lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
461 Commits 2 Branches 0 Tags 18 MiB
Commit Graph

331 Commits

Author SHA1 Message Date
Lauri Võsandi eecfbee384 tests: Fix signer shutdown and add tests for event source 2017-05-09 09:48:24 +00:00
Lauri Võsandi b77a427949 api: Submit inner and outer IP address when updating lease 2017-05-08 20:33:20 +00:00
Lauri Võsandi 09f5b11505 tests: Add tests for machine keytab auth 2017-05-08 16:25:59 +00:00
Lauri Võsandi 17c4e157e7 tests: Attempt to build for trusty and xenial both 2017-05-08 10:27:02 +00:00
Lauri Võsandi 4e41655532 api: Better error message when confronted with NTLM 2017-05-08 10:26:11 +00:00
Lauri Võsandi 545febf3d0 tests: Cover LDAP auth and more 2017-05-07 22:14:58 +00:00
Lauri Võsandi a4a31ca2c6 Mailer always enabled 2017-05-07 20:49:58 +00:00
Lauri Võsandi b1dd6f0093 tests: Checks for /etc/cron.hourly/certidude 2017-05-07 19:51:40 +00:00
Lauri Võsandi 8440cd840d tests: Fix race condition bugs 2017-05-07 19:29:07 +00:00
Lauri Võsandi 71e77154d7 tests: Preliminary tests for Kerberos/LDAP auth 2017-05-07 19:11:24 +00:00
Lauri Võsandi 60a0f2ba7c tests: Set up nchan as part of certidude setup authority 2017-05-06 21:35:02 +00:00
Lauri Võsandi b19e163a82 tests: Attempt to set up nchan as part of unittests 2017-05-06 21:07:41 +00:00
Lauri Võsandi de1d182320 Add API call for rendering scripts, bugfixes 2017-05-04 17:56:53 +00:00
Lauri Võsandi a75fb58cb5 tests: Lease and attribute API call fixes 2017-05-04 10:02:14 +00:00
Lauri Võsandi 94944e37f1 tests: Better coverage for tagging tests 2017-05-04 09:14:47 +00:00
Lauri Võsandi 2ffcc64d86 tests: Test CRL checks on client side 2017-05-04 07:38:49 +00:00
Lauri Võsandi 68f6b9f6f6 tests: Attempt to install NetworkManager 2017-05-04 06:55:26 +00:00
Lauri Võsandi 505fa9d557 tests: Fix NetworkManager setup tests 2017-05-04 06:40:47 +00:00
Lauri Võsandi 9922516d24 tests: Test request deletion and signing API calls 2017-05-03 21:54:08 +00:00
Lauri Võsandi ba678e4b29 api: Remove unused event_source decorator 2017-05-04 00:24:25 +03:00
Lauri Võsandi aeb5d81aa6 tests: Generate DH params file in single location 2017-05-03 21:12:51 +00:00
Lauri Võsandi 189c604832 tests: Better code coverage 2017-05-03 21:04:34 +00:00
Lauri Võsandi 47aded48d5 tests: Add e-mailing and more cli commands 2017-05-03 14:42:37 +00:00
Lauri Võsandi 649863a77e tests: Handle forking 2017-05-03 07:04:52 +00:00
Lauri Võsandi 9a7b806ff6 tests: Fix /run/certidude permissions 2017-05-01 23:06:45 +00:00
Lauri Võsandi a9c29d2fbb tests: Improvements 2017-05-01 22:41:41 +00:00
Lauri Võsandi 58491e7933 tests: Cleanups 2017-05-01 22:32:55 +00:00
Lauri Võsandi 227902b563 tests: More debugging info for CRL API calls 2017-05-01 21:19:28 +00:00
Lauri Võsandi 128369f6f6 tests: More detailed error captures for API calls 2017-05-01 20:49:25 +00:00
Lauri Võsandi ffdcbcc41a tests: Attempt to catch CRL export errors 2017-05-01 20:40:22 +00:00
Lauri Võsandi e228963bd2 api: More detailed logging for CRL API call 2017-05-01 20:25:08 +00:00
