Hossein Shafagh
580506f605
lint
2021-03-04 19:21:26 -08:00
Hossein Shafagh
fdd6140995
typo and removing unused session commit
2021-03-04 19:16:06 -08:00
Hossein Shafagh
8e5e8fdd03
tests
2021-03-04 19:12:57 -08:00
sayali
51e90f6fb2
ECCPRIME256V1 as default for cert create API
2021-02-10 20:06:14 -08:00
Jasmine Schladen
29aeb9b298
Subordinate -> Intermediate wording
2020-12-03 17:59:13 -08:00
Jasmine Schladen
576c69c8e5
Fix DB query for cert count for authority
2020-12-03 17:56:39 -08:00
sayali
7a1f13dcb5
CRL Reason for certificate revoke
2020-11-30 20:06:37 -08:00
sayali
392725ff30
Add description check in reissue unit test
2020-10-26 15:33:20 -07:00
sayali
4d5e712e85
Remove option reset from test
2020-10-14 15:40:23 -07:00
sayali
ee1d07000a
Test subject details in reissue with cab_compliant option
2020-10-14 14:49:53 -07:00
sayali
90839b4d4b
Unit test for cab_compliant = true
2020-10-14 14:49:53 -07:00
sayali
62d099b500
Unit tests to check cab_compliant option
2020-10-14 12:41:56 -07:00
Hossein Shafagh
5db1d31668
Merge branch 'master' into removing-outdated-language
2020-10-12 10:22:53 -07:00
Hossein Shafagh
770339f94c
cleaning up outdated phrases
2020-10-09 18:04:16 -07:00
sayali
d52e0d4e09
Certificate edit: update role and notification with owner change
2020-10-09 16:55:30 -07:00
sayali
d5ce38bf71
lint error fix - remove whitespace
2020-10-08 12:50:30 -07:00
sayali
8928e04385
Fix disable notify
2020-10-08 11:38:52 -07:00
sayali
b7d0e62844
Make location optional
...
Remove form validation and default value in input schema
2020-10-07 13:31:23 -07:00
sayali
cd13832377
Use key_type column for cert get/rotate/reissue/display
...
Added unit tests
2020-09-23 15:16:19 -07:00
csine-nflx
cee81bd693
updated requirements, fixed unittests, pytest, and distinguidedName ordering
2020-04-09 18:17:05 -07:00
Curtis Castrapel
5e389f3f48
Add certificate1 to test DB
2019-05-29 12:38:17 -07:00
Curtis Castrapel
68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
Curtis
f6afcc6d21
Merge branch 'master' into master
2019-04-17 10:28:46 -07:00
Jose Plana
771f2ebc47
Use SAN_CERT_CSR
2019-04-13 11:01:36 +02:00
Jose Plana
c1b02cc8a5
Allow uploading csr along with certificates
2019-04-13 00:48:19 +02:00
Javier Ramos
d80a6bb405
Added tests for CSR parsing into CertificateInputSchema
2019-04-01 08:44:40 +02:00
Hossein Shafagh
93ce259fb2
Merge branch 'master' into verify-cert-chain
2019-03-07 12:46:19 -08:00
Marti Raudsepp
10cec063c2
Check that stored certificate chain matches certificate
...
Similar to how the private key is checked.
2019-03-04 17:10:59 +02:00
Ronald Moesbergen
63de8047ce
Return 'already deleted' instead of 'not found' when cert has already been deleted
2019-02-27 09:38:25 +01:00
Ronald Moesbergen
8abf95063c
Implement a ALLOW_CERT_DELETION option (boolean, default False). When enabled, the certificate delete API call will work and the UI
...
will no longer display deleted certificates. When disabled (the default), the delete API call will not work (405 method not allowed)
and the UI will show all certificates, regardless of the 'deleted' flag.
