting digicert test to support seconds
2020-10-22 17:23:33 -07:00
Hossein Shafagh
9acd974b74
fixing the test to support seconds
2020-10-22 17:20:47 -07:00
Hossein Shafagh
ae1e9d120b
consistent messaging
2020-10-22 17:13:58 -07:00
Hossein Shafagh
2e7652962c
refactoring of the error handling
2020-10-22 17:11:02 -07:00
Hossein Shafagh
1c96ea9ab1
better messaging of exceptions
2020-10-22 17:10:32 -07:00
Hossein Shafagh
02c040865d
more meaningful message
2020-10-22 16:05:29 -07:00
Hossein Shafagh
8fa90a2ce5
digicert expects also seconds, though not yet honoring it
2020-10-22 16:01:09 -07:00
Hossein Shafagh
c60645bec4
improved logging for all responses
2020-10-22 16:00:26 -07:00
Hossein Shafagh
c2fe2b5e03
improved logging for all responses
2020-10-22 15:59:59 -07:00
Hossein Shafagh
03d1af16e7
better logging for exceptions around all plugins
2020-10-22 15:59:38 -07:00
Hossein Shafagh
2b876f22a5
Merge branch 'master' into log_update
2020-10-22 12:00:51 -07:00
Hossein Shafagh
2e7e3a82fa
Update cli.py
...
logging in exception
2020-10-22 11:57:54 -07:00
Hossein Shafagh
c40ecd12cb
improved naming
2020-10-22 10:58:16 -07:00
Hossein Shafagh
2cc03088cd
creating a celery task
2020-10-21 19:53:08 -07:00
Hossein Shafagh
a4dba0cb35
creating a cli to handle entrust deactivation
2020-10-21 19:52:51 -07:00
Hossein Shafagh
906b3b2337
better handling of status code
2020-10-21 19:52:25 -07:00
Hossein Shafagh
92eec5cc9c
revocation should only check for not expired and not revoked certs
2020-10-21 18:52:55 -07:00
Hossein Shafagh
adf8f37718
Merge branch 'master' into log_update
2020-10-21 16:03:46 -07:00
sayali
43483cb1c7
Check if present - Organization, State, Country
2020-10-21 15:44:53 -07:00
sayali
757e190b60
Check if OU and L is present in subject
...
fixing index out of range
2020-10-21 12:11:41 -07:00
9374adaa46
do not create db_upgrade.log during migrations
2020-10-21 11:17:54 +02:00
sayali
4997165235
Removing ECC 192 and 521 from UI
...
not CAB supported. Keeping 521 for authority
2020-10-20 17:59:50 -07:00
sayali
01dddd2a55
iterate over subject details
2020-10-20 17:17:28 -07:00
sayali
788703ce12
Fix cert reissue when L/OU is not set
...
get_certificate_primitives complains with None L/OU
2020-10-20 16:44:17 -07:00
Jasmine Schladen
1fc9cd2ff8
Merge branch 'master' into sns
2020-10-20 12:13:51 -07:00
Jasmine Schladen
4f552cb636
Code cleanup
2020-10-20 12:02:36 -07:00
Jasmine Schladen
d6075ebc11
Merge
2020-10-20 11:48:54 -07:00
sayali
855baadfee
Show only few supported ECC algorithms on UI
2020-10-19 17:42:52 -07:00
Jasmine Schladen
669a4273c2
Merge branch 'master' of github.com:jtschladen/lemur into sns
2020-10-19 16:29:33 -07:00
Jasmine Schladen
b5f0fc5a19
Fix syntax error
2020-10-19 15:21:34 -07:00
Jasmine Schladen
ecd4d6ebe3
Change string formatting pattern
2020-10-19 15:12:48 -07:00
Hossein Shafagh
af3afe36e1
Merge branch 'master' into expanding-S3-plugin
2020-10-19 14:23:01 -07:00
Jasmine Schladen
e90b08b363
Correct typo and enable Slack notification test
2020-10-16 17:08:44 -07:00
Jasmine Schladen
6a1889787d
Correct log attributes
2020-10-16 16:30:21 -07:00
Jasmine Schladen
2c92fc6eb9
Merge branch 'notification-fixes' of github.com:jtschladen/lemur into notification-fixes
2020-10-16 16:22:28 -07:00
Jasmine Schladen
072b337f37
Restructure log messages
2020-10-16 16:21:43 -07:00
Jasmine Schladen
fe5d75c7f8
Merge branch 'master' into notification-fixes
2020-10-16 15:20:42 -07:00
Jasmine Schladen
60bb0037f0
Miscellaneous notification fixes and tests
2020-10-16 15:13:12 -07:00
Hossein Shafagh
dbdfa9eab8
Merge branch 'master' into expanding-S3-plugin
2020-10-16 11:35:38 -07:00
Jasmine Schladen
a04cce6044
Initial implementation
2020-10-16 10:40:11 -07:00
Hossein Shafagh
503530e935
the test requires region param for sts
2020-10-16 10:32:10 -07:00
Hossein Shafagh
11ce540246
formatting
2020-10-16 10:31:19 -07:00
Hossein Shafagh
9c04a888d8
adjusting the S3 test
2020-10-16 09:52:04 -07:00
Hossein Shafagh
17e528b5dd
adding testing for acme_upload method
2020-10-16 09:50:35 -07:00
Hossein Shafagh
d705e3ae3b
expanding the S3 destination plugin to support the acme token upload inteface
2020-10-16 09:49:56 -07:00
Hossein Shafagh
7d8eb1c61e
improving test
2020-10-16 09:49:26 -07:00
Hossein Shafagh
6aad37e1f9
cleaning up code
2020-10-16 09:49:00 -07:00
Hossein Shafagh
d73db59d23
revsering removing region
2020-10-16 09:48:47 -07:00
Hossein Shafagh
ab91d58a03
Merge branch 'master' into cab_compliant
2020-10-16 08:33:04 -07:00
Mathias Petermann
55658c5f23
Add double % for escaped SQLALCHEMY_DATABASE_URI
2020-10-16 10:43:52 +02:00
Hossein Shafagh
bfe89e131e
adding delete and put interfaces for the S3 plugin
2020-10-15 18:13:50 -07:00
sayali
9dc476f393
Use cab_compliant option instead of authority name list
2020-10-15 10:44:46 -07:00
sayali
f38380d156
Check if option is present
2020-10-14 17:38:32 -07:00
sayali
4d5e712e85
Remove option reset from test
2020-10-14 15:40:23 -07:00
sayali
ee1d07000a
Test subject details in reissue with cab_compliant option
2020-10-14 14:49:53 -07:00
sayali
90839b4d4b
Unit test for cab_compliant = true
2020-10-14 14:49:53 -07:00
sayali
62d099b500
Unit tests to check cab_compliant option
2020-10-14 12:41:56 -07:00
Hossein Shafagh
409e12a9d6
Update models.py
...
