lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
263 Commits 2 Branches 0 Tags 18 MiB
Commit Graph

57 Commits

Author SHA1 Message Date
Lauri Võsandi 9aab212647 Add tests for token mechanism 2017-04-26 09:13:41 +03:00
Lauri Võsandi d6d998a9e6 Add tests for SQLite based logging 2017-04-25 23:42:55 +03:00
Lauri Võsandi f9429b2e94 Add autosign handling for request submission test 2017-04-25 16:40:33 +03:00
Lauri Võsandi d5edbe50c5 Token mechanism fixes 2017-04-24 20:33:55 +03:00
Lauri Võsandi 9658d8cc83 Fixes, add some screenshots 2017-04-22 22:48:29 +03:00
Lauri Võsandi 029ee357fb Token mechanism fixes: 
* Save token secret to config
* OpenVPN profile fixes for Ubuntu 16.04
* Raise correct exceptions for invalid tokens
* Display token expiration time in local time
 2017-04-22 14:10:54 +03:00
Lauri Võsandi 0344141faf Add token based auth for profiles 2017-04-21 21:22:08 +00:00
Lauri Võsandi 9a793088c6 Use local MTA for sending e-mail 2017-04-21 16:58:01 +00:00
Lauri Võsandi 5e812f5194 Fixes 2017-04-20 05:20:10 +00:00
Lauri Võsandi b57fbfa696 Fix typo 2017-04-14 11:08:26 +00:00
Lauri Võsandi b9ac55fe26 Configuration generation fixes for nchan 2017-04-14 11:06:09 +00:00
Lauri Võsandi 52d35012a4 Various fixes 2017-04-13 20:30:56 +00:00
Lauri Võsandi 4a9abab362 Fix nginx configuration generation 2017-04-13 15:19:26 +00:00
Lauri Võsandi 02482e8d79 Migrate to python-gssapi 2017-04-13 14:33:40 +00:00
Lauri Võsandi 51d7dffa9b Bugfixes 2017-04-12 13:56:29 +00:00
Lauri Võsandi 09724e04dc Add preliminary bootstrap API call 2017-04-12 13:21:49 +00:00
Lauri Võsandi f806545bee Use filesystem extended attribute user.xdg.tags for tags, move leases to user.lease namespace 2017-03-26 10:09:18 +00:00
Lauri Võsandi 1813056fc7 Move leases and tagging backend to filesystem extended attributes 2017-03-26 00:10:09 +00:00
Lauri Võsandi 7eb8378562 Attempt to fix tests 2017-03-13 17:20:41 +02:00
Lauri Võsandi 06010ceaf3 Refactor 
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
 2017-03-13 11:42:58 +00:00
Lauri Võsandi 2a8109704a Refactor 
* Remove given name and surname attributes because of issues with OpenVPN Connect
* Remove e-mail attribute because of no reliable method of deriving usable address
* Remove organizational unit attribute
* Don't overwrite Kerberos cronjob during certidude setup authority
* Enforce path_length=0 for disabling intermediate CA-s
* Remove SAN attributes
* Add configuration options for outbox sender name and address
* Use common name attribute to derive signature flags
* Use distinct pub/sub URL-s for long poll and event source
 2017-02-07 22:07:21 +00:00
Lauri Võsandi 108c2bc017 Clean up server.conf template 2017-01-26 22:14:56 +00:00
Lauri Võsandi 1ec5ad3b7c Add openvpn-status.log support 2017-01-26 21:59:12 +00:00
Lauri Võsandi 1925207a6d Add OpenVPN bundle generation 2017-01-25 11:34:08 +00:00
Lauri Võsandi cca9d2ab2d Refactor LDAP authentication 
* ldap uri can be specified in /etc/certidude/server.conf now
* /etc/ldap/ldap.conf is ignored
 2017-01-25 09:43:19 +00:00
Lauri Võsandi 175f7f5d53 Fixes for LDAP access using machine credentials 2017-01-20 10:56:46 +00:00
Lauri Võsandi 9cf5e298e8 Fix systemd service template 2016-09-18 00:21:24 +03:00
Lauri Võsandi b4d006227a Refactor codebase 
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
 2016-09-18 00:00:14 +03:00
Lauri Võsandi 7012f5b365 Make user certificate enrollment configurable 2016-04-01 01:55:51 +03:00
Lauri Võsandi fa27253b50 Add 'certidude users' command for listing user accounts 2016-04-01 00:01:58 +03:00
Lauri Võsandi ec2dea7a13 cli: Authority setup script fixes 2016-03-30 22:05:32 +03:00
Lauri Võsandi d2a259b887 Merge authority setup and production setup 2016-03-29 22:03:27 +03:00
Lauri Võsandi af60fd8047 cli: Fix authority setup script 2016-03-29 18:37:28 +03:00
Lauri Võsandi d8f1e36ecf Reduce default CRL lifetime to 20min 2016-03-29 15:17:44 +03:00
Lauri Võsandi 6de010a411 Make /api/revoked conform to RFC5280 2016-03-29 13:28:58 +03:00
Lauri Võsandi 1475828899 Fix CRL distriution points and add authority information access extensions 2016-03-29 12:29:15 +03:00
Lauri Võsandi e721648328 Use common name instead of IP address as listening address for IPSec gateway 2016-03-29 12:28:10 +03:00
Lauri Võsandi de42d97b59 Add $ssl_client_s_dn_cn for nginx config template 2016-03-29 08:28:48 +03:00
Lauri Võsandi 3d32de8cad Documentation fixes and attempt to fix Travis 2016-03-28 00:00:41 +03:00
Lauri Võsandi 925bc0ef9a Refactor users, add OpenVPN and mailing support 
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
 2016-03-27 23:38:14 +03:00
Lauri Võsandi 811e6dbb08 Complete overhaul 
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
 2016-03-21 23:42:39 +02:00
Lauri Võsandi ece05a21e0 cli: Added closeaction=restart to ipsec.conf template 2015-12-16 21:55:49 +00:00
Lauri Võsandi da6600e2e9 api: Added signed certificate tagging mechanism 2015-12-16 17:41:49 +00:00
Lauri Võsandi b788d701eb Refactor wrappers 
Completely remove wrapper class for CA,
use certidude.authority module instead.
 2015-12-12 22:39:17 +00:00
Lauri Võsandi 8397d02f26 Removed leftfirewall=yes from strongSwan config template 2015-11-20 21:17:46 +01:00
Lauri Võsandi f893582338 Major refactoring, CA is associated with it's hostname now 2015-11-15 15:55:26 +01:00
Lauri Võsandi ffd6eccd80 Merge branch 'codecov' of https://github.com/plaes/certidude into plaes-codecov 
Conflicts:
	certidude/api.py
 2015-11-06 09:08:00 +02:00
Lauri Võsandi a413a15854 Added preliminary event handling for front-end 2015-10-28 11:46:36 +01:00
Lauri Võsandi 3012d843a9 Enabled certificate publishing from command-line 
Instead of defining environment variables for
push server URL-s the URL-s are now fetched
from openssl.cnf instead.
 2015-10-26 21:52:48 +01:00
Lauri Võsandi 0a92589f41 Cleaned up ipsec.conf templates 2015-10-17 20:36:12 +03:00