Commit Graph

807 Commits

Author SHA1 Message Date
Neil Schelly f13a3505f3 X509 extensions issue#646 (#666)
* Allowing that create_csr can be called with an additional flag in the csr_config to adjust the BasicConstraints for a CA.

* If there are no SANs, skip adding a blank list of SANs.

* Adding handling for all the extended key usage, key usage, and subject key identifier extensions.

* Fixing lint checks. I was overly verbose.

* This implements marshalling of the certificate extensions into x509 ExtensionType objects in the schema validation code.

* Will create x509 ExtensionType objects in the schema validation stage
* Allows errors parsing incoming options to bubble up to the requestor as ValidationErrors.
* Cleans up create_csr a lot in the certificates/service.py
* Makes BasicConstraints _just another extension_, rather than a hard-coded one
* Adds BasicConstraints option for path_length to the UI for creating an authority
* Removes SAN types which cannot be handled from the UI for authorities and certificates.
* Fixes Certificate() object model so that it doesn't just hard-code only SAN records in the extensions property and actually returns the extensions how you expect to see them. Since Lemur is focused on using these data in the "CSR" phase of things, extensions that don't get populated until signing will be in dict() form.* Trying out schema validation of extensions
2017-01-27 12:31:29 -08:00
Tom Lianza 4af871f408 Added migration to cover what seem to be missing fields. (#676) 2017-01-27 09:07:20 -08:00
Nevins 162d5ccb62 Gracefully handle importing certificates with missing data (#674)
* fixing index out of range issue

* catching exceptions is common values aren't set

* fixing lint errors

* fixing unrelated lint/import error
2017-01-24 13:48:53 -08:00
Doppins b1723b4985 [Doppins] Upgrade dependency marshmallow to ==2.12.1 (#672)
* Upgrade dependency marshmallow to ==2.12.0

* Upgrade dependency marshmallow to ==2.12.1
2017-01-24 13:46:37 -08:00
Doppins 6bf7d56d51 Upgrade dependency moto to ==0.4.31 (#673) 2017-01-24 13:46:14 -08:00
Doppins 9751cbbf83 Upgrade dependency pytest to ==3.0.6 (#671) 2017-01-22 18:03:22 -08:00
Doppins 8fa5ffa007 Upgrade dependency boto3 to ==1.4.4 (#670) 2017-01-20 13:10:01 -08:00
Neil Schelly f353956353 Many fixes to authority/certificate extensions pages (#659)
* Aligning certificate creation between authority and certificate workflows
* Correctly missing and mis-named fields in schemas
* Re-ordering KeyUsage and ExtendedKeyUsage for consistency and clarity
* Adding client authentication to the authority options.

* Missing blank lines for pyflakes linting

* Updating tests for new fields/names/typos
2017-01-18 14:31:17 -08:00
Neil Schelly 02cfb2d877 Stealing this code form the attachSubAltName function in the certificates workflow. (#655)
The function was wiping out any extensions that weren't SAN names from the authority UI.
2017-01-18 14:24:15 -08:00
Neil Schelly 1b6f88f6fd Fixing handling of adding custom OIDs in UI (#653)
* is_critical wasn't in the schema, so was getting dropped.
* isCritical in the Javascript wasn't getting assigned if it was unchecked. Now, it will be assumed false if missing.
* The display of critical or not in the list of added custom OIDs was unclear when it was just true/false with no heading. Now it will be displayed as critical or nothing instead.
* The namespace for the checkbox for isCritical was wrong, and didn't get processed with the oid/type/value variables.
2017-01-18 14:20:44 -08:00
kevgliss 9f6ad08c50 Updating hooks. (#660) 2017-01-18 14:16:31 -08:00
Neil Schelly 25340fd744 Combining Authority Key Identifier extension options in the schema. (#651)
* Combining Authority Key Identifier extension options in the schema.
This makes processing them in the cert/csr generation stage make more sense because they are two options in the same x.509 extension. They were already in the same part of the schema for authorities, but this makes the certificates follow the same pattern, and it allows them to share the same schema/validation layout.

* Updating schema tests to match changes

* Fixing an idiot typo

* I promise to stop using Travis as a typo-corrector soon.
2017-01-18 14:16:19 -08:00
Neil Schelly 7f2b44db04 Correcting grammar for subca ValidationError message for clarity (#657) 2017-01-18 12:34:16 -08:00
kevgliss d67b6c6120 Chains are not always a given. (#645) 2017-01-08 17:27:50 -08:00
Doppins 4cfb5752b2 Upgrade dependency marshmallow to ==2.11.1 (#644) 2017-01-08 14:52:28 -08:00
Doppins 0d7b2d9f44 Upgrade dependency Flask to ==0.12 (#639) 2017-01-08 10:53:02 -08:00
Doppins 08ebc4cd59 Upgrade dependency marshmallow-sqlalchemy to ==0.12.1 (#640) 2017-01-08 10:50:37 -08:00
Doppins 85ae9712e3 Upgrade dependency marshmallow to ==2.11.0 (#642) 2017-01-08 10:49:41 -08:00
kevgliss 83128f3019 Fixing elb sync issues. (#641)
* Fixing elb sync issues.