lint
2020-10-14 10:03:44 -07:00
Hossein Shafagh
894e35b4e2
Update schemas.py
...
minor language
2020-10-14 09:48:40 -07:00
Hossein Shafagh
97cf54433b
Update models.py
...
language
2020-10-14 09:45:13 -07:00
sayali
82dd663942
Moving default key_type to getDefaults
2020-10-13 19:40:32 -07:00
sayali
28381737dc
Removed OU from digicert plugin
2020-10-13 19:40:15 -07:00
sayali
b677e6e325
Copy subject details for non-CAB-compliant authorities
2020-10-13 19:40:01 -07:00
Hossein Shafagh
5db1d31668
Merge branch 'master' into removing-outdated-language
2020-10-12 10:22:53 -07:00
Mathias Petermann
817fc3f0fe
Merge branch 'master' into feature/store-acme-account-details
2020-10-11 14:37:31 +02:00
Hossein Shafagh
4c7b429001
Merge branch 'master' into ui_changes
2020-10-09 18:05:33 -07:00
Hossein Shafagh
770339f94c
cleaning up outdated phrases
2020-10-09 18:04:16 -07:00
sayali
fb4df8865b
Formatting changes and typo
2020-10-09 17:58:03 -07:00
Hossein Shafagh
0fc050e17b
Merge branch 'master' into dymanic-digicert-ICAs
2020-10-09 17:53:54 -07:00
Hossein Shafagh
475833e8e1
Merge branch 'master' into ui_changes
2020-10-09 17:53:43 -07:00
Hossein Shafagh
198e20ce4f
Merge branch 'master' into dymanic-digicert-ICAs
2020-10-09 17:49:33 -07:00
Hossein Shafagh
d4819440af
Merge branch 'master' into entrust-plugin
2020-10-09 17:47:01 -07:00
sayali
d52e0d4e09
Certificate edit: update role and notification with owner change
2020-10-09 16:55:30 -07:00
Hossein Shafagh
42e9b8b627
removing the intermediary from being optional
2020-10-09 15:40:25 -07:00
sirferl
e67fc09bc8
Merge branch 'entrust-plugin' of github.com:sirferl/lemur into entrust-plugin
2020-10-09 12:11:41 +02:00
sirferl
5a968ffe63
Lint errors
2020-10-09 12:05:57 +02:00
sirferl
cc02a0adb0
Merge branch 'master' into entrust-plugin
2020-10-09 11:56:47 +02:00
sirferl
d43e240a2a
dded ELIF at determine_end_date, becuase of error.
2020-10-09 11:41:44 +02:00
sirferl
a6a4f458e0
added Tests and removed problems in test-setup
2020-10-09 11:35:04 +02:00
sayali
d5ce38bf71
lint error fix - remove whitespace
2020-10-08 12:50:30 -07:00
sayali
8928e04385
Fix disable notify
2020-10-08 11:38:52 -07:00
Hossein Shafagh
1a270cd315
switching from static DigiCert ICAs to dynamic ones to support:
...
https://knowledge.digicert.com/alerts/DigiCert-ICA-Update.html
2020-10-07 20:06:20 -07:00
Hossein Shafagh
4f696abb5d
adding util method to convert PKCS7 to pem
2020-10-07 20:03:46 -07:00
sayali
b7d0e62844
Make location optional
...
