68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
f452a7ce68
adding a new API for faster certificate lookup.
...
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:
cn is a required parameter:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):
http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:
http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
2019-05-11 18:06:51 -07:00
e33a103ca1
Allow searching for certificates by name via API
2019-05-09 14:36:56 -07:00
87470602fd
Gather more metrics on certificate reissue/rotate jobs
2019-05-08 07:48:08 -07:00
f6afcc6d21
Merge branch 'master' into master
2019-04-17 10:28:46 -07:00
58dd424de8
Prevent potential NoneType not subscriptable
...
Fix when data['extensions']['subAltNames']['names'] is none
2019-04-17 18:33:52 +02:00
770729a72e
Allow csr to be empty during upload
2019-04-13 01:17:12 +02:00
406753fcde
Fix PEP8
2019-04-13 00:49:35 +02:00
a5570d07bc
Added some documentation for API users.
2019-04-13 00:48:19 +02:00
c1b02cc8a5
Allow uploading csr along with certificates
2019-04-13 00:48:19 +02:00
d80a6bb405
Added tests for CSR parsing into CertificateInputSchema
2019-04-01 08:44:40 +02:00
b86e381e20
Parse SubjectAlternativeNames from CSR into Lemur Certificate
2019-03-27 13:46:33 +01:00
4018c68d49
Merge branch 'master' into authority_validation_LE_errors
2019-03-25 08:34:10 -07:00
c2158ff8fb
Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs
2019-03-25 08:28:23 -07:00
9e5496b484
Update schemas.py
2019-03-15 10:19:25 +01:00
f7452e8379
Parse DNSNames from CSR into Lemur Certificate
2019-03-15 09:29:23 +01:00
93ce259fb2
Merge branch 'master' into verify-cert-chain
2019-03-07 12:46:19 -08:00
45cb0f0513
Merge branch 'master' into allow-cert-deletion
2019-03-06 09:35:10 -08:00
54ad3ba777
Merge branch 'master' into verify-cert-chain
2019-03-04 17:55:36 -08:00
dd2900bdbc
Relax search;update requirements
2019-03-04 10:04:06 -08:00
10cec063c2
Check that stored certificate chain matches certificate
...
Similar to how the private key is checked.
2019-03-04 17:10:59 +02:00
63de8047ce
Return 'already deleted' instead of 'not found' when cert has already been deleted
2019-02-27 09:38:25 +01:00
29bda6c00d
Fix typo's
2019-02-14 11:58:29 +01:00
8abf95063c
Implement a ALLOW_CERT_DELETION option (boolean, default False). When enabled, the certificate delete API call will work and the UI
...
will no longer display deleted certificates. When disabled (the default), the delete API call will not work (405 method not allowed)
and the UI will show all certificates, regardless of the 'deleted' flag.
2019-02-14 11:57:27 +01:00
1d2771b014
Merge branch 'master' into get_by_attributes
2019-02-04 21:07:09 -08:00
45fbaf159a
Merge branch 'master' into master
2019-02-01 16:50:09 -08:00
8e93d007be
Merge branch 'master' into get_by_attributes
2019-02-01 16:48:50 -08:00
e24a94d798
Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes
...
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
2019-01-30 18:11:24 +02:00
e5ddf08f48
Merge branch 'master' into master
2019-01-29 16:37:29 -08:00
4b893ab5b4
Expose full certificate RFC 4514 Distinguished Name string
...
Using rfc4514_string() method added in cryptography version 2.5.
2019-01-23 10:03:40 +02:00
4c4fbf3e48
Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted.
2019-01-21 10:25:28 +01:00
31a86687e7
Reduce the expense of joins
2019-01-14 09:20:02 -08:00
c4e6e7c59b
Optimize DB cert filtering
2019-01-14 08:02:27 -08:00
542e953919
Check that stored private keys match certificates
...
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
even when issuer plugins or other code paths have bugs.
2018-12-31 16:28:20 +02:00
a50d80992c
updated query to ignore empty parameters
2018-12-12 12:45:48 +01:00
39b76d18dc
add countdown to async call
2018-11-28 14:41:56 -08:00
e074a14ee9
unit test
2018-11-28 14:27:03 -08:00
2381d0a4bb
Add async call to create pending cert when needed
2018-11-28 11:32:52 -08:00
3ce8abe46e
Left outer join on domains tables to avoid missing results
2018-11-13 14:33:17 -08:00
29be647911
Merge branch 'master' into no_csr_reissue
2018-11-12 09:54:47 -08:00
a7a05e26bc
Do not re-use CSR during certificate reissuance; Update requirement; Add more logging to celery handler
2018-11-12 09:52:11 -08:00
1643650685
Changing essential part of query
2018-11-07 16:02:04 -08:00
08a2a2b0e5
Optimize certificate filtering by name
2018-11-07 15:34:25 -08:00
52e773230d
Add new gin index to optimize ILIKE queries
2018-11-05 10:29:11 -08:00
50761d9d3b
safer reissue, fix celery sync job
2018-10-29 13:22:50 -07:00
a8b357965e
Merge branch 'master' into get_by_attributes
2018-10-29 08:15:42 -07:00
2138930102
Merge branch 'master' into get_by_attributes
2018-10-24 07:20:46 -07:00
75069cd52a
Add CSR to certificiates
...
Add csr column to certificates field, as pending certificates have
exposed the CSR already. This is required as generating CSR from
existing certificate is will not include SANs due to OpenSSL bug:
https://github.com/openssl/openssl/issues/6481
Change-Id: I9ea86c4f87067ee6d791d77dc1cce8f469cb2a22
2018-10-23 17:46:04 -07:00
73ed5164cd
deps
2018-10-22 14:51:13 -07:00
81d114092e
Merge branch 'github' into get_by_attributes
2018-10-17 12:00:36 -04:00
