Lauri Võsandi
eecfbee384
tests: Fix signer shutdown and add tests for event source
2017-05-09 09:48:24 +00:00
Lauri Võsandi
b77a427949
api: Submit inner and outer IP address when updating lease
2017-05-08 20:33:20 +00:00
Lauri Võsandi
09f5b11505
tests: Add tests for machine keytab auth
2017-05-08 16:25:59 +00:00
Lauri Võsandi
17c4e157e7
tests: Attempt to build for trusty and xenial both
2017-05-08 10:27:02 +00:00
Lauri Võsandi
4e41655532
api: Better error message when confronted with NTLM
2017-05-08 10:26:11 +00:00
Lauri Võsandi
545febf3d0
tests: Cover LDAP auth and more
2017-05-07 22:14:58 +00:00
Lauri Võsandi
a4a31ca2c6
Mailer always enabled
2017-05-07 20:49:58 +00:00
Lauri Võsandi
b1dd6f0093
tests: Checks for /etc/cron.hourly/certidude
2017-05-07 19:51:40 +00:00
Lauri Võsandi
8440cd840d
tests: Fix race condition bugs
2017-05-07 19:29:07 +00:00
Lauri Võsandi
71e77154d7
tests: Preliminary tests for Kerberos/LDAP auth
2017-05-07 19:11:24 +00:00
Lauri Võsandi
60a0f2ba7c
tests: Set up nchan as part of certidude setup authority
2017-05-06 21:35:02 +00:00
Lauri Võsandi
b19e163a82
tests: Attempt to set up nchan as part of unittests
2017-05-06 21:07:41 +00:00
Lauri Võsandi
de1d182320
Add API call for rendering scripts, bugfixes
2017-05-04 17:56:53 +00:00
Lauri Võsandi
a75fb58cb5
tests: Lease and attribute API call fixes
2017-05-04 10:02:14 +00:00
Lauri Võsandi
94944e37f1
tests: Better coverage for tagging tests
2017-05-04 09:14:47 +00:00
Lauri Võsandi
2ffcc64d86
tests: Test CRL checks on client side
2017-05-04 07:38:49 +00:00
Lauri Võsandi
68f6b9f6f6
tests: Attempt to install NetworkManager
2017-05-04 06:55:26 +00:00
Lauri Võsandi
505fa9d557
tests: Fix NetworkManager setup tests
2017-05-04 06:40:47 +00:00
Lauri Võsandi
9922516d24
tests: Test request deletion and signing API calls
2017-05-03 21:54:08 +00:00
Lauri Võsandi
ba678e4b29
api: Remove unused event_source decorator
2017-05-04 00:24:25 +03:00
Lauri Võsandi
aeb5d81aa6
tests: Generate DH params file in single location
2017-05-03 21:12:51 +00:00
Lauri Võsandi
189c604832
tests: Better code coverage
2017-05-03 21:04:34 +00:00
Lauri Võsandi
47aded48d5
tests: Add e-mailing and more cli commands
2017-05-03 14:42:37 +00:00
Lauri Võsandi
649863a77e
tests: Handle forking
2017-05-03 07:04:52 +00:00
Lauri Võsandi
9a7b806ff6
tests: Fix /run/certidude permissions
2017-05-01 23:06:45 +00:00
Lauri Võsandi
a9c29d2fbb
tests: Improvements
2017-05-01 22:41:41 +00:00
Lauri Võsandi
58491e7933
tests: Cleanups
2017-05-01 22:32:55 +00:00
Lauri Võsandi
227902b563
tests: More debugging info for CRL API calls
2017-05-01 21:19:28 +00:00
Lauri Võsandi
128369f6f6
tests: More detailed error captures for API calls
2017-05-01 20:49:25 +00:00
Lauri Võsandi
ffdcbcc41a
tests: Attempt to catch CRL export errors
2017-05-01 20:40:22 +00:00
Lauri Võsandi
e228963bd2
api: More detailed logging for CRL API call
2017-05-01 20:25:08 +00:00
Lauri Võsandi
9668fa549b
tests: More checks for CRL validation
2017-05-01 19:18:50 +00:00
Lauri Võsandi
986953f10f
tests: Prevent nginx setup on Travis
2017-05-01 18:45:15 +00:00
Lauri Võsandi
f7a27c6044
tests: More verbose output while setting up CA
2017-05-01 18:06:47 +00:00
Lauri Võsandi
e0eb3ee471
tests: Create certidude user in advance
2017-05-01 17:56:10 +00:00
Lauri Võsandi
bba1edb070
tests: Lazier const import to prevent early FQDN lookup
2017-05-01 16:57:43 +00:00
Lauri Võsandi
b0683b268d
Attempt to run client as part of unittests
2017-05-01 16:20:50 +00:00
Lauri Võsandi
cc4f13086e
Improve init/openvpn handler
...