Remove form validation and default value in input schema
2020-10-07 13:31:23 -07:00
Mathias Petermann
57534d86cd
Disable account saving by default
2020-10-07 12:28:22 +02:00
Mathias Petermann
8353396940
Improve tests
2020-10-07 12:28:22 +02:00
Mathias Petermann
9abd3e97e7
Add test loading acme account from authority
2020-10-07 12:28:22 +02:00
Mathias Petermann
bf66de0bfd
Add Test for saving the accound details
2020-10-07 12:28:22 +02:00
Mathias Petermann
e0708410d0
Add store_account value to options in test_setup_acme_client_success
2020-10-07 12:28:22 +02:00
Mathias Petermann
7e6fb740b3
Fix flake8/linting errors
2020-10-07 12:28:22 +02:00
Mathias Petermann
eed628dbab
Implement storage of acme account
2020-10-07 12:28:22 +02:00
Mathias Petermann
898b5da661
Add store_account option to acme plugin
2020-10-07 12:28:22 +02:00
Mathias Petermann
e64e2a41d5
Add update_options to authorities service
2020-10-07 12:28:22 +02:00
sayali
c72661a87f
Removing hardcoded name
2020-10-06 18:50:37 -07:00
sayali
6b96aefa21
Authority create: Email added to subject DN for cloudCA
2020-10-06 18:35:28 -07:00
sayali
ea513f465f
Remove bit length check from last query
2020-09-29 16:33:10 -07:00
sayali
b9100dbf29
Merge branch 'master' of github.com:Netflix/lemur into key_type_column
2020-09-29 10:25:54 -07:00
Mathias Petermann
d7fc84f6e9
Fix dns-providers type missing from schema
2020-09-29 14:36:31 +02:00
sayali
aaff0f7581
Fixing UT for key_type on upload schema
2020-09-28 19:03:21 -07:00
sayali
7a226241db
Add key_type to CertificateUploadInputSchema
...
Parse cert body to determine algo
2020-09-28 18:13:00 -07:00
Hossein Shafagh
96eada297f
lint
2020-09-28 14:40:56 -07:00
Hossein Shafagh
0fa136e7a4
Merge branch 'master' into remove-test-secrets
2020-09-25 17:19:39 -07:00
Hossein Shafagh
8f1c966079
Merge branch 'master' into remove-test-secrets
2020-09-25 12:48:28 -07:00
Hossein Shafagh
d49edd886b
language
2020-09-25 12:32:33 -07:00
Hossein Shafagh
e871c5eb18
Update conf.py
2020-09-25 12:30:37 -07:00
sayali
57457bfe78
Merge branch 'master' of github.com:Netflix/lemur into key_type_column
2020-09-23 15:23:45 -07:00
sayali
cd13832377
Use key_type column for cert get/rotate/reissue/display
...
Added unit tests
2020-09-23 15:16:19 -07:00
Hossein Shafagh
4e4a7e9cab
Merge branch 'master' into entrust-revised
2020-09-23 13:33:24 -07:00
Hossein Shafagh
e5961146b9
session hook complains about metadata
...
+ consistent language.
2020-09-23 14:22:58 -06:00
sayali
12af0ecb45
UT get_key_type_from_certificate
2020-09-23 11:46:38 -07:00
sayali
710290f590
Formatting changes
2020-09-23 11:45:36 -07:00
Hossein Shafagh
19b693f636
Update c301c59688d2_.py
...
language
2020-09-23 10:21:23 -07:00
Hossein Shafagh
e3fa072608
Update c301c59688d2_.py
...
language
2020-09-23 10:17:30 -07:00
sayali
921e8d8236
Add error message to the logs
2020-09-22 18:46:15 -07:00
sayali
9211178e77
Added date-time and modified log file name
2020-09-22 18:31:38 -07:00
sayali
8de9842092
Backfill the key_type column: DB Upgrade
2020-09-22 18:22:45 -07:00
Hossein Shafagh
1632b4b078
making lint happy, running make test-python doesn't run lint
2020-09-18 21:58:53 -07:00
Hossein Shafagh
21e9a4508d
TypeError: 'float' object cannot be interpreted as an integer
2020-09-18 17:42:28 -07:00
Hossein Shafagh
c892cd5ae1
removing anything that remotely looks like a secret in code to set a good example
2020-09-18 17:38:52 -07:00
Hossein Shafagh
cc855e2758
modern python style
2020-09-18 17:16:07 -07:00
Hossein Shafagh
edab32d9a1
setting the required entrust configs
2020-09-18 17:03:22 -07:00
Hossein Shafagh
416f39222a
testing
2020-09-18 17:02:19 -07:00
Hossein Shafagh
fae3793255
entrrust plugin revised
2020-09-18 11:09:32 -07:00
sayali
51549ae795
Adding comment for the property to be removed
2020-09-15 17:37:58 -07:00
sayali
d8cca855e8
Merge branch 'master' of github.com:Netflix/lemur into key_type_column
2020-09-15 15:16:13 -07:00
sayali
5ae65c2c4d
Remove unused import
2020-09-15 14:55:04 -07:00
sayali
676562ffde
Match column type to db schema
...
No functional change
2020-09-14 18:13:35 -07:00
sayali
02d711282d
New column key_type
...
commenting conflicting property for now
2020-09-14 18:12:33 -07:00
sirferl
02c7a5ca7c
another round of lint errors
2020-09-14 16:34:56 +02:00
sirferl
e011cc9251
added several enhancements following advice from peer
2020-09-14 16:24:53 +02:00
sirferl
9778eb7b25
fixed lint errors
2020-09-14 15:56:02 +02:00
sirferl
5bb0143da4
lint errors and removed _path from the API-Cert variables
2020-09-14 15:42:36 +02:00
sirferl
84496b0f55
fixed a few problems
2020-09-14 15:18:46 +02:00
sirferl
b8e3162c5f
added revoke functionality
2020-09-14 14:20:11 +02:00
sirferl
b337b27146
added response handler
2020-09-14 12:23:58 +02:00
sirferl
01678a714f
added required vars check
2020-09-14 09:50:55 +02:00
Hossein Shafagh
8adca442e1
Merge branch 'master' into entrust-plugin
2020-09-11 17:11:57 -07:00
sayali
09a2a8fc76
Log message change
...