Lauri Võsandi 9668fa549b tests: More checks for CRL validation 2017-05-01 19:18:50 +00:00
Lauri Võsandi 986953f10f tests: Prevent nginx setup on Travis 2017-05-01 18:45:15 +00:00
Lauri Võsandi f7a27c6044 tests: More verbose output while setting up CA 2017-05-01 18:06:47 +00:00
Lauri Võsandi e0eb3ee471 tests: Create certidude user in advance 2017-05-01 17:56:10 +00:00
Lauri Võsandi bba1edb070 tests: Lazier const import to prevent early FQDN lookup 2017-05-01 16:57:43 +00:00
Lauri Võsandi b0683b268d Attempt to run client as part of unittests 2017-05-01 16:20:50 +00:00
Lauri Võsandi cc4f13086e Improve init/openvpn handler 
* Create systemd service for signaling OpenVPN client after suspend
* Use tun instead of tap
* Update DNS server/domain upon (dis)connect
* Include necessary templates
 2017-04-29 22:09:31 +03:00
Lauri Võsandi 9aab212647 Add tests for token mechanism 2017-04-26 09:13:41 +03:00
Lauri Võsandi 5ddbf87ed2 Add test for fetching logs 2017-04-26 00:10:12 +03:00
Lauri Võsandi d6d998a9e6 Add tests for SQLite based logging 2017-04-25 23:42:55 +03:00
Lauri Võsandi b867eee67e Add more API tests for lease, attribs etc 2017-04-25 23:32:21 +03:00
Lauri Võsandi 15ae064f55 Preliminary tests for auth 2017-04-25 21:47:41 +03:00
Lauri Võsandi 3ef4d96b1c Use application/x-pem-file mimetype for user certs 2017-04-25 16:48:04 +03:00
Lauri Võsandi f9429b2e94 Add autosign handling for request submission test 2017-04-25 16:40:33 +03:00
Lauri Võsandi 4c9744308a Better branch handling for request API calls 2017-04-25 16:15:39 +03:00
Lauri Võsandi 7225726d66 Add request submission API call tests 2017-04-25 16:04:11 +03:00
Lauri Võsandi 4eb3c4146f Add tests for non-existant certificate 2017-04-25 13:58:21 +03:00
Lauri Võsandi ba9dca910f Add tests for API calls 2017-04-25 13:06:59 +03:00
Lauri Võsandi d5edbe50c5 Token mechanism fixes 2017-04-24 20:33:55 +03:00
Lauri Võsandi 9658d8cc83 Fixes, add some screenshots 2017-04-22 22:48:29 +03:00
Lauri Võsandi 029ee357fb Token mechanism fixes: 
* Save token secret to config
* OpenVPN profile fixes for Ubuntu 16.04
* Raise correct exceptions for invalid tokens
* Display token expiration time in local time
 2017-04-22 14:10:54 +03:00
Lauri Võsandi 7651c220c8 Remove unused import 2017-04-22 06:04:55 +00:00
Lauri Võsandi 0344141faf Add token based auth for profiles 2017-04-21 21:22:08 +00:00
Lauri Võsandi 9a793088c6 Use local MTA for sending e-mail 2017-04-21 16:58:01 +00:00
Lauri Võsandi 66e2b5fc35 api: Validate certificate serial only if serial is supplied 2017-04-20 14:17:03 +00:00
Lauri Võsandi a5b880c020 Fix dependency on subprocess 2017-04-20 05:23:09 +00:00
Lauri Võsandi 5e812f5194 Fixes 2017-04-20 05:20:10 +00:00
Lauri Võsandi 772886e4d4 Fix typo 2017-04-14 20:32:59 +03:00
Lauri Võsandi ca0386b649 StrongSwan gateway setup script cleanups 2017-04-14 20:21:31 +03:00
Lauri Võsandi b57fbfa696 Fix typo 2017-04-14 11:08:26 +00:00
Lauri Võsandi b9ac55fe26 Configuration generation fixes for nchan 2017-04-14 11:06:09 +00:00