* Create systemd service for signaling OpenVPN client after suspend
* Use tun instead of tap
* Update DNS server/domain upon (dis)connect
* Include necessary templates
2017-04-29 22:09:31 +03:00
Lauri Võsandi
9aab212647
Add tests for token mechanism
2017-04-26 09:13:41 +03:00
Lauri Võsandi
5ddbf87ed2
Add test for fetching logs
2017-04-26 00:10:12 +03:00
Lauri Võsandi
d6d998a9e6
Add tests for SQLite based logging
2017-04-25 23:42:55 +03:00
Lauri Võsandi
b867eee67e
Add more API tests for lease, attribs etc
2017-04-25 23:32:21 +03:00
Lauri Võsandi
15ae064f55
Preliminary tests for auth
2017-04-25 21:47:41 +03:00
Lauri Võsandi
3ef4d96b1c
Use application/x-pem-file mimetype for user certs
2017-04-25 16:48:04 +03:00
Lauri Võsandi
f9429b2e94
Add autosign handling for request submission test
2017-04-25 16:40:33 +03:00
Lauri Võsandi
4c9744308a
Better branch handling for request API calls
2017-04-25 16:15:39 +03:00
Lauri Võsandi
7225726d66
Add request submission API call tests
2017-04-25 16:04:11 +03:00
Lauri Võsandi
4eb3c4146f
Add tests for non-existant certificate
2017-04-25 13:58:21 +03:00
Lauri Võsandi
ba9dca910f
Add tests for API calls
2017-04-25 13:06:59 +03:00
Lauri Võsandi
d5edbe50c5
Token mechanism fixes
2017-04-24 20:33:55 +03:00
Lauri Võsandi
9658d8cc83
Fixes, add some screenshots
2017-04-22 22:48:29 +03:00
Lauri Võsandi
029ee357fb
Token mechanism fixes:
...
* Save token secret to config
* OpenVPN profile fixes for Ubuntu 16.04
* Raise correct exceptions for invalid tokens
* Display token expiration time in local time
2017-04-22 14:10:54 +03:00
Lauri Võsandi
7651c220c8
Remove unused import
2017-04-22 06:04:55 +00:00
Lauri Võsandi
0344141faf
Add token based auth for profiles
2017-04-21 21:22:08 +00:00
Lauri Võsandi
9a793088c6
Use local MTA for sending e-mail
2017-04-21 16:58:01 +00:00
Lauri Võsandi
66e2b5fc35
api: Validate certificate serial only if serial is supplied
2017-04-20 14:17:03 +00:00
Lauri Võsandi
a5b880c020
Fix dependency on subprocess
2017-04-20 05:23:09 +00:00
Lauri Võsandi
5e812f5194
Fixes
2017-04-20 05:20:10 +00:00
Lauri Võsandi
772886e4d4
Fix typo
2017-04-14 20:32:59 +03:00
Lauri Võsandi
ca0386b649
StrongSwan gateway setup script cleanups
2017-04-14 20:21:31 +03:00
Lauri Võsandi
b57fbfa696
Fix typo
2017-04-14 11:08:26 +00:00
Lauri Võsandi
b9ac55fe26
Configuration generation fixes for nchan
2017-04-14 11:06:09 +00:00
Lauri Võsandi
d6265c10d6
Fix font family name for headings
2017-04-14 10:14:14 +00:00
Lauri Võsandi
91f8f09854
StrongSwan client setup fixes
2017-04-14 02:49:11 +03:00
Lauri Võsandi
8bf9ebfebb
Merge branch 'master' of github.com:laurivosandi/certidude
2017-04-14 01:50:33 +03:00
Lauri Võsandi
a3adba02a5
Fix CRL path for configuration generators
2017-04-14 01:50:04 +03:00
Lauri Võsandi
216af460cf
Better system keytab checking for client
2017-04-14 01:49:32 +03:00