PR comments
2020-09-11 15:53:34 -07:00
Hossein Shafagh
806aeddd87
Merge branch 'master' into validity
2020-09-11 10:09:01 -07:00
Hossein Shafagh
6e588f9c7b
Merge branch 'master' into validity
2020-09-11 09:06:11 -07:00
sirferl
1c9c377751
Lint errors
2020-09-11 12:31:15 +02:00
sirferl
fd52438d61
yet lint errors
2020-09-11 12:30:53 +02:00
sirferl
de9ad82011
Fixed Lint complaints
2020-09-11 12:24:33 +02:00
sirferl
a99a84b0b2
entrust plugin inital edit
2020-09-10 16:04:31 +02:00
sirferl
f47f108f43
ientrust plgin - first version
2020-09-10 16:03:29 +02:00
Hossein Shafagh
a7be8b6dce
adding support for different types of CSR encodings
2020-09-09 19:54:53 -07:00
Hossein Shafagh
4923157dc2
expanding key_type to with EC support
2020-09-09 19:54:20 -07:00
Hossein Shafagh
aff7ad7ea2
testing
2020-09-09 19:53:59 -07:00
Hossein Shafagh
60fd2134ca
removing duplicate curves, and marking them in existing mapping
2020-09-09 19:53:35 -07:00
Hossein Shafagh
5ab9626cbd
overwriting cn and key_type values from CSR, as they take precedence
2020-09-09 19:52:59 -07:00
Hossein Shafagh
6fa15c4cb3
methods to extract cn and key_type from csr
2020-09-09 19:48:21 -07:00
Hossein Shafagh
de0c38e9ba
mapping of curve name to key_type
2020-09-09 19:47:51 -07:00
sayali
8ad4448c85
Match date format for comparison + expected new lines
2020-09-01 12:44:49 -07:00
sayali
db4f68f0ed
Logs during cert validity truncate for digicert
2020-08-31 18:20:32 -07:00
sayali
9c4fb85dc3
Calculate dates from defaultDays in js
2020-08-31 18:19:32 -07:00
Hossein Shafagh
d478def98c
removing the custom key Type and doing the conversion in the backend
2020-08-31 16:35:47 -07:00
Hossein Shafagh
9a7a632489
using a standard curve for testing
2020-08-28 09:48:35 -07:00
Hossein Shafagh
9671b34485
adding support for all type of ECC curves which existing CA plugins might support
2020-08-27 14:15:14 -07:00
sayali
1fc2e29ab8
Remove 397 days validation as it causes error in API calls
...
More to come in future
2020-08-27 14:15:14 -07:00
sirferl
ab4cda2298
Extended ADCS_TEMPLATE_ Variable
...
If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
2020-08-27 14:15:14 -07:00
sayali
7a9500eee0
Lint error fix
2020-08-27 14:15:14 -07:00
sayali
5ed109e998
Max end date as per start date + default validity 3 years
2020-08-27 14:15:14 -07:00
sayali
7011a4df8b
max date on UI as per max validity configs
2020-08-27 14:15:14 -07:00
sayali
4d7c6844e5
Make Organizational Unit optional
2020-08-27 14:15:14 -07:00
sayali
2645c4a82d
mention 397 for digicert plugin
2020-08-27 14:15:14 -07:00
sayali
3cb386cc0f
maximum 1 year validity for digicert
2020-08-27 14:15:14 -07:00
sayali
e06dea106f
Modify unit test test_determine_end_date to match new config
2020-08-27 14:15:14 -07:00
sayali
d7d483fa9b
Renaming PUBLIC_CA to PUBLIC_CA_AUTHORITY_NAMES
2020-08-27 14:15:14 -07:00
sayali
25125f3257
Cert validity should not exceed 397 days for publicly trusted issuers
2020-08-27 14:15:14 -07:00
sayali
404d213e8f
Modified cert description to have cert id being cloned
2020-08-27 14:15:14 -07:00
sayali
e75e472a1a
Do not inherit replacement info during cert clone
2020-08-27 14:15:14 -07:00
sayali
69b64c63ea
Honor selected algorithm during certificate cloning
2020-08-27 14:15:14 -07:00
Hossein Shafagh
f4bcd1cf30
lack of an empty config file was resulting into this error
...
```
Traceback (most recent call last):
File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
self.acme.request_certificate(mock_acme, [], mock_order)
File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
2020-08-27 14:15:14 -07:00
Hossein Shafagh
5a6e4e5b43
Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore.
...
https://letsencrypt.org/certificates/
Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
2020-08-27 14:15:14 -07:00
Hossein Shafagh
c169ad291e
adding the correct signing algorithm, and a missing key Type
2020-08-27 13:29:56 -07:00
sayali
3242fc1e13
Validity with radio buttons
2020-08-26 19:30:12 -07:00
sayali
6aedd3b0d8
Datepicker enhancements
2020-08-25 18:40:36 -07:00
sayali
3efe14c43f
Remove 397 days validation as it causes error in API calls
...
More to come in future
2020-08-25 16:26:20 -07:00
sirferl
4f148f3bc3
Merge branch 'master' into master
2020-08-20 11:33:18 +02:00
sirferl
1b73b1d080
Merge branch 'master' into master
2020-08-19 12:29:02 +02:00
sirferl
c2116df652
Extended ADCS_TEMPLATE_ Variable
...
