85efb6a99e
cleanup tmp files
2019-04-23 07:06:52 -04:00
9b38761153
Merge branch 'master' into add-pending-certificate-upload
2019-04-22 11:47:02 -07:00
f9dadb2670
fixing validation
2019-04-22 09:38:44 -04:00
8dccaaf544
simpler validation
2019-04-22 07:58:01 -04:00
1667c05742
removed unused functions
2019-04-18 13:57:10 -04:00
b39e2e3f66
Merge branch 'master' into lemur_vault_plugin
2019-04-18 13:55:45 -04:00
fb3b0e8cd7
adding regex filtering
2019-04-18 13:52:40 -04:00
7dd9268ca7
Allow uploading a signed cert for a pending certificate.
2019-04-18 00:46:39 +02:00
8177e12f3f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:43:44 -07:00
52f939658f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:31:58 -07:00
f6afcc6d21
Merge branch 'master' into master
2019-04-17 10:28:46 -07:00
58dd424de8
Prevent potential NoneType not subscriptable
...
Fix when data['extensions']['subAltNames']['names'] is none
2019-04-17 18:33:52 +02:00
771f2ebc47
Use SAN_CERT_CSR
2019-04-13 11:01:36 +02:00
770729a72e
Allow csr to be empty during upload
2019-04-13 01:17:12 +02:00
2ff811ae71
updating cryptography API call, to create right signing algorithm object.
2019-04-13 00:57:48 +02:00
09796cf7c9
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-04-13 00:57:48 +02:00
406753fcde
Fix PEP8
2019-04-13 00:49:35 +02:00
a5570d07bc
Added some documentation for API users.
2019-04-13 00:48:19 +02:00
c1b02cc8a5
Allow uploading csr along with certificates
2019-04-13 00:48:19 +02:00
df8d4e0892
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-12 09:38:50 -07:00
ceb335f3ab
Merge branch 'master' into master
2019-04-12 09:38:41 -07:00
9ecc19c481
adding san filter
2019-04-12 09:53:06 -04:00
6d67ec7e34
removing unused import
2019-04-11 17:34:02 -07:00
512e1a0bdd
fixing typos
2019-04-11 17:17:28 -07:00
6ec84a398c
checking for None
2019-04-11 17:13:47 -07:00
69c00c4db5
upon creating a new destination, we also add it as source, if the plugin defines this as an option
2019-04-11 17:13:47 -07:00
d7abf2ec18
adding a new util method for setting options
2019-04-11 17:13:47 -07:00
557fac39b5
refactoring the sync job into a service method that we can also call when adding a new destination
2019-04-11 17:13:47 -07:00
d1ead4b79c
removing the announcement
2019-04-11 17:13:47 -07:00
5900828051
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
818da6653d
removing the announcement
2019-04-11 17:13:47 -07:00
e1a67e9b4e
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
84dfdd0600
removing the announcement
2019-04-11 17:13:47 -07:00
ba691a26d4
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
b66fac0494
removing the announcement
2019-04-11 17:13:47 -07:00
1bda246df2
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
9a210c055a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-11 15:36:48 -07:00
2459234147
removing lines
2019-04-11 14:34:26 -07:00
60edab9f6d
cleaning up
2019-04-11 14:12:31 -07:00
ec3d2d7316
fixing typo
2019-04-11 13:51:43 -07:00
83d408b238
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-11 13:30:12 -07:00
266c83367d
avoiding hard-coded plugin names
2019-04-11 13:29:37 -07:00
f185df4f1e
bringing class AWSDestinationPlugin(DestinationPlugin) after AWSSourcePlugin.slug, such that we can do: sync_as_source_name = AWSSourcePlugin.slug
2019-04-11 13:28:58 -07:00
2ff57e932c
Update requirements - upgrade to py37
2019-04-10 15:40:48 -07:00
d628e97035
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-10 09:47:06 -07:00
bc8c7e114a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-09 20:52:33 -07:00
f3d0536800
removing hardcoded rules, to give more flexibility into defining new source-destinations
2019-04-09 20:49:07 -07:00
bfc4f940da
Merge branch 'master' into master
2019-04-09 18:06:09 +02:00
64c6bb2475
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-09 08:28:05 -07:00
dbf34a4d48
Rewrite Java Keystore/Truststore support based on pyjks library
2019-04-06 20:24:46 +03:00
d80a6bb405
Added tests for CSR parsing into CertificateInputSchema
2019-04-01 08:44:40 +02:00
e10007ef7b
Add support for Vault KV API v2
...