Lauri Võsandi d6265c10d6 Fix font family name for headings 2017-04-14 10:14:14 +00:00
Lauri Võsandi 91f8f09854 StrongSwan client setup fixes 2017-04-14 02:49:11 +03:00
Lauri Võsandi 8bf9ebfebb Merge branch 'master' of github.com:laurivosandi/certidude 2017-04-14 01:50:33 +03:00
Lauri Võsandi a3adba02a5 Fix CRL path for configuration generators 2017-04-14 01:50:04 +03:00
Lauri Võsandi 216af460cf Better system keytab checking for client 2017-04-14 01:49:32 +03:00
Lauri Võsandi bc43fdc402 Lazier evaluation for dependencies 2017-04-13 22:37:31 +00:00
Lauri Võsandi 1c5913ee3b Add dynamic package installation via decorators 2017-04-13 22:30:20 +00:00
Lauri Võsandi 6264846284 Add OpenSSL as dependency for P12 generation 2017-04-13 21:20:02 +00:00
Lauri Võsandi 721cce05ac Don't enforce dependency on ldap module 2017-04-13 21:03:26 +00:00
Lauri Võsandi 02b2f041cc Clean up dependencies and Travis 2017-04-13 20:52:09 +00:00
Lauri Võsandi 52d35012a4 Various fixes 2017-04-13 20:30:56 +00:00
Lauri Võsandi d91e12942d Tagging fixes 2017-04-13 15:42:38 +00:00
Lauri Võsandi 7a7f22c1a1 Add clock sync tolerance of 5min for signed certs 2017-04-13 15:35:08 +00:00
Lauri Võsandi 4a9abab362 Fix nginx configuration generation 2017-04-13 15:19:26 +00:00
Lauri Võsandi d7a2c7c193 Fix OpenVPN client configuration generation 2017-04-13 18:17:05 +03:00
Lauri Võsandi a22e1eb557 Fix server certificate extensions for StrongSwan 2017-04-13 15:12:56 +00:00
Lauri Võsandi 02482e8d79 Migrate to python-gssapi 2017-04-13 14:33:40 +00:00
Lauri Võsandi 51d7dffa9b Bugfixes 2017-04-12 13:56:29 +00:00
Lauri Võsandi 0201a84a64 Merge branch 'master' of github.com:laurivosandi/certidude 2017-04-12 13:22:21 +00:00
Lauri Võsandi 09724e04dc Add preliminary bootstrap API call 2017-04-12 13:21:49 +00:00
Lauri Võsandi e68829732d Merge branch 'master' of github.com:laurivosandi/certidude 2017-04-07 10:57:38 +03:00
Lauri Võsandi f477fb9ad8 cli: Add Yubikey enrollment command 2017-04-07 10:57:25 +03:00
Lauri Võsandi 848763160b Merge github.com:laurivosandi/certidude 2017-04-04 05:03:33 +00:00
Lauri Võsandi 90b663ce26 Add file based rotating log handler 2017-04-04 05:02:08 +00:00
Lauri Võsandi 5c6097cc40 Fix CSR listing command 2017-03-28 12:24:51 +03:00
Lauri Võsandi d5dcadc346 Remove dependency on pycountries 2017-03-26 20:47:45 +00:00
Lauri Võsandi 44b6f13669 Use random serial for CA certificate 2017-03-26 20:44:47 +00:00
Lauri Võsandi a663efd39e Create directories and set selinux context for `certidude request` 2017-03-26 17:40:39 +00:00
Lauri Võsandi 77db728294 Fix attribute API call whitelist handling 2017-03-26 16:58:29 +00:00
Lauri Võsandi 32356013fd Correct configuration file tagging section name 2017-03-26 10:12:08 +00:00
Lauri Võsandi f806545bee Use filesystem extended attribute user.xdg.tags for tags, move leases to user.lease namespace 2017-03-26 10:09:18 +00:00
Lauri Võsandi 1813056fc7 Move leases and tagging backend to filesystem extended attributes 2017-03-26 00:10:09 +00:00
