Commit Graph

3107 Commits

Author SHA1 Message Date
Neil Schelly
f13a3505f3 X509 extensions issue#646 (#666)
* Allowing that create_csr can be called with an additional flag in the csr_config to adjust the BasicConstraints for a CA.

* If there are no SANs, skip adding a blank list of SANs.

* Adding handling for all the extended key usage, key usage, and subject key identifier extensions.

* Fixing lint checks. I was overly verbose.

* This implements marshalling of the certificate extensions into x509 ExtensionType objects in the schema validation code.

* Will create x509 ExtensionType objects in the schema validation stage
* Allows errors parsing incoming options to bubble up to the requestor as ValidationErrors.
* Cleans up create_csr a lot in the certificates/service.py
* Makes BasicConstraints _just another extension_, rather than a hard-coded one
* Adds BasicConstraints option for path_length to the UI for creating an authority
* Removes SAN types which cannot be handled from the UI for authorities and certificates.
* Fixes Certificate() object model so that it doesn't just hard-code only SAN records in the extensions property and actually returns the extensions how you expect to see them. Since Lemur is focused on using these data in the "CSR" phase of things, extensions that don't get populated until signing will be in dict() form.* Trying out schema validation of extensions
2017-01-27 12:31:29 -08:00
Tom Lianza
4af871f408 Added migration to cover what seem to be missing fields. (#676) 2017-01-27 09:07:20 -08:00
Nevins
162d5ccb62 Gracefully handle importing certificates with missing data (#674)
* fixing index out of range issue

* catching exceptions is common values aren't set

* fixing lint errors

* fixing unrelated lint/import error
2017-01-24 13:48:53 -08:00
Doppins
b1723b4985 [Doppins] Upgrade dependency marshmallow to ==2.12.1 (#672)
* Upgrade dependency marshmallow to ==2.12.0

* Upgrade dependency marshmallow to ==2.12.1
2017-01-24 13:46:37 -08:00
Doppins
6bf7d56d51 Upgrade dependency moto to ==0.4.31 (#673) 2017-01-24 13:46:14 -08:00
Doppins
9751cbbf83 Upgrade dependency pytest to ==3.0.6 (#671) 2017-01-22 18:03:22 -08:00
Doppins
8fa5ffa007 Upgrade dependency boto3 to ==1.4.4 (#670) 2017-01-20 13:10:01 -08:00
Neil Schelly
f353956353 Many fixes to authority/certificate extensions pages (#659)
* Aligning certificate creation between authority and certificate workflows
* Correctly missing and mis-named fields in schemas
* Re-ordering KeyUsage and ExtendedKeyUsage for consistency and clarity
* Adding client authentication to the authority options.

* Missing blank lines for pyflakes linting

* Updating tests for new fields/names/typos
2017-01-18 14:31:17 -08:00
Neil Schelly
02cfb2d877 Stealing this code form the attachSubAltName function in the certificates workflow. (#655)
The function was wiping out any extensions that weren't SAN names from the authority UI.
2017-01-18 14:24:15 -08:00
Neil Schelly
1b6f88f6fd Fixing handling of adding custom OIDs in UI (#653)
* is_critical wasn't in the schema, so was getting dropped.
* isCritical in the Javascript wasn't getting assigned if it was unchecked. Now, it will be assumed false if missing.
* The display of critical or not in the list of added custom OIDs was unclear when it was just true/false with no heading. Now it will be displayed as critical or nothing instead.
* The namespace for the checkbox for isCritical was wrong, and didn't get processed with the oid/type/value variables.
2017-01-18 14:20:44 -08:00
kevgliss
9f6ad08c50 Updating hooks. (#660) 2017-01-18 14:16:31 -08:00
Neil Schelly
25340fd744 Combining Authority Key Identifier extension options in the schema. (#651)
* Combining Authority Key Identifier extension options in the schema.
This makes processing them in the cert/csr generation stage make more sense because they are two options in the same x.509 extension. They were already in the same part of the schema for authorities, but this makes the certificates follow the same pattern, and it allows them to share the same schema/validation layout.

* Updating schema tests to match changes

* Fixing an idiot typo

* I promise to stop using Travis as a typo-corrector soon.
2017-01-18 14:16:19 -08:00
Neil Schelly
7f2b44db04 Correcting grammar for subca ValidationError message for clarity (#657) 2017-01-18 12:34:16 -08:00
kevgliss
d67b6c6120 Chains are not always a given. (#645) 2017-01-08 17:27:50 -08:00
Doppins
4cfb5752b2 Upgrade dependency marshmallow to ==2.11.1 (#644) 2017-01-08 14:52:28 -08:00
Doppins
0d7b2d9f44 Upgrade dependency Flask to ==0.12 (#639) 2017-01-08 10:53:02 -08:00
Doppins
08ebc4cd59 Upgrade dependency marshmallow-sqlalchemy to ==0.12.1 (#640) 2017-01-08 10:50:37 -08:00
Doppins
85ae9712e3 Upgrade dependency marshmallow to ==2.11.0 (#642) 2017-01-08 10:49:41 -08:00
kevgliss
83128f3019 Fixing elb sync issues. (#641)
* Fixing elb sync issues.