* Fixing de-duplications of names.
2017-01-05 16:06:34 -08:00
kevgliss 7aa5ba9c6b Fixing an IAM syncing issue. Were duplicates were not properly sync'd… (#638)
* Fixing an IAM syncing issue. Were duplicates were not properly sync'd with Lemur. This resulted in a visibility gap. Even 'duplicates' need to sync'd to Lemur such that we can track rotation correctly. Failing on duplicates lead to missing those certificates and the endpoints onto which they were deployed. This commit removes the duplicate handling altogether.

* Fixing tests.
2017-01-04 17:46:47 -08:00
kevgliss e5dee2d7e6 Adding additional metrics for when destinations fail to upload. (#637) 2016-12-28 09:52:23 -08:00
kevgliss b0232b804e Removing cloned date defaults. (#636) 2016-12-27 11:35:53 -08:00
kevgliss de7cec35c6 Clean refactor (#635)
* Adding rotation to the UI.

* Removing spinkit dependency.

* refactoring source cleaning
2016-12-27 10:31:33 -08:00
kevgliss 700c57b807 Rotation ui (#633)
* Adding rotation to the UI.

* Removing spinkit dependency.
2016-12-26 15:55:11 -08:00
kevgliss ce75bba2c3 Replacement refactor. (#631)
* Deprecating replacement keyword.

* Def renaming.
2016-12-26 11:09:50 -08:00
kevgliss 46f8ebd136 Modifying the way rotation works. (#629)
* Modifying the way rotation works.

* Adding docs.

* Fixing tests.
2016-12-23 13:18:42 -08:00
kevgliss f8279d6972 Fixes a bug where pagination was incorrect. (#628) 2016-12-21 18:39:21 -08:00
kevgliss 072ca4da4f Adding some additional output to rotation command. (#627) 2016-12-21 13:34:14 -08:00
kevgliss 8c5c30dfd4 Adding some additional output to expiration command. (#626) 2016-12-21 11:01:21 -08:00
kevgliss edc0116a3a urllib3 still failing. (#625) 2016-12-21 11:01:09 -08:00
Doppins c1b2c3689c [Doppins] Upgrade dependency requests to ==2.12.4 (#543)
* Upgrade dependency requests to ==2.12.2

* Upgrade dependency requests to ==2.12.3

* Upgrade dependency requests to ==2.12.4
2016-12-21 10:06:30 -08:00
Doppins 6746cc33a0 Upgrade dependency factory-boy to ==2.8.1 (#616) 2016-12-21 10:01:46 -08:00
kevgliss 74723d1a1f Adding ability to modify ELBv2 endpoints. (#624) 2016-12-21 08:23:14 -08:00
Doppins fccb8148d5 Upgrade dependency marshmallow to ==2.10.5 (#615) 2016-12-21 07:19:32 -08:00
Doppins 3a4ebbf92c Upgrade dependency SQLAlchemy-Utils to ==0.32.12 (#614) 2016-12-21 07:19:10 -08:00
Doppins 48735e685c Upgrade dependency boto3 to ==1.4.3 (#623) 2016-12-20 18:28:07 -08:00
kevgliss cdcae4efb0 Closes #594 (#621) 2016-12-20 14:26:39 -08:00
kevgliss f7c795c7f6 Closes #577. (#622) 2016-12-20 14:26:29 -08:00
kevgliss beba2ba092 Adding additional reporting and refactoring existing setup. (#620) 2016-12-20 12:48:14 -08:00
kevgliss 9ac10a97ce Fix acme tests (#619)
* Ensures that in-active users are not allowed to login.

* Ensuring acme issuer loads correctly.
2016-12-19 22:59:23 -08:00
kevgliss 2f5f82d797 Ensures that in-active users are not allowed to login. (#618) 2016-12-19 22:58:57 -08:00
kevgliss c7fdb2acd7 adding required variables (#611) 2016-12-18 18:21:22 -08:00
kevgliss 51c7216b70 Fixing configuration value. (#610)
* Fixing and configuration value.

* Pinning fake factory.
2016-12-18 18:21:12 -08:00
Marti Raudsepp 0f3ffaade0 Fall back to CN for CA name when organization is not available (#607)
In-house CAs may not have the organization field filled out.
2016-12-16 16:27:25 -08:00
kevgliss 156b98f7f0 Ensuring that rotation only happens for certificates with endpoints to rotate. (#606) 2016-12-15 15:20:21 -08:00
kevgliss a09faac9a7 Endpoint sync fixes (#604) 2016-12-15 10:26:59 -08:00
kevgliss d20c552248 Fixing issues with rotation. (#603)
* Fixing issues with rotation.

* Fixing tests
2016-12-14 17:30:13 -08:00
Doppins f7fdf7902d Upgrade dependency boto to ==2.45.0 (#601) 2016-12-14 16:53:47 -08:00
Marti Raudsepp b327963925 Plugin base classes: update method signatures & fix raise (#598)
This way IDEs can verify method overrides in subclasses, otherwise these
are flagged as erroneous.

Changed base classes to properly raise NotImplementedError; previously
they would cause "TypeError: exceptions must derive from BaseException"

Also fixed exception handling in sources.service.clean().
2016-12-14 13:42:29 -08:00
Marti Raudsepp 1eb3d563c6 Fix error reporting for certs without private key (#599) 2016-12-14 13:25:56 -08:00