Lauri Võsandi 79aa1e18c0 Add explicit renewal flag for `certiude request` 2017-03-13 19:47:58 +02:00
Lauri Võsandi 7b1dae0901 Renew certificate only when 25% of certificate lifetime remains 2017-03-13 19:42:21 +02:00
Lauri Võsandi 7eb8378562 Attempt to fix tests 2017-03-13 17:20:41 +02:00
Lauri Võsandi 06010ceaf3 Refactor 
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
 2017-03-13 11:42:58 +00:00
Lauri Võsandi 4eed940a66 Clean up PKCS#12 generation 2017-02-09 17:02:33 +00:00
Lauri Võsandi dae282973e Passphraseless PKCS#12 doesn't play well with Firefox 2017-02-09 16:59:01 +00:00
Lauri Võsandi 94757cf25c Conform to RFC 5280, remove unused variable and a comment 2017-02-09 14:16:01 +00:00
Lauri Võsandi b0e7ad9540 Fix mailbox configuration in the web interface 2017-02-08 20:22:26 +00:00
Lauri Võsandi 2a8109704a Refactor 
* Remove given name and surname attributes because of issues with OpenVPN Connect
* Remove e-mail attribute because of no reliable method of deriving usable address
* Remove organizational unit attribute
* Don't overwrite Kerberos cronjob during certidude setup authority
* Enforce path_length=0 for disabling intermediate CA-s
* Remove SAN attributes
* Add configuration options for outbox sender name and address
* Use common name attribute to derive signature flags
* Use distinct pub/sub URL-s for long poll and event source
 2017-02-07 22:07:21 +00:00
Lauri Võsandi 703970c1d3 Add Mac device identifier string for bundles 2017-02-02 09:44:58 +00:00
Lauri Võsandi 9d29ff74be Add timeago plugin for fuzzy timestamps 2017-01-30 22:59:43 +00:00
Lauri Võsandi 6c1d0bfae9 More fixes to make client work on Mac OS X 2017-01-30 18:12:27 +00:00
Lauri Võsandi 34e8fb9c8c Make Kerberos keytab handling more universal 2017-01-30 17:48:30 +00:00
Lauri Võsandi 0bca61e61f Add preliminary LDAP fallback support for Kerberos protected API calls 2017-01-30 07:04:05 +00:00
Lauri Võsandi 4ae40c5d45 Add long poll support for CRL API call 2017-01-30 06:29:01 +00:00
Lauri Võsandi c979d73bec Fix typos for local time conversion 2017-01-30 06:27:12 +00:00
Lauri Võsandi 4c1e72709c Use local time for connected_since 2017-01-26 22:31:06 +00:00
Lauri Võsandi 108c2bc017 Clean up server.conf template 2017-01-26 22:14:56 +00:00
Lauri Võsandi 089d6b36b9 Hide tagging UI elements if tagging is disabled 2017-01-26 22:14:30 +00:00
Lauri Võsandi 5d5a24096c Merge branch 'master' of github.com:laurivosandi/certidude 2017-01-26 21:59:37 +00:00
Lauri Võsandi 1ec5ad3b7c Add openvpn-status.log support 2017-01-26 21:59:12 +00:00
Lauri Võsandi 6221fe9c00 Prompt for password when invalid password is entered 2017-01-26 15:22:02 +02:00
Lauri Võsandi ef72cb70cd Fixes for testing server as regular user 2017-01-26 15:11:04 +02:00
Lauri Võsandi dc9e01b4ad Merge branch 'master' of github.com:laurivosandi/certidude 2017-01-26 13:00:21 +02:00
Lauri Võsandi 372e71c175 Use TUN for network-manager/openvpn service 2017-01-26 12:55:26 +02:00
Lauri Võsandi 1925207a6d Add OpenVPN bundle generation 2017-01-25 11:34:08 +00:00