Lauri Võsandi
bc43fdc402
Lazier evaluation for dependencies
2017-04-13 22:37:31 +00:00
Lauri Võsandi
1c5913ee3b
Add dynamic package installation via decorators
2017-04-13 22:30:20 +00:00
Lauri Võsandi
6264846284
Add OpenSSL as dependency for P12 generation
2017-04-13 21:20:02 +00:00
Lauri Võsandi
721cce05ac
Don't enforce dependency on ldap module
2017-04-13 21:03:26 +00:00
Lauri Võsandi
02b2f041cc
Clean up dependencies and Travis
2017-04-13 20:52:09 +00:00
Lauri Võsandi
52d35012a4
Various fixes
2017-04-13 20:30:56 +00:00
Lauri Võsandi
d91e12942d
Tagging fixes
2017-04-13 15:42:38 +00:00
Lauri Võsandi
7a7f22c1a1
Add clock sync tolerance of 5min for signed certs
2017-04-13 15:35:08 +00:00
Lauri Võsandi
4a9abab362
Fix nginx configuration generation
2017-04-13 15:19:26 +00:00
Lauri Võsandi
d7a2c7c193
Fix OpenVPN client configuration generation
2017-04-13 18:17:05 +03:00
Lauri Võsandi
a22e1eb557
Fix server certificate extensions for StrongSwan
2017-04-13 15:12:56 +00:00
Lauri Võsandi
02482e8d79
Migrate to python-gssapi
2017-04-13 14:33:40 +00:00
Lauri Võsandi
51d7dffa9b
Bugfixes
2017-04-12 13:56:29 +00:00
Lauri Võsandi
0201a84a64
Merge branch 'master' of github.com:laurivosandi/certidude
2017-04-12 13:22:21 +00:00
Lauri Võsandi
09724e04dc
Add preliminary bootstrap API call
2017-04-12 13:21:49 +00:00
Lauri Võsandi
e68829732d
Merge branch 'master' of github.com:laurivosandi/certidude
2017-04-07 10:57:38 +03:00
Lauri Võsandi
f477fb9ad8
cli: Add Yubikey enrollment command
2017-04-07 10:57:25 +03:00
Lauri Võsandi
848763160b
Merge github.com:laurivosandi/certidude
2017-04-04 05:03:33 +00:00
Lauri Võsandi
90b663ce26
Add file based rotating log handler
2017-04-04 05:02:08 +00:00
Lauri Võsandi
5c6097cc40
Fix CSR listing command
2017-03-28 12:24:51 +03:00
Lauri Võsandi
d5dcadc346
Remove dependency on pycountries
2017-03-26 20:47:45 +00:00
Lauri Võsandi
44b6f13669
Use random serial for CA certificate
2017-03-26 20:44:47 +00:00
Lauri Võsandi
a663efd39e
Create directories and set selinux context for `certidude request`
2017-03-26 17:40:39 +00:00
Lauri Võsandi
77db728294
Fix attribute API call whitelist handling
2017-03-26 16:58:29 +00:00
Lauri Võsandi
32356013fd
Correct configuration file tagging section name
2017-03-26 10:12:08 +00:00
Lauri Võsandi
f806545bee
Use filesystem extended attribute user.xdg.tags for tags, move leases to user.lease namespace
2017-03-26 10:09:18 +00:00
Lauri Võsandi
1813056fc7
Move leases and tagging backend to filesystem extended attributes
2017-03-26 00:10:09 +00:00
Lauri Võsandi
79aa1e18c0
Add explicit renewal flag for `certiude request`
2017-03-13 19:47:58 +02:00
Lauri Võsandi
7b1dae0901
Renew certificate only when 25% of certificate lifetime remains
2017-03-13 19:42:21 +02:00
Lauri Võsandi
7eb8378562
Attempt to fix tests
2017-03-13 17:20:41 +02:00
Lauri Võsandi
06010ceaf3
Refactor
...
