Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,043 Commits 4 Branches 45 Tags 7.5 MiB
Commit Graph

109 Commits

Author SHA1 Message Date
Hossein Shafagh 580506f605 lint 2021-03-04 19:21:26 -08:00
Hossein Shafagh fdd6140995 typo and removing unused session commit 2021-03-04 19:16:06 -08:00
Hossein Shafagh 8e5e8fdd03 tests 2021-03-04 19:12:57 -08:00
sayali 51e90f6fb2 ECCPRIME256V1 as default for cert create API 2021-02-10 20:06:14 -08:00
Jasmine Schladen 29aeb9b298 Subordinate -> Intermediate wording 2020-12-03 17:59:13 -08:00
Jasmine Schladen 576c69c8e5 Fix DB query for cert count for authority 2020-12-03 17:56:39 -08:00
sayali 7a1f13dcb5 CRL Reason for certificate revoke 2020-11-30 20:06:37 -08:00
sayali 392725ff30 Add description check in reissue unit test 2020-10-26 15:33:20 -07:00
sayali 4d5e712e85 Remove option reset from test 2020-10-14 15:40:23 -07:00
sayali ee1d07000a Test subject details in reissue with cab_compliant option 2020-10-14 14:49:53 -07:00
sayali 90839b4d4b Unit test for cab_compliant = true 2020-10-14 14:49:53 -07:00
sayali 62d099b500 Unit tests to check cab_compliant option 2020-10-14 12:41:56 -07:00
Hossein Shafagh 5db1d31668
Merge branch 'master' into removing-outdated-language 2020-10-12 10:22:53 -07:00
Hossein Shafagh 770339f94c cleaning up outdated phrases 2020-10-09 18:04:16 -07:00
sayali d52e0d4e09 Certificate edit: update role and notification with owner change 2020-10-09 16:55:30 -07:00
sayali d5ce38bf71 lint error fix - remove whitespace 2020-10-08 12:50:30 -07:00
sayali 8928e04385 Fix disable notify 2020-10-08 11:38:52 -07:00
sayali b7d0e62844 Make location optional 
Remove form validation and default value in input schema
 2020-10-07 13:31:23 -07:00
sayali cd13832377 Use key_type column for cert get/rotate/reissue/display 
Added unit tests
 2020-09-23 15:16:19 -07:00
csine-nflx cee81bd693 updated requirements, fixed unittests, pytest, and distinguidedName ordering 2020-04-09 18:17:05 -07:00
Curtis Castrapel 5e389f3f48 Add certificate1 to test DB 2019-05-29 12:38:17 -07:00
Curtis Castrapel 68fd1556b2 Black lint all the things 2019-05-16 07:57:02 -07:00
Curtis f6afcc6d21
Merge branch 'master' into master 2019-04-17 10:28:46 -07:00
Jose Plana 771f2ebc47 Use SAN_CERT_CSR 2019-04-13 11:01:36 +02:00
Jose Plana c1b02cc8a5 Allow uploading csr along with certificates 2019-04-13 00:48:19 +02:00
Javier Ramos d80a6bb405 Added tests for CSR parsing into CertificateInputSchema 2019-04-01 08:44:40 +02:00
Hossein Shafagh 93ce259fb2
Merge branch 'master' into verify-cert-chain 2019-03-07 12:46:19 -08:00
Marti Raudsepp 10cec063c2 Check that stored certificate chain matches certificate 
Similar to how the private key is checked.
 2019-03-04 17:10:59 +02:00
Ronald Moesbergen 63de8047ce Return 'already deleted' instead of 'not found' when cert has already been deleted 2019-02-27 09:38:25 +01:00
Ronald Moesbergen 8abf95063c Implement a ALLOW_CERT_DELETION option (boolean, default False). When enabled, the certificate delete API call will work and the UI 
will no longer display deleted certificates. When disabled (the default), the delete API call will not work (405 method not allowed)
 and the UI will show all certificates, regardless of the 'deleted' flag.
 2019-02-14 11:57:27 +01:00
Hossein Shafagh 1d2771b014
Merge branch 'master' into get_by_attributes 2019-02-04 21:07:09 -08:00
Hossein Shafagh 8e93d007be
Merge branch 'master' into get_by_attributes 2019-02-01 16:48:50 -08:00
Hossein Shafagh e5ddf08f48
Merge branch 'master' into master 2019-01-29 16:37:29 -08:00
Marti Raudsepp 4b893ab5b4 Expose full certificate RFC 4514 Distinguished Name string 
Using rfc4514_string() method added in cryptography version 2.5.
 2019-01-23 10:03:40 +02:00
Ronald Moesbergen 4c4fbf3e48 Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted. 2019-01-21 10:25:28 +01:00
Marti Raudsepp 542e953919 Check that stored private keys match certificates 
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
  even when issuer plugins or other code paths have bugs.
 2018-12-31 16:28:20 +02:00
Curtis a8b357965e
Merge branch 'master' into get_by_attributes 2018-10-29 08:15:42 -07:00
James Chuong 75069cd52a Add CSR to certificiates 
Add csr column to certificates field, as pending certificates have
exposed the CSR already.  This is required as generating CSR from
existing certificate is will not include SANs due to OpenSSL bug:
https://github.com/openssl/openssl/issues/6481