* Fixing de-duplications of names.
2017-01-05 16:06:34 -08:00
kevgliss
7aa5ba9c6b Fixing an IAM syncing issue. Were duplicates were not properly sync'd… (#638)
* Fixing an IAM syncing issue. Were duplicates were not properly sync'd with Lemur. This resulted in a visibility gap. Even 'duplicates' need to sync'd to Lemur such that we can track rotation correctly. Failing on duplicates lead to missing those certificates and the endpoints onto which they were deployed. This commit removes the duplicate handling altogether.

* Fixing tests.
2017-01-04 17:46:47 -08:00
kevgliss
e5dee2d7e6 Adding additional metrics for when destinations fail to upload. (#637) 2016-12-28 09:52:23 -08:00
kevgliss
b0232b804e Removing cloned date defaults. (#636) 2016-12-27 11:35:53 -08:00
kevgliss
de7cec35c6 Clean refactor (#635)
* Adding rotation to the UI.

* Removing spinkit dependency.

* refactoring source cleaning
2016-12-27 10:31:33 -08:00
kevgliss
700c57b807 Rotation ui (#633)
* Adding rotation to the UI.

* Removing spinkit dependency.
2016-12-26 15:55:11 -08:00
kevgliss
ce75bba2c3 Replacement refactor. (#631)
* Deprecating replacement keyword.

* Def renaming.
2016-12-26 11:09:50 -08:00
kevgliss
46f8ebd136 Modifying the way rotation works. (#629)
* Modifying the way rotation works.

* Adding docs.

* Fixing tests.
2016-12-23 13:18:42 -08:00
kevgliss
f8279d6972 Fixes a bug where pagination was incorrect. (#628) 2016-12-21 18:39:21 -08:00
kevgliss
072ca4da4f Adding some additional output to rotation command. (#627) 2016-12-21 13:34:14 -08:00
kevgliss
8c5c30dfd4 Adding some additional output to expiration command. (#626) 2016-12-21 11:01:21 -08:00
kevgliss
edc0116a3a urllib3 still failing. (#625) 2016-12-21 11:01:09 -08:00
Doppins
c1b2c3689c [Doppins] Upgrade dependency requests to ==2.12.4 (#543)
* Upgrade dependency requests to ==2.12.2

* Upgrade dependency requests to ==2.12.3

* Upgrade dependency requests to ==2.12.4
2016-12-21 10:06:30 -08:00
Doppins
6746cc33a0 Upgrade dependency factory-boy to ==2.8.1 (#616) 2016-12-21 10:01:46 -08:00
kevgliss
74723d1a1f Adding ability to modify ELBv2 endpoints. (#624) 2016-12-21 08:23:14 -08:00
Doppins
fccb8148d5 Upgrade dependency marshmallow to ==2.10.5 (#615) 2016-12-21 07:19:32 -08:00
Doppins
3a4ebbf92c Upgrade dependency SQLAlchemy-Utils to ==0.32.12 (#614) 2016-12-21 07:19:10 -08:00
Doppins
48735e685c Upgrade dependency boto3 to ==1.4.3 (#623) 2016-12-20 18:28:07 -08:00
kevgliss
cdcae4efb0 Closes #594 (#621) 2016-12-20 14:26:39 -08:00
kevgliss
f7c795c7f6 Closes #577. (#622) 2016-12-20 14:26:29 -08:00
kevgliss
beba2ba092 Adding additional reporting and refactoring existing setup. (#620) 2016-12-20 12:48:14 -08:00
kevgliss
9ac10a97ce Fix acme tests (#619)
* Ensures that in-active users are not allowed to login.

* Ensuring acme issuer loads correctly.
2016-12-19 22:59:23 -08:00
kevgliss
2f5f82d797 Ensures that in-active users are not allowed to login. (#618) 2016-12-19 22:58:57 -08:00
kevgliss
c7fdb2acd7 adding required variables (#611) 2016-12-18 18:21:22 -08:00
kevgliss
51c7216b70 Fixing configuration value. (#610)
* Fixing and configuration value.

* Pinning fake factory.
2016-12-18 18:21:12 -08:00
Marti Raudsepp
0f3ffaade0 Fall back to CN for CA name when organization is not available (#607)
In-house CAs may not have the organization field filled out.
2016-12-16 16:27:25 -08:00
kevgliss
156b98f7f0 Ensuring that rotation only happens for certificates with endpoints to rotate. (#606) 2016-12-15 15:20:21 -08:00
kevgliss
a09faac9a7 Endpoint sync fixes (#604) 2016-12-15 10:26:59 -08:00
kevgliss
d20c552248 Fixing issues with rotation. (#603)
* Fixing issues with rotation.

* Fixing tests
2016-12-14 17:30:13 -08:00
Doppins
f7fdf7902d Upgrade dependency boto to ==2.45.0 (#601) 2016-12-14 16:53:47 -08:00
Marti Raudsepp
b327963925 Plugin base classes: update method signatures & fix raise (#598)
This way IDEs can verify method overrides in subclasses, otherwise these
are flagged as erroneous.

Changed base classes to properly raise NotImplementedError; previously
they would cause "TypeError: exceptions must derive from BaseException"

Also fixed exception handling in sources.service.clean().
2016-12-14 13:42:29 -08:00
Marti Raudsepp
1eb3d563c6 Fix error reporting for certs without private key (#599) 2016-12-14 13:25:56 -08:00