2019-02-14 11:57:27 +01:00
Hossein Shafagh
1d2771b014
Merge branch 'master' into get_by_attributes
2019-02-04 21:07:09 -08:00
Hossein Shafagh
8e93d007be
Merge branch 'master' into get_by_attributes
2019-02-01 16:48:50 -08:00
Hossein Shafagh
e5ddf08f48
Merge branch 'master' into master
2019-01-29 16:37:29 -08:00
Marti Raudsepp
4b893ab5b4
Expose full certificate RFC 4514 Distinguished Name string
...
Using rfc4514_string() method added in cryptography version 2.5.
2019-01-23 10:03:40 +02:00
Ronald Moesbergen
4c4fbf3e48
Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted.
2019-01-21 10:25:28 +01:00
Marti Raudsepp
542e953919
Check that stored private keys match certificates
...
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
even when issuer plugins or other code paths have bugs.
2018-12-31 16:28:20 +02:00
Curtis
a8b357965e
Merge branch 'master' into get_by_attributes
2018-10-29 08:15:42 -07:00
James Chuong
75069cd52a
Add CSR to certificiates
...
Add csr column to certificates field, as pending certificates have
exposed the CSR already. This is required as generating CSR from
existing certificate is will not include SANs due to OpenSSL bug:
https://github.com/openssl/openssl/issues/6481
Change-Id: I9ea86c4f87067ee6d791d77dc1cce8f469cb2a22
2018-10-23 17:46:04 -07:00
Non Sequitur
48017a9d4c
Added get_by_attributes to the certificates service, for fetching certs based on arbitrary attributes. Also associated test and extra tests for other service methods
2018-10-17 11:42:09 -04:00
Curtis Castrapel
7d42e4ce67
Fix certificate import issues
2018-09-10 10:34:47 -07:00
Curtis
ab37189022
Merge branch 'master' into unittests-use-valid-certs
2018-08-07 09:42:39 -07:00
Marti Raudsepp
82158aece6
Fill in missing cert rotation_policy; don't ignore validation errors when re-issuing certs
...
CertificateInputSchema requires the rotation_policy field, but
certificates created before the field existed have set to NULL. Thus
saving such certificates failed and probably caused other errors.
Made cert re-issuing (get_certificate_primitives) more strict so such
errors are harder to miss in the future.
2018-08-03 20:06:21 +03:00
Marti Raudsepp
1f0f432327
Fix unit tests certificates to have correct chains and private keys
...
In preparation for certificate integrity-checking: invalid certificate
chains and mismatching private keys will no longer be allowed anywhere
in Lemur code.
The test vector certs were generated using the Lemur "cryptography"
authority plugin.
* Certificates are now more similar to real-world usage: long serial
numbers, etc.
* Private key is included for all certs, so it's easy to re-generate
anything if needed.
2018-08-03 19:45:13 +03:00
Marti Raudsepp
acd2701fa2
Delete dead code in unit tests ( #1510 )
2018-08-03 08:21:55 -07:00
Marti Raudsepp
d690ea32bc
Cache parsed certificate instead of re-parsing for each field
...
Use @cached_property decorator to cache the results of parse_certificate().
This significantly cuts down on the number of times certs need to be
parsed for a list view.
2018-07-03 17:31:44 +03:00
Curtis Castrapel
a9b9b27a0b
fix tests
2018-05-10 12:58:04 -07:00
Curtis Castrapel
6500559f8e
Fix issue with automatically renewing acme certificates
2018-05-08 14:54:10 -07:00
Curtis Castrapel
efd5836e43
fix test
2018-04-26 09:04:13 -07:00
Curtis Castrapel
7704f51441
Working acme flow. Pending DNS providers UI
2018-04-24 09:38:57 -07:00
Marti Raudsepp
8e2b2123f1
Fix filtering on boolean columns, broken with SQLAlchemy 1.2 upgrade
...
SQLAlchemy 1.2 does not allow comparing string values to boolean
columns. This caused errors like:
sqlalchemy.exc.StatementError: (builtins.TypeError) Not a boolean value: 'true'
For more details see http://docs.sqlalchemy.org/en/latest/changelog/migration_12.html#boolean-datatype-now-enforces-strict-true-false-none-values
2018-04-09 18:59:23 +03:00