This adds the ability to target KV API v1 or v2.
2019-03-29 10:32:49 -04:00
b86e381e20
Parse SubjectAlternativeNames from CSR into Lemur Certificate
2019-03-27 13:46:33 +01:00
d2e969b836
better synching of source and destinations
2019-03-26 18:20:14 -07:00
4018c68d49
Merge branch 'master' into authority_validation_LE_errors
2019-03-25 08:34:10 -07:00
c2158ff8fb
Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs
2019-03-25 08:28:23 -07:00
8a42cfa345
Merge branch 'master' into ghjaramos/master
2019-03-21 08:07:44 -07:00
fa4a5122bc
fixing file read to trim line endings and cleanup
2019-03-20 14:59:04 -04:00
f99b11d50e
refactor url and token to support muiltiple instances of vault
2019-03-20 13:51:06 -04:00
9e5496b484
Update schemas.py
2019-03-15 10:19:25 +01:00
f7452e8379
Parse DNSNames from CSR into Lemur Certificate
2019-03-15 09:29:23 +01:00
157db684c3
Merge branch 'master' into lemur_vault_plugin
2019-03-14 11:09:01 -04:00
c445297357
Update celery.py
2019-03-12 15:41:24 -07:00
f38e5b0879
Update celery.py
2019-03-12 15:29:04 -07:00
1a5a91ccc7
Update celery.py
2019-03-12 15:11:13 -07:00
3b3faa66f4
Merge branch 'master' into skip_duplicate_tasks
2019-03-12 14:53:42 -07:00
d220e9326c
Skip a task if similar task already active
2019-03-12 14:45:43 -07:00
57d3f3d5a5
Merge branch 'master' into lemur_vault_plugin
2019-03-08 07:08:56 -05:00
f1c09a6f8f
fixed comments
2019-03-07 15:58:34 -05:00
93ce259fb2
Merge branch 'master' into verify-cert-chain
2019-03-07 12:46:19 -08:00
7b0a3cf781
Merge branch 'lemur_vault_plugin' of github.com:/alwaysjolley/lemur into lemur_vault_plugin
2019-03-07 15:42:40 -05:00
752c9a086b
fixing error handling and better data formating
2019-03-07 15:41:29 -05:00
92b60b279a
Merge branch 'master' into verify-cert-chain
2019-03-06 11:15:32 -08:00
43b1d6217a
Merge branch 'master' into allow-cert-deletion
2019-03-06 10:59:33 -08:00
98ece58342
Merge branch 'master' into lemur_vault_plugin
2019-03-06 10:59:03 -08:00
45cb0f0513
Merge branch 'master' into allow-cert-deletion
2019-03-06 09:35:10 -08:00
cc6d53fdeb
Ensuring that configs passed via the command line are respected.
2019-03-05 15:39:37 -08:00
a1cb8ee266
fixing lint
2019-03-05 07:37:04 -05:00
880eaad6cb
Merge branch 'lemur_vault_plugin' of github.com:/alwaysjolley/lemur into lemur_vault_plugin
2019-03-05 07:22:18 -05:00
4a027797e0
fixing linting issues
2019-03-05 07:19:22 -05:00
54ad3ba777
Merge branch 'master' into verify-cert-chain
2019-03-04 17:55:36 -08:00
c9bcd29082
Merge branch 'master' into lemur_vault_plugin
2019-03-04 17:55:00 -08:00
dd2900bdbc
Relax search;update requirements
2019-03-04 10:04:06 -08:00
10cec063c2
Check that stored certificate chain matches certificate
...
Similar to how the private key is checked.
