Compare commits
	
		
			1 Commits
		
	
	
		
			pkg/dev/ri
			...
			develop
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| bb5b32a435 | 
							
								
								
									
										1
									
								
								debian/compat
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								debian/compat
									
									
									
									
										vendored
									
									
								
							| @@ -1 +0,0 @@ | |||||||
| 11 |  | ||||||
							
								
								
									
										102
									
								
								debian/control
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										102
									
								
								debian/control
									
									
									
									
										vendored
									
									
								
							| @@ -1,102 +0,0 @@ | |||||||
| Source: lemur |  | ||||||
| Section: admin |  | ||||||
| Priority: extra |  | ||||||
| Maintainer: Cadoles <contact@cadoles.com> |  | ||||||
| Build-depends: debhelper (>=11), |  | ||||||
| 	python3-all, |  | ||||||
| 	python3-setuptools, |  | ||||||
| 	dh-python, |  | ||||||
| 	git, |  | ||||||
| 	npm |  | ||||||
| Standards-Version: 3.9.4 |  | ||||||
| Homepage: https://forge.cadoles.com/Infra/lemur |  | ||||||
|  |  | ||||||
| Package: lemur |  | ||||||
| Architecture: any |  | ||||||
| Pre-Depends: dpkg, python3, ${misc:Pre-Depends} |  | ||||||
| Depends: ${python:Depends}, ${misc:Depends}, |  | ||||||
| 	python3-lemur |  | ||||||
| Description: Lemur |  | ||||||
|  |  | ||||||
| Package: python3-lemur |  | ||||||
| Architecture: any |  | ||||||
| Pre-Depends: dpkg, python3, ${misc:Pre-Depends} |  | ||||||
| Depends: python3-acme, |  | ||||||
| 	python3-alembic, |  | ||||||
| 	python3-amqp, |  | ||||||
| 	python3-aniso8601, |  | ||||||
| 	python3-arrow, |  | ||||||
| 	python3-bcrypt, |  | ||||||
| 	python3-bs4, |  | ||||||
| 	python3-billiard, |  | ||||||
| 	python3-blinker, |  | ||||||
| 	python3-boto3, |  | ||||||
| 	python3-botocore, |  | ||||||
| 	python3-celery, |  | ||||||
| 	python3-certifi, |  | ||||||
| 	python3-cffi, |  | ||||||
| 	python3-chardet, |  | ||||||
| 	python3-click, |  | ||||||
| 	python3-cloudflare, |  | ||||||
| 	python3-dnspython, |  | ||||||
| 	python3-flask-bcrypt, |  | ||||||
| 	python3-flask-cors, |  | ||||||
| 	python3-flask-mail, |  | ||||||
| 	python3-flask-migrate, |  | ||||||
| 	python3-flask-principal, |  | ||||||
| 	python3-flask-restful, |  | ||||||
| 	python3-flask-script, |  | ||||||
| 	python3-flask-sqlalchemy, |  | ||||||
| 	python3-flask, |  | ||||||
| 	python3-future, |  | ||||||
| 	python3-gunicorn, |  | ||||||
| 	python3-hvac, |  | ||||||
| 	python3-idna, |  | ||||||
| 	python3-inflection, |  | ||||||
| 	python3-itsdangerous, |  | ||||||
| 	python3-jinja2, |  | ||||||
| 	python3-jmespath, |  | ||||||
| 	python3-josepy, |  | ||||||
| 	python3-kombu, |  | ||||||
| 	python3-lockfile, |  | ||||||
| 	python3-mako, |  | ||||||
| 	python3-markupsafe, |  | ||||||
| 	python3-marshmallow-sqlalchemy, |  | ||||||
| 	python3-ndg-httpsclient, |  | ||||||
| 	python3-paramiko, |  | ||||||
| 	python3-pem, |  | ||||||
| 	python3-psycopg2, |  | ||||||
| 	python3-pyasn1-modules, |  | ||||||
| 	python3-pyasn1, |  | ||||||
| 	python3-pycparser, |  | ||||||
| 	python3-jwt, |  | ||||||
| 	python3-nacl, |  | ||||||
| 	python3-openssl, |  | ||||||
| 	python3-rfc3339, |  | ||||||
| 	python3-dateutil, |  | ||||||
| 	python3-editor, |  | ||||||
| 	python3-pythonjsonlogger, |  | ||||||
| 	python3-ldap, |  | ||||||
| 	python3-tz, |  | ||||||
| 	python3-yaml, |  | ||||||
| 	python3-redis, |  | ||||||
| 	python3-requests-toolbelt, |  | ||||||
| 	python3-requests, |  | ||||||
| 	python3-retrying, |  | ||||||
| 	python3-s3transfer, |  | ||||||
| 	python3-six, |  | ||||||
| 	python3-soupsieve, |  | ||||||
| 	python3-sqlalchemy-utils, |  | ||||||
| 	python3-sqlalchemy, |  | ||||||
| 	python3-tabulate, |  | ||||||
| 	python3-urllib3, |  | ||||||
| 	python3-vine, |  | ||||||
| 	python3-werkzeug, |  | ||||||
| 	python3-xmltodict |  | ||||||
| Description: Lemur - library part |  | ||||||
|  |  | ||||||
| Package: lemur-static |  | ||||||
| Architecture: any |  | ||||||
| Pre-Depends: ${misc:Pre-Depends} |  | ||||||
| Depends: ${misc:Depends} |  | ||||||
| Description: static HTML/JS/CSS file |  | ||||||
							