Lauri Võsandi cca9d2ab2d Refactor LDAP authentication 
* ldap uri can be specified in /etc/certidude/server.conf now
* /etc/ldap/ldap.conf is ignored
 2017-01-25 09:43:19 +00:00
Lauri Võsandi 175f7f5d53 Fixes for LDAP access using machine credentials 2017-01-20 10:56:46 +00:00
Lauri Võsandi 4c69efbf87 Rely on nunjucks files provided by npm 2017-01-20 10:51:45 +00:00
Lauri Võsandi e2f7c8d1d6 Trigger `nmcli con reload` after config file creation 2017-01-10 15:09:52 +02:00
Lauri Võsandi b3a45cf2ab Expose insecure flag for turning off HTTPS 2017-01-10 15:01:16 +02:00
Lauri Võsandi d68a9acac2 Work around Travis' long hostnames in const.py instead 2016-09-18 18:46:11 +03:00
Lauri Võsandi fab52dca76 Add request submission from web interface 2016-09-18 16:25:52 +03:00
Lauri Võsandi 2590340355 Remove generated templates.js, add graceful fallback when not generated 2016-09-18 16:21:07 +03:00
Lauri Võsandi e56b1b3f2b Upgrade to nunjucks v2.5.2 2016-09-18 15:11:23 +03:00
Lauri Võsandi 23d8942ffe Add fallbacks for e-mail handling if outbox is not defined 2016-09-18 14:32:39 +03:00
Lauri Võsandi 1b04a848e3 Improve Unicode handling in bundle generation 2016-09-18 14:32:14 +03:00
Lauri Võsandi 9cf5e298e8 Fix systemd service template 2016-09-18 00:21:24 +03:00
Lauri Võsandi b4d006227a Refactor codebase 
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
 2016-09-18 00:00:14 +03:00
Lauri Võsandi 15858083b3 Use UTC for log entries 2016-04-05 15:30:50 +03:00
Lauri Võsandi c33da46f19 Push server fixes 2016-04-05 15:02:05 +03:00
Lauri Võsandi 7012f5b365 Make user certificate enrollment configurable 2016-04-01 01:55:51 +03:00
Lauri Võsandi fa27253b50 Add 'certidude users' command for listing user accounts 2016-04-01 00:01:58 +03:00
Lauri Võsandi ff2e983711 ui: Update CRL fetching command example 2016-03-30 22:06:15 +03:00
Lauri Võsandi ec2dea7a13 cli: Authority setup script fixes 2016-03-30 22:05:32 +03:00
Lauri Võsandi 456fe586c3 Add revocation list JSON serialization 2016-03-30 22:00:18 +03:00
Lauri Võsandi 5bdf986b47 cli: Send Accept: application/x-pem-file while downloading CRL 2016-03-29 23:39:19 +03:00
Lauri Võsandi d2a259b887 Merge authority setup and production setup 2016-03-29 22:03:27 +03:00
Lauri Võsandi a094db794b cli: Fix extended key usage flags for authority setup script 2016-03-29 19:43:50 +03:00
Lauri Võsandi c644b065ef Migrate authority setup from PyOpenSSL to cryptography.io 2016-03-29 19:29:06 +03:00
Lauri Võsandi af60fd8047 cli: Fix authority setup script 2016-03-29 18:37:28 +03:00
Lauri Võsandi 476a312b4e ui: Fix autosign subnets listing 2016-03-29 15:47:00 +03:00
Lauri Võsandi 09a67718ab Expose certificate and CRL lifetime via session API call 2016-03-29 15:43:34 +03:00
Lauri Võsandi d8f1e36ecf Reduce default CRL lifetime to 20min 2016-03-29 15:17:44 +03:00
Lauri Võsandi 6de010a411 Make /api/revoked conform to RFC5280 2016-03-29 13:28:58 +03:00
Lauri Võsandi 1475828899 Fix CRL distriution points and add authority information access extensions 2016-03-29 12:29:15 +03:00