2019-03-04 17:10:59 +02:00
20518bc377
Merge branch 'master' into lemur_vault_plugin
2019-03-01 09:58:43 -05:00
5d2f603c84
renamed vault destination plugin to avoid conflict with vault pki plugin
2019-03-01 09:49:52 -05:00
63de8047ce
Return 'already deleted' instead of 'not found' when cert has already been deleted
2019-02-27 09:38:25 +01:00
a9735e129c
Merge branch 'master' into allow-cert-deletion
2019-02-27 09:28:48 +01:00
658c58e4b6
clarifying comments
2019-02-26 17:04:43 -08:00
9dbae39604
updating cryptography API call, to create right signing algorithm object.
2019-02-26 16:42:26 -08:00
16a18cc4b7
adding more edge test cases for EC-certs
2019-02-26 16:42:26 -08:00
aec7c7b0bc
Merge branch 'master' into fixing-signature-verify-ecc
2019-02-26 09:28:48 -08:00
53301728fa
Moved url to config file instead of plugin option. One one url can be supported
...
unless both the token and url are moved to the plugin options.
2019-02-26 09:15:12 -05:00
40fac02d8b
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-02-25 19:05:54 -08:00
cd65a36437
- support multiple bundle configuration, nginx, apache, cert only
...
- update vault destination to support multi cert under one object
- added san list as key value
- read and update object with new keys, keeping other keys, allowing
us to keep an iterable list of keys in an object for deploying multiple
certs to a single node
2019-02-25 09:42:07 -05:00
ef0c08dfd9
Fix: when no alias is entered when exporting a certificate, the alias is set to 'blah'.
...
This fix sets it to the common name instead.
2019-02-21 16:33:43 +01:00
eaa73998a0
adding lemur_vault destination plugin
2019-02-19 15:03:15 -05:00
29bda6c00d
Fix typo's
2019-02-14 11:58:29 +01:00
8abf95063c
Implement a ALLOW_CERT_DELETION option (boolean, default False). When enabled, the certificate delete API call will work and the UI
...
will no longer display deleted certificates. When disabled (the default), the delete API call will not work (405 method not allowed)
and the UI will show all certificates, regardless of the 'deleted' flag.
2019-02-14 11:57:27 +01:00
e034771e36
Merge branch 'master' into special-issuer-for-selfsigned-certs
2019-02-11 12:04:33 -08:00
605663704b
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-02-05 12:41:33 -08:00
e139b92b24
Merge branch 'master' into hshafagh-src-dst-register
2019-02-05 12:41:26 -08:00
6d1ef933c4
creating a new celery task to sync sources with destinations. This is as a measure to make sure important new destinations are also present as sources.
2019-02-05 10:48:52 -08:00
2107d58050
Merge branch 'master' into get_by_attributes
2019-02-05 10:31:35 -08:00
8d261b4120
Merge branch 'master' into special-issuer-for-selfsigned-certs
2019-02-05 10:29:20 -08:00
51248c1938
Use special issuer values <selfsigned> and <unknown> in special cases
...
This way it's easy to find/distinguish selfsigned certificates stored in
Lemur.
2019-02-05 16:56:09 +02:00
1d2771b014
Merge branch 'master' into get_by_attributes
2019-02-04 21:07:09 -08:00
f249a82d71
renaming destination to source.
2019-02-04 16:10:48 -08:00
44a060b159
adding support for creating a source while creating a new dst, while the destination is from AWS
2019-02-04 15:36:39 -08:00
c1cf8d7a92
Merge branch 'master' into ADCS-plugin
2019-02-02 19:21:22 +01:00
45fbaf159a
Merge branch 'master' into master
2019-02-01 16:50:09 -08:00
8e93d007be
Merge branch 'master' into get_by_attributes
2019-02-01 16:48:50 -08:00
6705a0e030
Merge branch 'master' into ADCS-plugin
2019-02-01 16:38:39 -08:00
36ab1c0bec
Merge branch 'master' into ADCS-plugin
2019-02-01 19:10:46 +01:00
e24a94d798
Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes
...