								
								
									
										10
									
								
								debian/copyright
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										10
									
								
								debian/copyright
									
									
									
									
										vendored
									
									
								
							| @@ -1,10 +0,0 @@ | |||||||
| Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ |  | ||||||
| Upstream-Name: lemur |  | ||||||
| Upstream-Contact: Cadoles <contact@cadoles.com> |  | ||||||
| Source: https://forge.cadoles.com/Infra/lemur |  | ||||||
|  |  | ||||||
| Files: * |  | ||||||
| Copyright: Lemur |  | ||||||
| License: Apache-2.0 License  |  | ||||||
|  |  | ||||||
| License: Apache-2.0 License  |  | ||||||
							
								
								
									
										2
									
								
								debian/lemur-static.install
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								debian/lemur-static.install
									
									
									
									
										vendored
									
									
								
							| @@ -1,2 +0,0 @@ | |||||||
| lemur/static/dist/* usr/share/lemur/static/ |  | ||||||
| lemur/migrations usr/share/lemur |  | ||||||
							
								
								
									
										28
									
								
								debian/rules
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										28
									
								
								debian/rules
									
									
									
									
										vendored
									
									
								
							| @@ -1,28 +0,0 @@ | |||||||
| #!/usr/bin/make -f |  | ||||||
| # See debhelper(7) (uncomment to enable) |  | ||||||
| # output every command that modifies files on the build system. |  | ||||||
| #DH_VERBOSE = 1 |  | ||||||
|  |  | ||||||
| export PYBUILD_NAME = lemur |  | ||||||
| export PYBUILD_DISABLE_python3 = test |  | ||||||
|  |  | ||||||
| %: |  | ||||||
| 	# suppression requirements version of package |  | ||||||
| 	# only last version are supported by lemur |  | ||||||
| 	# but Ubuntu has not last version |  | ||||||
| 	sed -i "s/==\(\([[:digit:]]\)*\(\.\)*\)*//g" requirements.txt |  | ||||||
| 	dh $@ --with python3 --buildsystem=pybuild |  | ||||||
|  |  | ||||||
| override_dh_install: |  | ||||||
| 	rm -rf debian/python3-lemur/usr/lib/python*/dist-packages/lemur/static/ |  | ||||||
| 	rm -rf debian/python3-lemur/usr/lib/python*/dist-packages/lemur/tests/ |  | ||||||
| 	rm -rf debian/python3-lemur/usr/lib/python*/dist-packages/trustores |  | ||||||
| 	mkdir -p debian/lemur/usr |  | ||||||
| 	mv debian/python3-lemur/usr/bin debian/lemur/usr |  | ||||||
| 	dh_install |  | ||||||
|  |  | ||||||
| override_dh_auto_build: |  | ||||||
| 	npm install --unsafe-perm |  | ||||||
| 	node_modules/.bin/gulp build |  | ||||||
| 	node_modules/.bin/gulp package --urlContextPath=lemur |  | ||||||
| 	dh_auto_build |  | ||||||
							
								
								
									
										1
									
								
								debian/source/format
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								debian/source/format
									
									
									
									
										vendored
									
									
								