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
2017-03-13 11:42:58 +00:00
Lauri Võsandi
4eed940a66
Clean up PKCS#12 generation
2017-02-09 17:02:33 +00:00
Lauri Võsandi
dae282973e
Passphraseless PKCS#12 doesn't play well with Firefox
2017-02-09 16:59:01 +00:00
Lauri Võsandi
94757cf25c
Conform to RFC 5280, remove unused variable and a comment
2017-02-09 14:16:01 +00:00
Lauri Võsandi
b0e7ad9540
Fix mailbox configuration in the web interface
2017-02-08 20:22:26 +00:00
Lauri Võsandi
2a8109704a
Refactor
...
* Remove given name and surname attributes because of issues with OpenVPN Connect
* Remove e-mail attribute because of no reliable method of deriving usable address
* Remove organizational unit attribute
* Don't overwrite Kerberos cronjob during certidude setup authority
* Enforce path_length=0 for disabling intermediate CA-s
* Remove SAN attributes
* Add configuration options for outbox sender name and address
* Use common name attribute to derive signature flags
* Use distinct pub/sub URL-s for long poll and event source
2017-02-07 22:07:21 +00:00
Lauri Võsandi
703970c1d3
Add Mac device identifier string for bundles
2017-02-02 09:44:58 +00:00
Lauri Võsandi
9d29ff74be
Add timeago plugin for fuzzy timestamps
2017-01-30 22:59:43 +00:00
Lauri Võsandi
6c1d0bfae9
More fixes to make client work on Mac OS X
2017-01-30 18:12:27 +00:00
Lauri Võsandi
34e8fb9c8c
Make Kerberos keytab handling more universal
2017-01-30 17:48:30 +00:00
Lauri Võsandi
0bca61e61f
Add preliminary LDAP fallback support for Kerberos protected API calls
2017-01-30 07:04:05 +00:00
Lauri Võsandi
4ae40c5d45
Add long poll support for CRL API call
2017-01-30 06:29:01 +00:00
Lauri Võsandi
c979d73bec
Fix typos for local time conversion
2017-01-30 06:27:12 +00:00
Lauri Võsandi
4c1e72709c
Use local time for connected_since
2017-01-26 22:31:06 +00:00
Lauri Võsandi
108c2bc017
Clean up server.conf template
2017-01-26 22:14:56 +00:00
Lauri Võsandi
089d6b36b9
Hide tagging UI elements if tagging is disabled
2017-01-26 22:14:30 +00:00
Lauri Võsandi
5d5a24096c
Merge branch 'master' of github.com:laurivosandi/certidude
2017-01-26 21:59:37 +00:00
Lauri Võsandi
1ec5ad3b7c
Add openvpn-status.log support
2017-01-26 21:59:12 +00:00
Lauri Võsandi
6221fe9c00
Prompt for password when invalid password is entered
2017-01-26 15:22:02 +02:00
Lauri Võsandi
ef72cb70cd
Fixes for testing server as regular user
2017-01-26 15:11:04 +02:00
Lauri Võsandi
dc9e01b4ad
Merge branch 'master' of github.com:laurivosandi/certidude
2017-01-26 13:00:21 +02:00
Lauri Võsandi
372e71c175
Use TUN for network-manager/openvpn service
2017-01-26 12:55:26 +02:00
Lauri Võsandi
1925207a6d
Add OpenVPN bundle generation
2017-01-25 11:34:08 +00:00
Lauri Võsandi
cca9d2ab2d
Refactor LDAP authentication
...