If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
2020-08-19 12:25:52 +02:00
sayali
5b96b3a032
Lint error fix
2020-08-18 20:03:15 -07:00
sayali
240f0b99c8
Max end date as per start date + default validity 3 years
2020-08-18 19:34:59 -07:00
sayali
bc5579e9bf
max date on UI as per max validity configs
2020-08-18 14:50:42 -07:00
sayali
5b3f40467b
Make Organizational Unit optional
2020-08-18 14:50:42 -07:00
sayali
6ff8910f87
mention 397 for digicert plugin
2020-08-11 18:53:19 -07:00
sayali
d7ca1570be
maximum 1 year validity for digicert
2020-08-11 18:02:42 -07:00
sayali
bde2829e72
Modify unit test test_determine_end_date to match new config
2020-08-11 17:10:29 -07:00
sayali
18a3514974
Renaming PUBLIC_CA to PUBLIC_CA_AUTHORITY_NAMES
2020-08-10 18:06:45 -07:00
sayali
7a83799bcd
Cert validity should not exceed 397 days for publicly trusted issuers
2020-08-10 17:30:34 -07:00
Hossein Shafagh
9bcfcebb3a
Merge branch 'master' into bootswatch-fix
2020-08-04 14:09:33 -07:00
sayali
817a4c3d90
Modified cert description to have cert id being cloned
2020-08-03 19:24:06 -07:00
sayali
c3d8501401
Do not inherit replacement info during cert clone
2020-08-03 19:23:24 -07:00
sayali
c15a2c62d1
Honor selected algorithm during certificate cloning
2020-08-03 19:22:13 -07:00
Hossein Shafagh
3c1d6998fb
Merge branch 'master' into pinning-to-cross-signed-LE-ICA
2020-07-24 10:25:11 -07:00
Raul Benencia
0fd83d13ae
Fix intermediate CA creation on cryptography plugin
2020-07-23 13:58:32 -07:00
Hossein Shafagh
2317967802
lack of an empty config file was resulting into this error
...
```
Traceback (most recent call last):
File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
self.acme.request_certificate(mock_acme, [], mock_order)
File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
2020-07-15 17:04:49 -07:00
Hossein Shafagh
d5ae45a0d0
Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore.
...
https://letsencrypt.org/certificates/
Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
2020-07-14 17:35:13 -07:00
Hossein Shafagh
e0c2f4274e
Merge branch 'master' into patch-1
2020-07-02 10:16:02 -07:00
Javier Ramos
aa11088944
Remove f from non-f string
2020-07-02 16:48:41 +02:00
Javier Ramos
1f598e3752
Fix unmatched field in Authorization
...
The field in the formatted string was not matching the args
2020-07-02 16:41:19 +02:00
Javier Ramos
7a5a5531cc
Raise ValidationError if CSR contains invalid CN
...
If we supply a CSR that contains an empty field in the Subject, Lemur will crash with an error 500 as the ValueError exception is not captured. This change captures the exception and raises a ValidationError which in this case is a 400 sent back to client. Example to reproduce:
Subject: C=ZZ, ST=Something, L=, O=My_Org, OU=My_Dept, CN=www.booking.com
The empty L= causes a ValueError which needs to be captured.
2020-07-01 15:44:06 +02:00
Hossein Shafagh
4985744bd8
fixing UnboundLocalError bug
2020-06-11 16:47:37 -07:00
csine-nflx
a7a309136f
fixing whitespace and imports
2020-06-11 14:15:40 -07:00
csine-nflx
f834d10f9a
moving ultradns tests to separate file
2020-06-11 14:04:17 -07:00
Hossein Shafagh
c40d297735
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-06-09 14:20:31 -07:00
Hossein Shafagh
fd3ea2cf46
Merge branch 'master' into json-logging-rotate
2020-06-09 10:58:53 -07:00
Hossein Shafagh
099ebee409
Merge branch 'master' into check-revoke-revised
2020-06-09 10:47:24 -07:00
Hossein Shafagh
62469e518f
Merge branch 'master' into json-logging-rotate
2020-06-09 10:45:57 -07:00
Hossein Shafagh
c3b36d697f
clarification
2020-06-08 15:17:45 -07:00
Hossein Shafagh
5215a71a6d
Merge branch 'master' into check-revoke-revised
2020-06-04 15:51:48 -07:00
Hossein Shafagh
704e61dd53
Merge branch 'master' into json-logging-rotate
2020-06-04 15:51:24 -07:00
Hossein Shafagh
e06c3ea192
Merge branch 'master' into improve-expiry-email
2020-06-04 15:51:17 -07:00
alwaysjolley
1bcc9d5d0d
allowing for _ in domains
2020-06-03 13:20:23 -04:00
alwaysjolley
1b8507636b
fixing quotes, no escape characters in tests, fixed anchors
2020-06-03 12:49:55 -04:00
alwaysjolley
3ce7cd6c50
fixing escaped string on domain test
2020-06-03 11:34:14 -04:00
alwaysjolley
8658ac531e
fixing unittests and allowing for single character domains
2020-06-03 08:08:49 -04:00
alwaysjolley
2a1751ec30
fixing domain validation to account for 2-63 character length and correct character set
2020-06-03 04:56:38 -04:00
Hossein Shafagh
50091cca1d
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-05-27 15:29:47 -07:00
Hossein Shafagh
d8948a12d3
Merge branch 'master' into check-revoke-revised