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
2019-01-30 18:11:24 +02:00
e475d90e2e
Merge branch 'master' into master
2019-01-30 07:20:44 -08:00
e5ddf08f48
Merge branch 'master' into master
2019-01-29 16:37:29 -08:00
7f4f4ffded
Merge branch 'master' into master
2019-01-29 16:30:15 -08:00
48ad20faca
moving the 2 year validity issue to the Verisign plugin, and address it there
2019-01-29 16:17:08 -08:00
1e708bf1c7
Merge branch 'master' into password_noninteractive
2019-01-29 15:21:34 -08:00
d2317acfc5
allowing create_user with noninteractive PW;updating reqs
2019-01-29 15:17:40 -08:00
29638c7f3b
Merge branch 'master' into master
2019-01-29 14:59:55 -08:00
93021a5d89
Merge branch 'master' into expose-cert-distinguished-name
2019-01-29 14:56:31 -08:00
c68a9cf80a
fixing linting issues
2019-01-29 11:10:56 -05:00
254a3079f2
fix whitespace
2019-01-29 11:01:55 -05:00
b4d1b80e04
Adding support for cfssl auth mode signing
2019-01-29 10:13:44 -05:00
c77ccdf46e
Merge branch 'master' into ADCS-plugin
2019-01-28 17:57:46 +01:00
c47fa0f9a2
adjusting the tests to reflect on the new full year convert limit!
2019-01-24 17:52:22 -08:00
a9724e7383
Resolving the 2 years error from UI during cert creation:
...
Though a CA would accept two year validity, we were getting error for being beyond 2 years.
This is because our current conversion is just current date plus 2 years,
1/25/2019 + 2 years ==> 1/25/2019
This is more strictly seen two years and 1 day extra, violating the 2 year's limit.
2019-01-24 17:23:40 -08:00
4b893ab5b4
Expose full certificate RFC 4514 Distinguished Name string
...
Using rfc4514_string() method added in cryptography version 2.5.
2019-01-23 10:03:40 +02:00
4c4fbf3e48
Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted.
2019-01-21 10:25:28 +01:00
cb35f19d6c
Add 'delete_cert' to enum log_type in logs table
2019-01-21 10:22:03 +01:00
0336d68ee2
Merge remote-tracking branch 'upstream/master'
2019-01-17 14:56:12 -08:00
7f88c24e83
Fix LetsEncrypt Dyn flow for duplicate CN/SAN
2019-01-17 14:56:04 -08:00
d3284a4006
adjusting the query to filter authorities based on matching CN
2019-01-14 17:52:06 -08:00
3567a768d5
Compare certificate hashes to determine if Lemur already has a synced certificate
2019-01-14 13:35:55 -08:00
31a86687e7
Reduce the expense of joins
2019-01-14 09:20:02 -08:00
c4e6e7c59b
Optimize DB cert filtering
2019-01-14 08:02:27 -08:00
638a8450a3
Merge branch 'master' into more_retries
2019-01-11 11:25:00 -08:00
0e02e6da79
Be more forgiving to throttling
2019-01-11 11:13:43 -08:00
a1ca61d813
changed a too long comment
2019-01-09 09:50:26 +01:00
a43476bc87
minor errors after lint fix
2019-01-07 11:04:27 +01:00
054685fc38
Merge branch 'master' into ADCS-plugin
2019-01-07 10:23:18 +01:00
c62bcd1456
repaired several lint errors
2019-01-07 10:02:37 +01:00
542e953919
Check that stored private keys match certificates
...
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
even when issuer plugins or other code paths have bugs.
2018-12-31 16:28:20 +02:00
6a31856d0d
Update plugin.py
2018-12-21 12:33:47 -08:00
b5d6abb01f
Merge branch 'master' into kubernetes-improvment
2018-12-21 12:06:09 -08:00
b7332957e7
Merge branch 'master' into unicode-in-issuer-name
2018-12-21 07:59:20 -08:00
70381c4c89
Merge branch 'master' into kubernetes-fix
2018-12-21 07:44:11 -08:00
a14fe08a63
Merge branch 'master' into kubernetes-improvment
2018-12-21 07:42:13 -08:00
alwaysjolley
Hossein Shafagh
Jose Plana
Curtis
Javier Ramos
Hossein Shafagh
Curtis Castrapel
Marti Raudsepp
Javier Ramos
Ryan DeShone
alwaysjolley
Kevin Glisson
Ronald Moesbergen
sirferl
Curtis Castrapel
Curtis Castrapel
sirferl