aff7ad7ea2
testing
2020-09-09 19:53:59 -07:00
9a7a632489
using a standard curve for testing
2020-08-28 09:48:35 -07:00
c169ad291e
adding the correct signing algorithm, and a missing key Type
2020-08-27 13:29:56 -07:00
1bcc9d5d0d
allowing for _ in domains
2020-06-03 13:20:23 -04:00
1b8507636b
fixing quotes, no escape characters in tests, fixed anchors
2020-06-03 12:49:55 -04:00
3ce7cd6c50
fixing escaped string on domain test
2020-06-03 11:34:14 -04:00
8658ac531e
fixing unittests and allowing for single character domains
2020-06-03 08:08:49 -04:00
cee81bd693
updated requirements, fixed unittests, pytest, and distinguidedName ordering
2020-04-09 18:17:05 -07:00
fb6d369130
removed unnecessary imports in test_dns_providers.py
2020-01-31 16:18:22 -08:00
be7736d350
adding dns tests and assorted exception handling
2020-01-31 13:16:37 -08:00
8c9a1df2cf
Merge branch 'master' into up-dependencies-20Sep2019
2019-09-20 15:19:25 -07:00
a13c45e9cc
updating dependencies, and fixing the deprecated arrow.replaces to shift
2019-09-20 13:49:38 -07:00
e2ea2ca4d1
providing sample config
2019-08-07 11:05:07 -07:00
cd1aeb15f1
adding testing for redis
2019-07-12 11:50:12 -07:00
5e389f3f48
Add certificate1 to test DB
2019-05-29 12:38:17 -07:00
68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
7dd9268ca7
Allow uploading a signed cert for a pending certificate.
2019-04-18 00:46:39 +02:00
f6afcc6d21
Merge branch 'master' into master
2019-04-17 10:28:46 -07:00
771f2ebc47
Use SAN_CERT_CSR
2019-04-13 11:01:36 +02:00
c1b02cc8a5
Allow uploading csr along with certificates
2019-04-13 00:48:19 +02:00
ceb335f3ab
Merge branch 'master' into master
2019-04-12 09:38:41 -07:00
2ff57e932c
Update requirements - upgrade to py37
2019-04-10 15:40:48 -07:00
d80a6bb405
Added tests for CSR parsing into CertificateInputSchema
2019-04-01 08:44:40 +02:00
93ce259fb2
Merge branch 'master' into verify-cert-chain
2019-03-07 12:46:19 -08:00
92b60b279a
Merge branch 'master' into verify-cert-chain
2019-03-06 11:15:32 -08:00
43b1d6217a
Merge branch 'master' into allow-cert-deletion
2019-03-06 10:59:33 -08:00
cc6d53fdeb
Ensuring that configs passed via the command line are respected.
2019-03-05 15:39:37 -08:00
10cec063c2
Check that stored certificate chain matches certificate
...
Similar to how the private key is checked.
2019-03-04 17:10:59 +02:00
63de8047ce
Return 'already deleted' instead of 'not found' when cert has already been deleted
2019-02-27 09:38:25 +01:00
a9735e129c
Merge branch 'master' into allow-cert-deletion
2019-02-27 09:28:48 +01:00
16a18cc4b7
adding more edge test cases for EC-certs
2019-02-26 16:42:26 -08:00
40fac02d8b
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-02-25 19:05:54 -08:00
8abf95063c
Implement a ALLOW_CERT_DELETION option (boolean, default False). When enabled, the certificate delete API call will work and the UI
...
will no longer display deleted certificates. When disabled (the default), the delete API call will not work (405 method not allowed)
and the UI will show all certificates, regardless of the 'deleted' flag.
2019-02-14 11:57:27 +01:00
e034771e36
Merge branch 'master' into special-issuer-for-selfsigned-certs
2019-02-11 12:04:33 -08:00
51248c1938
Use special issuer values <selfsigned> and <unknown> in special cases
...
This way it's easy to find/distinguish selfsigned certificates stored in
Lemur.
2019-02-05 16:56:09 +02:00
1d2771b014
Merge branch 'master' into get_by_attributes
2019-02-04 21:07:09 -08:00
45fbaf159a
Merge branch 'master' into master
2019-02-01 16:50:09 -08:00
8e93d007be
Merge branch 'master' into get_by_attributes
2019-02-01 16:48:50 -08:00
e24a94d798
Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes
...
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
2019-01-30 18:11:24 +02:00
e5ddf08f48
Merge branch 'master' into master
2019-01-29 16:37:29 -08:00
4b893ab5b4
Expose full certificate RFC 4514 Distinguished Name string
...
Using rfc4514_string() method added in cryptography version 2.5.
2019-01-23 10:03:40 +02:00
4c4fbf3e48
Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted.
2019-01-21 10:25:28 +01:00
542e953919
Check that stored private keys match certificates
...
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
even when issuer plugins or other code paths have bugs.
2018-12-31 16:28:20 +02:00
72f6fdb17d
Properly handle Unicode in issuer name sanitization
...
If the point of sanitization is to get rid of all non-alphanumeric
characters then Unicode characters should probably be forbidden too.
We can re-use the same sanitization function as used for cert 'name'
2018-12-21 16:34:12 +02:00
e074a14ee9
unit test
2018-11-28 14:27:03 -08:00
75183ef2f2
Unpin most dependencies, and fix moto
2018-11-05 14:37:52 -08:00
a8b357965e
Merge branch 'master' into get_by_attributes
2018-10-29 08:15:42 -07:00
75069cd52a
Add CSR to certificiates
...
Add csr column to certificates field, as pending certificates have
exposed the CSR already. This is required as generating CSR from
existing certificate is will not include SANs due to OpenSSL bug:
https://github.com/openssl/openssl/issues/6481
Change-Id: I9ea86c4f87067ee6d791d77dc1cce8f469cb2a22
2018-10-23 17:46:04 -07:00
48017a9d4c
Added get_by_attributes to the certificates service, for fetching certs based on arbitrary attributes. Also associated test and extra tests for other service methods
2018-10-17 11:42:09 -04:00
40f4444099
Flake8 fix in test_verify.py
2018-10-01 22:04:31 -04:00
Hossein Shafagh
alwaysjolley
csine-nflx
Curtis Castrapel
Jose Plana
Curtis
Hossein Shafagh
Javier Ramos
Kevin Glisson
Marti Raudsepp
Ronald Moesbergen
Curtis Castrapel
James Chuong
Non Sequitur