Curtis Castrapel
|
68fd1556b2
|
Black lint all the things
|
2019-05-16 07:57:02 -07:00 |
|
Curtis Castrapel
|
e3c5490d25
|
Expose exact response from digicert as error
|
2019-05-15 13:36:40 -07:00 |
|
Curtis Castrapel
|
26d10e8b98
|
change ordering in more places
|
2019-05-15 11:47:53 -07:00 |
|
Curtis Castrapel
|
7e92edc70a
|
Set resolved cert ID before resolving cert; Ignore sentry exceptions when no records on deletion
|
2019-05-15 11:43:59 -07:00 |
|
Curtis
|
6eb3836abc
|
Merge branch 'master' into fast-valid-cert-lookup
|
2019-05-15 10:20:17 -07:00 |
|
Curtis Castrapel
|
5d8f71c3e4
|
nt
|
2019-05-14 13:02:24 -07:00 |
|
Curtis Castrapel
|
565142f985
|
Add soft timeouts to celery jobs; Check for PEM in LE order
|
2019-05-14 12:52:30 -07:00 |
|
Hossein Shafagh
|
f452a7ce68
|
adding a new API for faster certificate lookup.
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:
cn is a required parameter:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):
http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:
http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
|
2019-05-11 18:06:51 -07:00 |
|
Curtis Castrapel
|
ed18df22db
|
remove permalink change
|
2019-05-09 14:54:44 -07:00 |
|
Curtis Castrapel
|
e33a103ca1
|
Allow searching for certificates by name via API
|
2019-05-09 14:36:56 -07:00 |
|
Curtis
|
c9c782684d
|
Merge branch 'master' into add_metrics_reissue_rotate
|
2019-05-08 07:48:44 -07:00 |
|
Curtis Castrapel
|
87470602fd
|
Gather more metrics on certificate reissue/rotate jobs
|
2019-05-08 07:48:08 -07:00 |
|
Curtis
|
317c84800c
|
Merge branch 'master' into jwks_validation_error_control
|
2019-05-08 06:50:56 -07:00 |
|
Curtis Castrapel
|
0eacbd42d7
|
Converting userinfo authorization to a config var
|
2019-05-07 15:31:42 -07:00 |
|
Jose Plana
|
4e6e7edf27
|
Rename return variable for better readability
|
2019-05-07 22:53:01 +02:00 |
|
Hossein Shafagh
|
b7ce9ab901
|
Merge branch 'master' into jwks_validation_error_control
|
2019-05-07 13:09:02 -07:00 |
|
Hossein Shafagh
|
ff583981b1
|
Merge branch 'master' into aid_openid_roles_provider_integration
|
2019-05-07 09:06:02 -07:00 |
|
Hossein Shafagh
|
e58ff476c9
|
Merge branch 'master' into jwks_validation_error_control
|
2019-05-07 09:05:41 -07:00 |
|
Curtis
|
22caaa0c95
|
Merge branch 'master' into fix_userinfo_authorization
|
2019-05-07 07:48:47 -07:00 |
|
Curtis
|
e65154b48e
|
Merge branch 'master' into develop
|
2019-05-07 07:36:51 -07:00 |
|
alwaysjolley
|
ef7a8587fe
|
Merge branch 'lemur_vault_source' of github.com:/alwaysjolley/lemur into lemur_vault_source
|
2019-05-07 10:06:09 -04:00 |
|
alwaysjolley
|
b0c8901b0a
|
lint cleanup
|
2019-05-07 10:05:01 -04:00 |
|
alwaysjolley
|
36ce1cc7ef
|
Merge branch 'master' into lemur_vault_source
|
2019-05-07 09:41:50 -04:00 |
|
alwaysjolley
|
fb3f0bd72a
|
adding Vault Source plugin
|
2019-05-07 09:37:30 -04:00 |
|
Daniel Iancu
|
a7af3cf8d2
|
Fix Cloudflare DNS
|
2019-05-07 03:05:24 +03:00 |
|
Jose Plana
|
deed1b9685
|
Don't fail if googleGroups is not found in user profile
|
2019-05-06 12:30:25 +02:00 |
|
Jose Plana
|
6c99e76c9a
|
Better error management in jwks token validation
|
2019-05-06 12:27:43 +02:00 |
|
Jose Plana
|
2063baefc9
|
Fixes userinfo using Bearer token
|
2019-05-06 12:23:24 +02:00 |