2020-05-27 15:29:19 -07:00
Hossein Shafagh
86c3771044
Merge branch 'master' into json-logging-rotate
2020-05-27 15:28:48 -07:00
Hossein Shafagh
904bc9d8b6
Merge branch 'master' into improve-expiry-email
2020-05-27 15:28:41 -07:00
Hossein Shafagh
d95f02d234
Merge branch 'master' into master
2020-05-27 14:25:07 -07:00
Hossein Shafagh
8861cc70cb
rewordin
2020-05-26 17:12:47 -07:00
Hossein Shafagh
34e3f7c049
improved messaging
2020-05-26 16:38:12 -07:00
Hossein Shafagh
4eeab91d73
making lint happy
2020-05-22 18:36:39 -07:00
Hossein Shafagh
10dfedee36
making lint happy
2020-05-22 18:33:43 -07:00
Hossein Shafagh
86310ff02d
Merge branch 'master' into check-revoke-revised
2020-05-22 18:25:00 -07:00
Hossein Shafagh
87a53557cd
Merge branch 'master' into json-logging-rotate
2020-05-22 18:24:53 -07:00
Hossein Shafagh
8f16688b0a
Merge branch 'master' into check-revoke-revised
2020-05-22 17:45:50 -07:00
Hossein Shafagh
49a8b80df2
better exception handling when OCSP or CRL or not implemented
2020-05-22 17:36:34 -07:00
Hossein Shafagh
c9767b3172
adding logging for revoked certs
2020-05-22 17:32:44 -07:00
Hossein Shafagh
49c4a9c3b2
making the revocation to be scoped based on the authority plugin name
2020-05-22 17:29:30 -07:00
Hossein Shafagh
4923bbf8a7
adding json formatted logging
2020-05-22 16:22:12 -07:00
Hossein Shafagh
09016fd2ee
cleaning up the code after more local testing
2020-05-22 16:04:39 -07:00
e11it
f83e3f764e
always assign csr_sans to name
2020-05-22 21:52:43 +03:00
Hossein Shafagh
97145b6dee
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-05-22 10:29:28 -07:00
Hossein Shafagh
cc4fc66c93
Merge branch 'master' into master
2020-05-22 09:57:46 -07:00
Hossein Shafagh
748268ecd5
Merge branch 'master' into cert-rotation-region-by-region
2020-05-22 09:57:06 -07:00
Hossein Shafagh
2582086d39
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-05-21 15:39:58 -07:00
Hossein Shafagh
fd444403bb
improved logging.
...
- adding destination name, fixing broken metric.
2020-05-21 15:32:38 -07:00
Hossein Shafagh
70985f4ff5
revised system arch
2020-05-14 22:37:30 -07:00
Hossein Shafagh
cdd9137f4e
Merge branch 'master' into cert-rotation-region-by-region
2020-05-08 15:32:49 -07:00
Hossein Shafagh
529ee04ae7
removing duplicate line
2020-05-08 09:16:46 -07:00
Hossein Shafagh
f68900d2b3
improving logging and the possibility of defining which Authorities qualify for auto-rotation
2020-05-07 18:28:01 -07:00
Hossein Shafagh
843ffad60e
removing testing comments
2020-05-07 17:10:50 -07:00
Hossein Shafagh
1b6907a404
Certificate rotation region by region
...
example scheudule:
CELERYBEAT_SCHEDULE = {
'certificate_rotate': {
'task': 'lemur.common.celery.certificate_rotate',
'options': {
'expires': 180
},
'schedule': crontab(minute="*"),
'kwargs': {'region': 'us-east-1'}
}
}
2020-05-07 16:28:01 -07:00
Curtis Castrapel
7e97d885df
Address comments
2020-04-28 13:16:27 -07:00
Curtis Castrapel
863af7a3e5
Making CLI command ; Running black
2020-04-28 12:16:46 -07:00
Curtis Castrapel
273c3e2793
Celery task to enable autorotate for all certificates attached to endpoints without it enabled
2020-04-28 11:52:43 -07:00
Hossein Shafagh
8d0007b9c0
fixing the private DNS zone issue.
...
Private hosted zones will never be visible to third-parties like LetsEncrypt, and Lemur should not consider them as authoritative zones.
This fix, make sure they are not added to the dns_provider table.
2020-04-24 15:48:06 -07:00
csine-nflx
cee81bd693
updated requirements, fixed unittests, pytest, and distinguidedName ordering
2020-04-09 18:17:05 -07:00
Curtis
213b13d3c9
Merge branch 'master' into enhanced_error_loggin
2020-04-08 14:56:51 -04:00
Curtis
2c8dc24fda
Merge branch 'master' into enhanced_error_loggin
2020-04-08 14:51:06 -04:00
Curtis Castrapel
1360d846fd
Improve error logging for a couple of use cases
2020-04-08 11:50:42 -07:00
Hossein Shafagh
3b3cec6f8b
Merge branch 'master' into oauth2
2020-04-08 10:12:04 -07:00
Hossein Shafagh
eaeec5d757
Merge branch 'master' into imporved-metrics-sources
2020-04-08 09:23:27 -07:00
Curtis Castrapel
11b15e7e23
Clean up docstrings
2020-04-08 08:41:48 -07:00
Curtis Castrapel
eb138fc960
Add default celery metrics and logging using celery signals
2020-04-08 08:38:40 -07:00
Hossein Shafagh
45c98a21b3
Merge branch 'master' into imporved-metrics-sources
2020-04-06 16:02:25 -07:00
csine-nflx
46e0d1953b
Merge branch 'master' of github.com:Netflix/lemur into powerdnsplugin_02
2020-04-05 21:47:24 -07:00
csine-nflx
f82ec24dfa
updating _get_txt_records return values and docstrings
2020-04-05 21:46:33 -07:00
David Stipp
5c2a2f8ff2
OAUTH2 fixes
...