* ldap uri can be specified in /etc/certidude/server.conf now
* /etc/ldap/ldap.conf is ignored
2017-01-25 09:43:19 +00:00
Lauri Võsandi
175f7f5d53
Fixes for LDAP access using machine credentials
2017-01-20 10:56:46 +00:00
Lauri Võsandi
4c69efbf87
Rely on nunjucks files provided by npm
2017-01-20 10:51:45 +00:00
Lauri Võsandi
e2f7c8d1d6
Trigger `nmcli con reload` after config file creation
2017-01-10 15:09:52 +02:00
Lauri Võsandi
b3a45cf2ab
Expose insecure flag for turning off HTTPS
2017-01-10 15:01:16 +02:00
Lauri Võsandi
d68a9acac2
Work around Travis' long hostnames in const.py instead
2016-09-18 18:46:11 +03:00
Lauri Võsandi
fab52dca76
Add request submission from web interface
2016-09-18 16:25:52 +03:00
Lauri Võsandi
2590340355
Remove generated templates.js, add graceful fallback when not generated
2016-09-18 16:21:07 +03:00
Lauri Võsandi
e56b1b3f2b
Upgrade to nunjucks v2.5.2
2016-09-18 15:11:23 +03:00
Lauri Võsandi
23d8942ffe
Add fallbacks for e-mail handling if outbox is not defined
2016-09-18 14:32:39 +03:00
Lauri Võsandi
1b04a848e3
Improve Unicode handling in bundle generation
2016-09-18 14:32:14 +03:00
Lauri Võsandi
9cf5e298e8
Fix systemd service template
2016-09-18 00:21:24 +03:00
Lauri Võsandi
b4d006227a
Refactor codebase
...
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
2016-09-18 00:00:14 +03:00
Lauri Võsandi
15858083b3
Use UTC for log entries
2016-04-05 15:30:50 +03:00
Lauri Võsandi
c33da46f19
Push server fixes
2016-04-05 15:02:05 +03:00
Lauri Võsandi
7012f5b365
Make user certificate enrollment configurable
2016-04-01 01:55:51 +03:00
Lauri Võsandi
fa27253b50
Add 'certidude users' command for listing user accounts
2016-04-01 00:01:58 +03:00
Lauri Võsandi
ff2e983711
ui: Update CRL fetching command example
2016-03-30 22:06:15 +03:00
Lauri Võsandi
ec2dea7a13
cli: Authority setup script fixes
2016-03-30 22:05:32 +03:00
Lauri Võsandi
456fe586c3
Add revocation list JSON serialization
2016-03-30 22:00:18 +03:00
Lauri Võsandi
5bdf986b47
cli: Send Accept: application/x-pem-file while downloading CRL
2016-03-29 23:39:19 +03:00
Lauri Võsandi
d2a259b887
Merge authority setup and production setup
2016-03-29 22:03:27 +03:00
Lauri Võsandi
a094db794b
cli: Fix extended key usage flags for authority setup script
2016-03-29 19:43:50 +03:00
Lauri Võsandi
c644b065ef
Migrate authority setup from PyOpenSSL to cryptography.io
2016-03-29 19:29:06 +03:00
Lauri Võsandi
af60fd8047
cli: Fix authority setup script
2016-03-29 18:37:28 +03:00
Lauri Võsandi
476a312b4e
ui: Fix autosign subnets listing
2016-03-29 15:47:00 +03:00
Lauri Võsandi
09a67718ab
Expose certificate and CRL lifetime via session API call
2016-03-29 15:43:34 +03:00
Lauri Võsandi
d8f1e36ecf
Reduce default CRL lifetime to 20min
2016-03-29 15:17:44 +03:00
Lauri Võsandi
6de010a411
Make /api/revoked conform to RFC5280
2016-03-29 13:28:58 +03:00
Lauri Võsandi
1475828899
Fix CRL distriution points and add authority information access extensions
2016-03-29 12:29:15 +03:00