Change-Id: I9ea86c4f87067ee6d791d77dc1cce8f469cb2a22
 2018-10-23 17:46:04 -07:00
Non Sequitur 48017a9d4c Added get_by_attributes to the certificates service, for fetching certs based on arbitrary attributes. Also associated test and extra tests for other service methods 2018-10-17 11:42:09 -04:00
Curtis Castrapel 7d42e4ce67 Fix certificate import issues 2018-09-10 10:34:47 -07:00
Curtis ab37189022
Merge branch 'master' into unittests-use-valid-certs 2018-08-07 09:42:39 -07:00
Marti Raudsepp 82158aece6 Fill in missing cert rotation_policy; don't ignore validation errors when re-issuing certs 
CertificateInputSchema requires the rotation_policy field, but
certificates created before the field existed have set to NULL. Thus
saving such certificates failed and probably caused other errors.

Made cert re-issuing (get_certificate_primitives) more strict so such
errors are harder to miss in the future.
 2018-08-03 20:06:21 +03:00
Marti Raudsepp 1f0f432327 Fix unit tests certificates to have correct chains and private keys 
In preparation for certificate integrity-checking: invalid certificate
chains and mismatching private keys will no longer be allowed anywhere
in Lemur code.

The test vector certs were generated using the Lemur "cryptography"
authority plugin.

* Certificates are now more similar to real-world usage: long serial
  numbers, etc.
* Private key is included for all certs, so it's easy to re-generate
  anything if needed.
 2018-08-03 19:45:13 +03:00
Marti Raudsepp acd2701fa2 Delete dead code in unit tests (#1510) 2018-08-03 08:21:55 -07:00
Marti Raudsepp d690ea32bc Cache parsed certificate instead of re-parsing for each field 
Use @cached_property decorator to cache the results of parse_certificate().

This significantly cuts down on the number of times certs need to be
parsed for a list view.
 2018-07-03 17:31:44 +03:00
Curtis Castrapel a9b9b27a0b fix tests 2018-05-10 12:58:04 -07:00
Curtis Castrapel 6500559f8e Fix issue with automatically renewing acme certificates 2018-05-08 14:54:10 -07:00
Curtis Castrapel efd5836e43 fix test 2018-04-26 09:04:13 -07:00
Curtis Castrapel 7704f51441 Working acme flow. Pending DNS providers UI 2018-04-24 09:38:57 -07:00
Marti Raudsepp 8e2b2123f1 Fix filtering on boolean columns, broken with SQLAlchemy 1.2 upgrade 
SQLAlchemy 1.2 does not allow comparing string values to boolean
columns. This caused errors like:

    sqlalchemy.exc.StatementError: (builtins.TypeError) Not a boolean value: 'true'

For more details see http://docs.sqlalchemy.org/en/latest/changelog/migration_12.html#boolean-datatype-now-enforces-strict-true-false-none-values
 2018-04-09 18:59:23 +03:00