|
Curtis Castrapel
|
3a1da72419
|
nt
|
2019-04-29 13:57:04 -07:00 |
|
Curtis Castrapel
|
6e3f394cff
|
Updated requirements ; Revert change and require DNS validation by provider
|
2019-04-29 13:55:26 -07:00 |
|
Curtis Castrapel
|
1a90e71884
|
Move ACME host validation logic prior to R53 host modification
|
2019-04-26 17:27:44 -07:00 |
|
Curtis Castrapel
|
333ba8030a
|
Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname
|
2019-04-26 15:45:04 -07:00 |
|
Curtis Castrapel
|
1a3ba46873
|
More retry changes
|
2019-04-26 10:18:54 -07:00 |
|
Curtis Castrapel
|
1e64851d79
|
Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries
|
2019-04-26 10:16:18 -07:00 |
|
Curtis
|
8eef95b58e
|
Merge branch 'master' into expose_verisign_exception
|
2019-04-25 19:15:55 -07:00 |
|
Curtis Castrapel
|
dcdfb32883
|
Expose verisign exceptions
|
2019-04-25 19:14:15 -07:00 |
|
Curtis Castrapel
|
39584f214b
|
Process DNS Challenges appropriately (1 challenge -> 1 domain)
|
2019-04-25 15:12:52 -07:00 |
|
Curtis Castrapel
|
2bc604e5a9
|
Better metrics and error reporting
|
2019-04-25 13:50:41 -07:00 |
|
Curtis Castrapel
|
272285f64a
|
Better exception handling, logging, and metrics for ACME flow
|
2019-04-24 15:26:23 -07:00 |
|
Curtis
|
0f9b0f39f7
|
Merge branch 'master' into add-pending-certificate-upload
|
2019-04-24 09:34:35 -07:00 |
|
alwaysjolley
|
a801112cf6
|
Merge branch 'master' into lemur_vault_plugin
|
2019-04-23 07:07:39 -04:00 |
|
alwaysjolley
|
85efb6a99e
|
cleanup tmp files
|
2019-04-23 07:06:52 -04:00 |
|
Hossein Shafagh
|
9b38761153
|
Merge branch 'master' into add-pending-certificate-upload
|
2019-04-22 11:47:02 -07:00 |
|
alwaysjolley
|
f9dadb2670
|
fixing validation
|
2019-04-22 09:38:44 -04:00 |
|
alwaysjolley
|
8dccaaf544
|
simpler validation
|
2019-04-22 07:58:01 -04:00 |
|
alwaysjolley
|
1667c05742
|
removed unused functions
|
2019-04-18 13:57:10 -04:00 |
|
alwaysjolley
|
b39e2e3f66
|
Merge branch 'master' into lemur_vault_plugin
|
2019-04-18 13:55:45 -04:00 |
|
alwaysjolley
|
fb3b0e8cd7
|
adding regex filtering
|
2019-04-18 13:52:40 -04:00 |
|
Jose Plana
|
7dd9268ca7
|
Allow uploading a signed cert for a pending certificate.
|
2019-04-18 00:46:39 +02:00 |
|
Curtis
|
8177e12f3f
|
Merge branch 'master' into rewrite-java-keystore-use-pyjks
|
2019-04-17 10:43:44 -07:00 |
|
Hossein Shafagh
|
52f939658f
|
Merge branch 'master' into rewrite-java-keystore-use-pyjks
|
2019-04-17 10:31:58 -07:00 |
|
Curtis
|
f6afcc6d21
|
Merge branch 'master' into master
|
2019-04-17 10:28:46 -07:00 |
|
Javier Ramos
|
58dd424de8
|
Prevent potential NoneType not subscriptable
Fix when data['extensions']['subAltNames']['names'] is none
|
2019-04-17 18:33:52 +02:00 |
|
Jose Plana
|
771f2ebc47
|
Use SAN_CERT_CSR
|
2019-04-13 11:01:36 +02:00 |
|
Jose Plana
|
770729a72e
|
Allow csr to be empty during upload
|
2019-04-13 01:17:12 +02:00 |
|
Hossein Shafagh
|
2ff811ae71
|
updating cryptography API call, to create right signing algorithm object.
|
2019-04-13 00:57:48 +02:00 |
|
Hossein Shafagh
|
09796cf7c9
|
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
|
2019-04-13 00:57:48 +02:00 |
|
Jose Plana
|
406753fcde
|
Fix PEP8
|
2019-04-13 00:49:35 +02:00 |
|
Jose Plana
|
a5570d07bc
|
Added some documentation for API users.