* Use OAUTH2 variable instead of PING while using OAUTH
* Some IDPs require a POST instead of a GET to user data
2020-04-04 11:32:23 -04:00
Hossein Shafagh
5add647148
# emitting the count of certificates on the source
2020-04-03 16:51:24 -07:00
Curtis
efb7a33d3e
Merge branch 'master' into castrapel-patch-3
2020-04-01 14:03:17 -04:00
Curtis
b4025e6820
Merge branch 'master' into castrapel-patch-3
2020-04-01 13:55:14 -04:00
Curtis
9a939e8281
Merge branch 'master' into castrapel-patch-2
2020-04-01 13:54:39 -04:00
Curtis
d825616ea6
No need to retry 25 times on DeleteConflict errors
2020-04-01 10:53:17 -07:00
Curtis
e25f97fce7
Bump time limit for clean_source Celery job
...
For larger accounts, I've hit SoftTimeLimit exceptions before completion of this celery job. Bumping up the time limit on this job.
2020-04-01 10:50:24 -07:00
Curtis
67d24caef5
Remove equivalent destinations when cleaning certificates
...
Remove equivalent destinations when cleaning certificates. This will prevent Lemur from attempting to re-upload a certificate after it has been cleaned.
2020-04-01 10:31:12 -07:00
csine-nflx
6f3ba23fa0
updating sinlge line of comments
2020-03-30 13:34:24 -07:00
csine-nflx
9d9bf9d7ba
Merge branch 'powerdnsplugin_02' of github.com:Netflix/lemur into powerdnsplugin_02
2020-03-30 09:02:56 -07:00
csine-nflx
d6cc8a8a9a
fixing whitespace
2020-03-30 09:01:28 -07:00
Hossein Shafagh
66183e6bdd
Merge branch 'master' into powerdnsplugin_02
2020-03-27 10:45:15 -07:00
Chad S
2b7e60399c
Merge branch 'master' into powerdnsplugin_02
2020-03-27 10:27:33 -07:00
csine-nflx
0e314d0028
adding documentation and final cleanup
2020-03-27 10:18:38 -07:00
csine-nflx
0149f8b0d3
add support for wildcard and naked domains to PowerDNS module
2020-03-26 22:15:10 -07:00
Hossein Shafagh
2a2499a929
simplifying code
2020-03-26 20:45:00 -07:00
Hossein Shafagh
5206997468
expired is now called for new certs, where the not_after field might be in datetime format, and not comparable to utc
2020-03-26 19:01:07 -07:00
Hossein Shafagh
88c40aa93c
Merge branch 'master' into master
2020-03-23 20:31:16 -07:00
Hossein Shafagh
697215f8bc
better handling of destination plugin errors, and also checking cert expiration before upload
2020-03-21 20:05:35 -07:00
Ilya Makarov
7bd5173da4
Merge with Netflix/lemur master
2020-03-20 20:52:33 +03:00
Hossein Shafagh
1d4da0e3d8
another polish
2020-03-17 16:59:09 -07:00
Hossein Shafagh
ecca003ab4
improving the documentation and method naming
2020-03-17 16:55:36 -07:00
csine-nflx
9de89ec96a
Merge branch 'master' into new_clean_cert_cli
2020-03-17 13:38:32 -07:00
csine-nflx
07dc31bed7
cleaning up whitespace changes
2020-03-16 11:41:05 -07:00
csine-nflx
1a19e250bb
updating and cleaning up tests
2020-03-16 11:24:17 -07:00
Hossein Shafagh
34d23503de
fixing the data bug
2020-03-14 20:41:03 -07:00
Hossein Shafagh
b28b4f9a28
adding to new cli commands for cleaning certificates from source:
...
a) either about to expire in X days and not attached to an endpoint
a) or issued since X days but still not attached to an endpoint
2020-03-14 20:19:26 -07:00
Hossein Shafagh
c96695c966
refactor
2020-03-14 20:18:07 -07:00
Hossein Shafagh
593c35776c
adding new methods for getting pending clean
2020-03-14 20:17:05 -07:00
csine-nflx
921d52b360
fixing get_dns_challenge() logic so duplicate domains (such as wildcard and not wildcard) do not match the wrong authorziations
2020-03-13 00:03:31 -07:00
Ilya Makarov
be722fb1b3
Fix lint
2020-03-11 20:51:10 +03:00
Ilya Makarov
92a8942727
Fix lint
2020-03-11 15:37:11 +03:00
Ilya Makarov
a6c3b85fe1
Fix lint
2020-03-11 15:15:56 +03:00
Ilya Makarov
ba8e315eed
Fix typo
2020-03-11 14:22:04 +03:00
Ilya Makarov
729ed3843d
Fix bug wth get_options and slash in name
2020-03-11 14:16:29 +03:00
Ilya Makarov
d3cb0b517a
Add format support
2020-03-11 02:27:31 +03:00
Ilya Makarov
ad86cf1fd9
Merge remote-tracking branch 'upstream/master'
2020-03-11 00:29:07 +03:00
csine-nflx
e1e7efc96e
Merge branch 'master' into powerdnsplugin_01
2020-03-05 15:25:40 -08:00
csine-nflx
771e72187a
updates based on feedback
2020-03-05 15:24:56 -08:00
csine-nflx
5dfb6acb17
adding support for ACME_POWERDNS_VERIFY option to support CA Bundles and disabling Server validation
2020-03-05 14:59:21 -08:00
csine-nflx
c0004e506e
removing 2 year option from Lemur certificate request form
2020-03-04 14:50:44 -08:00
Hossein Shafagh
4a4b3b932e
Merge branch 'master' into master
2020-03-04 10:32:10 -08:00
csine-nflx
1e81d47793
Merge branch 'renewal_validity_01' of github.com:Netflix/lemur into renewal_validity_01
2020-03-03 17:28:58 -08:00
csine-nflx
fdc1e20c23
updating config_mock defaults
2020-03-03 17:27:15 -08:00
csine-nflx
38b7d6e5e3
Merge branch 'master' into renewal_validity_01
2020-03-03 14:44:33 -08:00
csine-nflx
6c46481ffd
simplifying return statement for validity years
2020-03-03 14:40:50 -08:00
csine-nflx
318292704d
fixing default/max DigiCert validity values
2020-03-03 14:29:17 -08:00
e11it
27a86f5c18
Fix: San values #2921
...
