Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,936 Commits 4 Branches 45 Tags
Commit Graph

204 Commits

Author SHA1 Message Date
Hossein Shafagh
aff7ad7ea2 testing 2020-09-09 19:53:59 -07:00
Hossein Shafagh
9a7a632489 using a standard curve for testing 2020-08-28 09:48:35 -07:00
Hossein Shafagh
c169ad291e adding the correct signing algorithm, and a missing key Type 2020-08-27 13:29:56 -07:00
alwaysjolley
1bcc9d5d0d allowing for _ in domains 2020-06-03 13:20:23 -04:00
alwaysjolley
1b8507636b fixing quotes, no escape characters in tests, fixed anchors 2020-06-03 12:49:55 -04:00
alwaysjolley
3ce7cd6c50 fixing escaped string on domain test 2020-06-03 11:34:14 -04:00
alwaysjolley
8658ac531e fixing unittests and allowing for single character domains 2020-06-03 08:08:49 -04:00
csine-nflx
cee81bd693 updated requirements, fixed unittests, pytest, and distinguidedName ordering 2020-04-09 18:17:05 -07:00
csine-nflx
fb6d369130 removed unnecessary imports in test_dns_providers.py 2020-01-31 16:18:22 -08:00
csine-nflx
be7736d350 adding dns tests and assorted exception handling 2020-01-31 13:16:37 -08:00
Hossein Shafagh
8c9a1df2cf
Merge branch 'master' into up-dependencies-20Sep2019 2019-09-20 15:19:25 -07:00
Hossein Shafagh
a13c45e9cc updating dependencies, and fixing the deprecated arrow.replaces to shift 2019-09-20 13:49:38 -07:00
Hossein Shafagh
e2ea2ca4d1 providing sample config 2019-08-07 11:05:07 -07:00
Hossein Shafagh
cd1aeb15f1 adding testing for redis 2019-07-12 11:50:12 -07:00
Curtis Castrapel
5e389f3f48 Add certificate1 to test DB 2019-05-29 12:38:17 -07:00
Curtis Castrapel
68fd1556b2 Black lint all the things 2019-05-16 07:57:02 -07:00
Jose Plana
7dd9268ca7 Allow uploading a signed cert for a pending certificate. 2019-04-18 00:46:39 +02:00
Curtis
f6afcc6d21
Merge branch 'master' into master 2019-04-17 10:28:46 -07:00
Jose Plana
771f2ebc47 Use SAN_CERT_CSR 2019-04-13 11:01:36 +02:00
Jose Plana
c1b02cc8a5 Allow uploading csr along with certificates 2019-04-13 00:48:19 +02:00
Hossein Shafagh
ceb335f3ab
Merge branch 'master' into master 2019-04-12 09:38:41 -07:00
Curtis Castrapel
2ff57e932c Update requirements - upgrade to py37 2019-04-10 15:40:48 -07:00
Javier Ramos
d80a6bb405 Added tests for CSR parsing into CertificateInputSchema 2019-04-01 08:44:40 +02:00
Hossein Shafagh
93ce259fb2
Merge branch 'master' into verify-cert-chain 2019-03-07 12:46:19 -08:00
Hossein Shafagh
92b60b279a
Merge branch 'master' into verify-cert-chain 2019-03-06 11:15:32 -08:00
Hossein Shafagh
43b1d6217a
Merge branch 'master' into allow-cert-deletion 2019-03-06 10:59:33 -08:00
Kevin Glisson
cc6d53fdeb Ensuring that configs passed via the command line are respected. 2019-03-05 15:39:37 -08:00
Marti Raudsepp
10cec063c2 Check that stored certificate chain matches certificate 
Similar to how the private key is checked.
 2019-03-04 17:10:59 +02:00
Ronald Moesbergen
63de8047ce Return 'already deleted' instead of 'not found' when cert has already been deleted 2019-02-27 09:38:25 +01:00
Ronald Moesbergen
a9735e129c Merge branch 'master' into allow-cert-deletion 2019-02-27 09:28:48 +01:00
Hossein Shafagh
16a18cc4b7 adding more edge test cases for EC-certs 2019-02-26 16:42:26 -08:00
Hossein Shafagh
40fac02d8b the check_cert_signature() method was attempting to compare RSA and ECC signatures. 
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
 2019-02-25 19:05:54 -08:00
Ronald Moesbergen
8abf95063c Implement a ALLOW_CERT_DELETION option (boolean, default False). When enabled, the certificate delete API call will work and the UI 
will no longer display deleted certificates. When disabled (the default), the delete API call will not work (405 method not allowed)
 and the UI will show all certificates, regardless of the 'deleted' flag.
 2019-02-14 11:57:27 +01:00
Hossein Shafagh
e034771e36
Merge branch 'master' into special-issuer-for-selfsigned-certs 2019-02-11 12:04:33 -08:00
Marti Raudsepp
51248c1938 Use special issuer values <selfsigned> and <unknown> in special cases 
This way it's easy to find/distinguish selfsigned certificates stored in
Lemur.
 2019-02-05 16:56:09 +02:00
Hossein Shafagh
1d2771b014
Merge branch 'master' into get_by_attributes 2019-02-04 21:07:09 -08:00
Hossein Shafagh
45fbaf159a
Merge branch 'master' into master 2019-02-01 16:50:09 -08:00
Hossein Shafagh
8e93d007be
Merge branch 'master' into get_by_attributes 2019-02-01 16:48:50 -08:00
Marti Raudsepp
e24a94d798 Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes 
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
 2019-01-30 18:11:24 +02:00
Hossein Shafagh
e5ddf08f48
Merge branch 'master' into master 2019-01-29 16:37:29 -08:00
Marti Raudsepp
4b893ab5b4 Expose full certificate RFC 4514 Distinguished Name string 
Using rfc4514_string() method added in cryptography version 2.5.
 2019-01-23 10:03:40 +02:00
Ronald Moesbergen
4c4fbf3e48 Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted. 2019-01-21 10:25:28 +01:00
Marti Raudsepp
542e953919 Check that stored private keys match certificates 
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
  even when issuer plugins or other code paths have bugs.
 2018-12-31 16:28:20 +02:00
Marti Raudsepp
72f6fdb17d Properly handle Unicode in issuer name sanitization 
If the point of sanitization is to get rid of all non-alphanumeric
characters then Unicode characters should probably be forbidden too.

We can re-use the same sanitization function as used for cert 'name'
 2018-12-21 16:34:12 +02:00
Curtis Castrapel
e074a14ee9 unit test 2018-11-28 14:27:03 -08:00
Curtis Castrapel
75183ef2f2 Unpin most dependencies, and fix moto 2018-11-05 14:37:52 -08:00
Curtis
a8b357965e
Merge branch 'master' into get_by_attributes 2018-10-29 08:15:42 -07:00
James Chuong
75069cd52a Add CSR to certificiates 
Add csr column to certificates field, as pending certificates have
exposed the CSR already.  This is required as generating CSR from
existing certificate is will not include SANs due to OpenSSL bug:
https://github.com/openssl/openssl/issues/6481

Change-Id: I9ea86c4f87067ee6d791d77dc1cce8f469cb2a22
 2018-10-23 17:46:04 -07:00
Non Sequitur
48017a9d4c Added get_by_attributes to the certificates service, for fetching certs based on arbitrary attributes. Also associated test and extra tests for other service methods 2018-10-17 11:42:09 -04:00
Non Sequitur
40f4444099 Flake8 fix in test_verify.py 2018-10-01 22:04:31 -04:00