							| @@ -1 +0,0 @@ | |||||||
| 3.0 (quilt) |  | ||||||
| @@ -373,6 +373,7 @@ class CertificateOutputSchema(LemurOutputSchema): | |||||||
|             plugin = plugins.get(cert['authority']['plugin']['slug']) |             plugin = plugins.get(cert['authority']['plugin']['slug']) | ||||||
|         if plugin: |         if plugin: | ||||||
|             plugin.wrap_certificate(cert) |             plugin.wrap_certificate(cert) | ||||||
|  |         if 'root_authority' in cert: | ||||||
|             del cert['root_authority'] |             del cert['root_authority'] | ||||||
|  |  | ||||||
|  |  | ||||||
|   | |||||||
| @@ -48,10 +48,15 @@ def split_cert(body): | |||||||
|  |  | ||||||
|  |  | ||||||
| def sign_certificate(common_name, public_key, authority_private_key, user, extensions, not_before, not_after): | def sign_certificate(common_name, public_key, authority_private_key, user, extensions, not_before, not_after): | ||||||
|  |     private_key = parse_private_key(authority_private_key).private_bytes( | ||||||
|  |         encoding=serialization.Encoding.PEM, | ||||||
|  |         format=serialization.PrivateFormat.OpenSSH, | ||||||
|  |         encryption_algorithm=serialization.NoEncryption(), | ||||||
|  |     ).decode() | ||||||
|     with mktempfile() as issuer_tmp: |     with mktempfile() as issuer_tmp: | ||||||
|         cmd = ['ssh-keygen', '-s', issuer_tmp] |         cmd = ['ssh-keygen', '-s', issuer_tmp] | ||||||
|         with open(issuer_tmp, 'w') as i: |         with open(issuer_tmp, 'w') as i: | ||||||
|             i.writelines(authority_private_key) |             i.writelines(private_key) | ||||||
|         if 'extendedKeyUsage' in extensions and extensions['extendedKeyUsage'].get('useClientAuthentication'): |         if 'extendedKeyUsage' in extensions and extensions['extendedKeyUsage'].get('useClientAuthentication'): | ||||||
|             cmd.extend(['-I', user['username'] + ' user key', |             cmd.extend(['-I', user['username'] + ' user key', | ||||||
|                         '-n', user['username']]) |                         '-n', user['username']]) | ||||||
| @@ -63,9 +68,9 @@ def sign_certificate(common_name, public_key, authority_private_key, user, exten | |||||||
|             cmd.extend(['-I', common_name + ' host key', |             cmd.extend(['-I', common_name + ' host key', | ||||||
|                         '-n', ','.join(domains), |                         '-n', ','.join(domains), | ||||||
|                         '-h']) |                         '-h']) | ||||||
|         # something like 20201024 |         # something like 20201024102030 | ||||||
|         ssh_not_before = datetime.fromisoformat(not_before).strftime("%Y%m%d") |         ssh_not_before = datetime.fromisoformat(not_before).strftime("%Y%m%d%H%M%S") | ||||||
|         ssh_not_after = datetime.fromisoformat(not_after).strftime("%Y%m%d") |         ssh_not_after = datetime.fromisoformat(not_after).strftime("%Y%m%d%H%M%S") | ||||||
|         cmd.extend(['-V', ssh_not_before + ':' + ssh_not_after]) |         cmd.extend(['-V', ssh_not_before + ':' + ssh_not_after]) | ||||||
|         with mktempfile() as cert_tmp: |         with mktempfile() as cert_tmp: | ||||||
|             with open(cert_tmp, 'w') as f: |             with open(cert_tmp, 'w') as f: | ||||||
| @@ -102,6 +107,8 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin): | |||||||
|         return cert_pem, private_key, chain_cert_pem, roles |         return cert_pem, private_key, chain_cert_pem, roles | ||||||
|  |  | ||||||
|     def wrap_certificate(self, cert): |     def wrap_certificate(self, cert): | ||||||
|  |         if 'body' not in cert: | ||||||
|  |             return | ||||||
|         # get public_key in OpenSSH format |         # get public_key in OpenSSH format | ||||||
|         public_key = parse_certificate(cert['body']).public_key().public_bytes( |         public_key = parse_certificate(cert['body']).public_key().public_bytes( | ||||||
|             encoding=serialization.Encoding.OpenSSH, |             encoding=serialization.Encoding.OpenSSH, | ||||||
| @@ -109,10 +116,11 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin): | |||||||
|         ).decode() |         ).decode() | ||||||
|         public_key += ' ' + cert['user']['email'] |         public_key += ' ' + cert['user']['email'] | ||||||
|         # sign it with authority private key |         # sign it with authority private key | ||||||
|         if 'root_authority' in cert: |         if 'root_authority' in cert and cert['root_authority']: | ||||||
|             root_authority = cert['root_authority'] |             authority = cert['root_authority'] | ||||||
|         else: |         else: | ||||||
|             root_authority = get_by_root_authority(cert['authority']['id']) |             authority = cert['authority'] | ||||||
|  |         root_authority = get_by_root_authority(authority['id']) | ||||||
|         authority_private_key = root_authority.private_key |         authority_private_key = root_authority.private_key | ||||||
|         cert['body'] = sign_certificate( |         cert['body'] = sign_certificate( | ||||||
|             cert['common_name'], |             cert['common_name'], | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user