Not sure is it correct solution
2020-03-03 21:45:33 +03:00
e11it
fe67ff2146
Update plugin.py
...
Fix lint
2020-03-02 09:18:02 +03:00
Ilya Makarov
a8c0adaa4d
Merge remote-tracking branch 'upstream/master'
2020-02-27 17:08:35 +03:00
Ilya Makarov
9612d291ed
Add path suffix options
2020-02-18 19:16:27 +03:00
Hossein Shafagh
2ee60bcdb6
Merge branch 'master' into le_Log_orderurl
2020-02-17 10:30:58 -08:00
sirferl
e75df1ddc9
Update plugin.py
2020-02-17 19:04:20 +01:00
Hossein Shafagh
d29edabefe
Merge branch 'master' into le_Log_orderurl
2020-02-17 09:24:51 -08:00
sirferl
ed3472d029
Update plugin.py
2020-02-17 15:21:29 +01:00
sirferl
3fd0d3e141
Added VERISIGN_INTERMEDIATE_<authority> parameter
...
When using the VERISIGN_PRODUCT_<authority> Parameter one also has to add this parameter:
VERISIGN_INTERMEDIATE_<authority> = """ <PEM-String of Issuing CA for this certificate Type>"""
While doing this, I also added code, so the external_id field is filled with data from CA-Answer
2020-02-17 12:40:36 +01:00
sirferl
1815c89970
Made the change more elegant
...
As suggested by @hosseinsh. This is of course more elegant.
2020-02-16 09:28:52 +01:00
sirferl
a70a49e4e9
Update plugin.py
2020-02-15 16:11:58 +01:00
sirferl
3693bc2d8b
removed whitespaces inserted by online editor
2020-02-15 16:09:25 +01:00
sirferl
bfa953270d
Fixed whitespace error
2020-02-15 16:04:44 +01:00
sirferl
fabcad1e46
New variable VERISIGN_PRODUCT_(authority.name)
...
If there is a config variable with VERISIGN_PRODUCT_<upper(authority.name)> take the value as Cert product-type
else default to "Server", to be compatoible with former versions.
This enables the use of different Verisign authorities for differnt cert-products eg. EV or Standard Certs
2020-02-15 15:52:24 +01:00
csine-nflx
a8e8924e2a
Merge branch 'master' into le_Log_orderurl
2020-02-14 17:10:38 -08:00
sirferl
8e3cc93d6a
Whitespaces in empty line 113 removed
2020-02-14 07:50:18 +01:00
csine-nflx
b521aaf579
Merge branch 'master' into le_Log_orderurl
2020-02-13 16:41:14 -08:00
csine-nflx
af21225918
adding logging on sucess and metric submission of URL for certificate issuance
2020-02-13 16:38:33 -08:00
Hossein Shafagh
a449cc2b15
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-13 16:05:46 -08:00
Hossein Shafagh
2b849a6520
Update plugin.py
...
making lint happy
2020-02-13 15:58:07 -08:00
Hossein Shafagh
9db1ea3307
Merge branch 'master' into master
2020-02-13 12:47:06 -08:00
sirferl
571c8bf42d
Error when validity_end date is empty #2905
...
this lines of code (114ff) in threw an error, when the validity_end date was empty:
if options.get("validity_end") > arrow.utcnow().shift(years=2):
raise Exception(
"Verisign issued certificates cannot exceed two years in validity"
)
Actually, they are not needed, because immidiately following is a check for an empty validity_end and for the length of the entered period.
When I commented it out for testing, the error was gone and everything worked as expected.
2020-02-13 07:38:04 +01:00
sirferl
6c7bb5f9b7
Fixed TLS secret format ( #2913 )
...
The Plugin handled the TLS secret format wrong: it sent chain certificate instead of requested public certificate #2913
2020-02-13 07:35:35 +01:00
csine-nflx
ca8e73286f
fixed get_domains() to remove duplicate entries, updated usage and tests
2020-02-12 15:10:24 -08:00
Hossein Shafagh
2d7284f677
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-10 11:23:21 -08:00
Hossein Shafagh
c0cf1c02c1
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-10 11:14:26 -08:00