lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
238 Commits 2 Branches 0 Tags 18 MiB
Commit Graph

84 Commits

Author SHA1 Message Date
Lauri Võsandi 029ee357fb Token mechanism fixes: 
* Save token secret to config
* OpenVPN profile fixes for Ubuntu 16.04
* Raise correct exceptions for invalid tokens
* Display token expiration time in local time
 2017-04-22 14:10:54 +03:00
Lauri Võsandi 9a793088c6 Use local MTA for sending e-mail 2017-04-21 16:58:01 +00:00
Lauri Võsandi 5e812f5194 Fixes 2017-04-20 05:20:10 +00:00
Lauri Võsandi 772886e4d4 Fix typo 2017-04-14 20:32:59 +03:00
Lauri Võsandi ca0386b649 StrongSwan gateway setup script cleanups 2017-04-14 20:21:31 +03:00
Lauri Võsandi 91f8f09854 StrongSwan client setup fixes 2017-04-14 02:49:11 +03:00
Lauri Võsandi 8bf9ebfebb Merge branch 'master' of github.com:laurivosandi/certidude 2017-04-14 01:50:33 +03:00
Lauri Võsandi a3adba02a5 Fix CRL path for configuration generators 2017-04-14 01:50:04 +03:00
Lauri Võsandi 216af460cf Better system keytab checking for client 2017-04-14 01:49:32 +03:00
Lauri Võsandi 1c5913ee3b Add dynamic package installation via decorators 2017-04-13 22:30:20 +00:00
Lauri Võsandi 02b2f041cc Clean up dependencies and Travis 2017-04-13 20:52:09 +00:00
Lauri Võsandi 52d35012a4 Various fixes 2017-04-13 20:30:56 +00:00
Lauri Võsandi d7a2c7c193 Fix OpenVPN client configuration generation 2017-04-13 18:17:05 +03:00
Lauri Võsandi 51d7dffa9b Bugfixes 2017-04-12 13:56:29 +00:00
Lauri Võsandi 0201a84a64 Merge branch 'master' of github.com:laurivosandi/certidude 2017-04-12 13:22:21 +00:00
Lauri Võsandi 09724e04dc Add preliminary bootstrap API call 2017-04-12 13:21:49 +00:00
Lauri Võsandi e68829732d Merge branch 'master' of github.com:laurivosandi/certidude 2017-04-07 10:57:38 +03:00
Lauri Võsandi f477fb9ad8 cli: Add Yubikey enrollment command 2017-04-07 10:57:25 +03:00
Lauri Võsandi 848763160b Merge github.com:laurivosandi/certidude 2017-04-04 05:03:33 +00:00
Lauri Võsandi 90b663ce26 Add file based rotating log handler 2017-04-04 05:02:08 +00:00
Lauri Võsandi 5c6097cc40 Fix CSR listing command 2017-03-28 12:24:51 +03:00
Lauri Võsandi d5dcadc346 Remove dependency on pycountries 2017-03-26 20:47:45 +00:00
Lauri Võsandi 44b6f13669 Use random serial for CA certificate 2017-03-26 20:44:47 +00:00
Lauri Võsandi 79aa1e18c0 Add explicit renewal flag for `certiude request` 2017-03-13 19:47:58 +02:00
Lauri Võsandi 7eb8378562 Attempt to fix tests 2017-03-13 17:20:41 +02:00
Lauri Võsandi 06010ceaf3 Refactor 
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
 2017-03-13 11:42:58 +00:00
Lauri Võsandi 2a8109704a Refactor 
* Remove given name and surname attributes because of issues with OpenVPN Connect
* Remove e-mail attribute because of no reliable method of deriving usable address
* Remove organizational unit attribute
* Don't overwrite Kerberos cronjob during certidude setup authority
* Enforce path_length=0 for disabling intermediate CA-s
* Remove SAN attributes
* Add configuration options for outbox sender name and address
* Use common name attribute to derive signature flags
* Use distinct pub/sub URL-s for long poll and event source
 2017-02-07 22:07:21 +00:00
Lauri Võsandi ef72cb70cd Fixes for testing server as regular user 2017-01-26 15:11:04 +02:00
Lauri Võsandi 372e71c175 Use TUN for network-manager/openvpn service 2017-01-26 12:55:26 +02:00
Lauri Võsandi e2f7c8d1d6 Trigger `nmcli con reload` after config file creation 2017-01-10 15:09:52 +02:00
Lauri Võsandi b3a45cf2ab Expose insecure flag for turning off HTTPS 2017-01-10 15:01:16 +02:00
Lauri Võsandi b4d006227a Refactor codebase 
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
 2016-09-18 00:00:14 +03:00
Lauri Võsandi fa27253b50 Add 'certidude users' command for listing user accounts 2016-04-01 00:01:58 +03:00
Lauri Võsandi ec2dea7a13 cli: Authority setup script fixes 2016-03-30 22:05:32 +03:00
Lauri Võsandi d2a259b887 Merge authority setup and production setup 2016-03-29 22:03:27 +03:00
Lauri Võsandi a094db794b cli: Fix extended key usage flags for authority setup script 2016-03-29 19:43:50 +03:00
Lauri Võsandi c644b065ef Migrate authority setup from PyOpenSSL to cryptography.io 2016-03-29 19:29:06 +03:00
Lauri Võsandi af60fd8047 cli: Fix authority setup script 2016-03-29 18:37:28 +03:00
Lauri Võsandi 1475828899 Fix CRL distriution points and add authority information access extensions 2016-03-29 12:29:15 +03:00
Lauri Võsandi acc0e29109 Add AKID and SKID 2016-03-29 08:47:43 +03:00
Lauri Võsandi 925bc0ef9a Refactor users, add OpenVPN and mailing support 
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
 2016-03-27 23:38:14 +03:00
Lauri Võsandi 811e6dbb08 Complete overhaul 
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
 2016-03-21 23:42:39 +02:00
Lauri Võsandi d38a9a8103 Add preliminary PKCS#12 bundle generation 2016-03-01 11:01:53 +02:00
Lauri Võsandi 449dcea821 Add preliminary PAM authentication backend 2016-02-29 23:06:42 +02:00
Lauri Võsandi 4240d55fe4 Add preliminary Python 2.x support 2016-02-28 22:37:56 +02:00
Lauri Võsandi 7cb9f04972 Add routes for NetworkManager only if they have been specified 2016-01-15 18:09:03 +02:00
Lauri Võsandi 6bfa1ccf9c cli: Fix typo 2016-01-15 13:50:45 +02:00
Lauri Võsandi 589a31eb3d Sanitize configuration file section names 2016-01-15 13:48:24 +02:00
Lauri Võsandi 704523626b Rename spawn commands 2016-01-15 11:18:27 +02:00
Lauri Võsandi f2df17bb88 Refactor signature request submission 
Certidude client now reads configuration from
/etc/certidude/client.conf, submits CSR-s and
once signed configures services based on
/etc/certidude/services.conf
 2016-01-15 00:47:30 +02:00