|
2019-04-13 00:48:19 +02:00 |
|
Jose Plana
|
c1b02cc8a5
|
Allow uploading csr along with certificates
|
2019-04-13 00:48:19 +02:00 |
|
Hossein Shafagh
|
df8d4e0892
|
Merge branch 'master' into rewrite-java-keystore-use-pyjks
|
2019-04-12 09:38:50 -07:00 |
|
Hossein Shafagh
|
ceb335f3ab
|
Merge branch 'master' into master
|
2019-04-12 09:38:41 -07:00 |
|
alwaysjolley
|
9ecc19c481
|
adding san filter
|
2019-04-12 09:53:06 -04:00 |
|
Hossein Shafagh
|
6d67ec7e34
|
removing unused import
|
2019-04-11 17:34:02 -07:00 |
|
Hossein Shafagh
|
512e1a0bdd
|
fixing typos
|
2019-04-11 17:17:28 -07:00 |
|
Hossein Shafagh
|
6ec84a398c
|
checking for None
|
2019-04-11 17:13:47 -07:00 |
|
Hossein Shafagh
|
69c00c4db5
|
upon creating a new destination, we also add it as source, if the plugin defines this as an option
|
2019-04-11 17:13:47 -07:00 |
|
Hossein Shafagh
|
d7abf2ec18
|
adding a new util method for setting options
|
2019-04-11 17:13:47 -07:00 |
|
Hossein Shafagh
|
557fac39b5
|
refactoring the sync job into a service method that we can also call when adding a new destination
|
2019-04-11 17:13:47 -07:00 |
|
Hossein Shafagh
|
d1ead4b79c
|
removing the announcement
|
2019-04-11 17:13:47 -07:00 |
|
Hossein Shafagh
|
5900828051
|
simple hardcoded announcement
|
2019-04-11 17:13:47 -07:00 |
|
Hossein Shafagh
|
818da6653d
|
removing the announcement
|
2019-04-11 17:13:47 -07:00 |
|
Hossein Shafagh
|
e1a67e9b4e
|
simple hardcoded announcement
|
2019-04-11 17:13:47 -07:00 |
|
Hossein Shafagh
|
84dfdd0600
|
removing the announcement
|
2019-04-11 17:13:47 -07:00 |
|
Hossein Shafagh
|
ba691a26d4
|
simple hardcoded announcement
|
2019-04-11 17:13:47 -07:00 |
|
Hossein Shafagh
|
b66fac0494
|
removing the announcement
|
2019-04-11 17:13:47 -07:00 |
|
Hossein Shafagh
|
1bda246df2
|
simple hardcoded announcement
|
2019-04-11 17:13:47 -07:00 |
|
Hossein Shafagh
|
9a210c055a
|
Merge branch 'master' into hshafagh-src-dst-register
|
2019-04-11 15:36:48 -07:00 |
|
Hossein Shafagh
|
2459234147
|
removing lines
|
2019-04-11 14:34:26 -07:00 |
|
Hossein Shafagh
|
60edab9f6d
|
cleaning up
|
2019-04-11 14:12:31 -07:00 |
|
Hossein Shafagh
|
ec3d2d7316
|
fixing typo
|
2019-04-11 13:51:43 -07:00 |
|
Hossein Shafagh
|
83d408b238
|
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
|
2019-04-11 13:30:12 -07:00 |
|
Hossein Shafagh
|
266c83367d
|
avoiding hard-coded plugin names
|
2019-04-11 13:29:37 -07:00 |
|
Hossein Shafagh
|
f185df4f1e
|
bringing class AWSDestinationPlugin(DestinationPlugin) after AWSSourcePlugin.slug, such that we can do: sync_as_source_name = AWSSourcePlugin.slug
|
2019-04-11 13:28:58 -07:00 |
|
Curtis Castrapel
|
2ff57e932c
|
Update requirements - upgrade to py37
|
2019-04-10 15:40:48 -07:00 |
|
Hossein Shafagh
|
d628e97035
|
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
|
2019-04-10 09:47:06 -07:00 |
|
Hossein Shafagh
|
bc8c7e114a
|
Merge branch 'master' into hshafagh-src-dst-register
|
2019-04-09 20:52:33 -07:00 |
|
Hossein Shafagh
|
f3d0536800
|
removing hardcoded rules, to give more flexibility into defining new source-destinations
|
2019-04-09 20:49:07 -07:00 |
|
Javier Ramos
|
bfc4f940da
|
Merge branch 'master' into master
|
2019-04-09 18:06:09 +02:00 |
|
Hossein Shafagh
|
64c6bb2475
|
Merge branch 'master' into rewrite-java-keystore-use-pyjks
|
2019-04-09 08:28:05 -07:00 |
|
Marti Raudsepp
|
dbf34a4d48
|
Rewrite Java Keystore/Truststore support based on pyjks library
|
2019-04-06 20:24:46 +03:00 |
|
Javier Ramos
|
d80a6bb405
|
Added tests for CSR parsing into CertificateInputSchema
|
2019-04-01 08:44:40 +02:00 |
|
Ryan DeShone
|
e10007ef7b
|
Add support for Vault KV API v2
This adds the ability to target KV API v1 or v2.
|
2019-03-29 10:32:49 -04:00 |
|
Javier Ramos
|
b86e381e20
|
Parse SubjectAlternativeNames from CSR into Lemur Certificate
|
2019-03-27 13:46:33 +01:00 |
|
Hossein Shafagh
|
d2e969b836
|
better synching of source and destinations
|
2019-03-26 18:20:14 -07:00 |
|
Curtis
|
4018c68d49
|
Merge branch 'master' into authority_validation_LE_errors
|
2019-03-25 08:34:10 -07:00 |
|
Curtis Castrapel
|
c2158ff8fb
|
Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs
|
2019-03-25 08:28:23 -07:00 |
|
Curtis
|
8a42cfa345
|
Merge branch 'master' into ghjaramos/master
|
2019-03-21 08:07:44 -07:00 |
|
alwaysjolley
|
fa4a5122bc
|
fixing file read to trim line endings and cleanup
|
2019-03-20 14:59:04 -04:00 |
|
alwaysjolley
|
f99b11d50e
|
refactor url and token to support muiltiple instances of vault
|
2019-03-20 13:51:06 -04:00 |
|