lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
180 Commits 2 Branches 0 Tags 18 MiB
Commit Graph

59 Commits

Author SHA1 Message Date
Lauri Võsandi 06010ceaf3 Refactor 
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
 2017-03-13 11:42:58 +00:00
Lauri Võsandi 2a8109704a Refactor 
* Remove given name and surname attributes because of issues with OpenVPN Connect
* Remove e-mail attribute because of no reliable method of deriving usable address
* Remove organizational unit attribute
* Don't overwrite Kerberos cronjob during certidude setup authority
* Enforce path_length=0 for disabling intermediate CA-s
* Remove SAN attributes
* Add configuration options for outbox sender name and address
* Use common name attribute to derive signature flags
* Use distinct pub/sub URL-s for long poll and event source
 2017-02-07 22:07:21 +00:00
Lauri Võsandi ef72cb70cd Fixes for testing server as regular user 2017-01-26 15:11:04 +02:00
Lauri Võsandi 372e71c175 Use TUN for network-manager/openvpn service 2017-01-26 12:55:26 +02:00
Lauri Võsandi e2f7c8d1d6 Trigger `nmcli con reload` after config file creation 2017-01-10 15:09:52 +02:00
Lauri Võsandi b3a45cf2ab Expose insecure flag for turning off HTTPS 2017-01-10 15:01:16 +02:00
Lauri Võsandi b4d006227a Refactor codebase 
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
 2016-09-18 00:00:14 +03:00
Lauri Võsandi fa27253b50 Add 'certidude users' command for listing user accounts 2016-04-01 00:01:58 +03:00
Lauri Võsandi ec2dea7a13 cli: Authority setup script fixes 2016-03-30 22:05:32 +03:00
Lauri Võsandi d2a259b887 Merge authority setup and production setup 2016-03-29 22:03:27 +03:00
Lauri Võsandi a094db794b cli: Fix extended key usage flags for authority setup script 2016-03-29 19:43:50 +03:00
Lauri Võsandi c644b065ef Migrate authority setup from PyOpenSSL to cryptography.io 2016-03-29 19:29:06 +03:00
Lauri Võsandi af60fd8047 cli: Fix authority setup script 2016-03-29 18:37:28 +03:00
Lauri Võsandi 1475828899 Fix CRL distriution points and add authority information access extensions 2016-03-29 12:29:15 +03:00
Lauri Võsandi acc0e29109 Add AKID and SKID 2016-03-29 08:47:43 +03:00
Lauri Võsandi 925bc0ef9a Refactor users, add OpenVPN and mailing support 
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
 2016-03-27 23:38:14 +03:00
Lauri Võsandi 811e6dbb08 Complete overhaul 
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
 2016-03-21 23:42:39 +02:00
Lauri Võsandi d38a9a8103 Add preliminary PKCS#12 bundle generation 2016-03-01 11:01:53 +02:00
Lauri Võsandi 449dcea821 Add preliminary PAM authentication backend 2016-02-29 23:06:42 +02:00
Lauri Võsandi 4240d55fe4 Add preliminary Python 2.x support 2016-02-28 22:37:56 +02:00
Lauri Võsandi 7cb9f04972 Add routes for NetworkManager only if they have been specified 2016-01-15 18:09:03 +02:00
Lauri Võsandi 6bfa1ccf9c cli: Fix typo 2016-01-15 13:50:45 +02:00
Lauri Võsandi 589a31eb3d Sanitize configuration file section names 2016-01-15 13:48:24 +02:00
Lauri Võsandi 704523626b Rename spawn commands 2016-01-15 11:18:27 +02:00
Lauri Võsandi f2df17bb88 Refactor signature request submission 
Certidude client now reads configuration from
/etc/certidude/client.conf, submits CSR-s and
once signed configures services based on
/etc/certidude/services.conf
 2016-01-15 00:47:30 +02:00
Lauri Võsandi de08ba759d Release version 0.1.20 2016-01-10 19:51:54 +02:00
Lauri Võsandi da6600e2e9 api: Added signed certificate tagging mechanism 2015-12-16 17:41:49 +00:00
Lauri Võsandi b788d701eb Refactor wrappers 
Completely remove wrapper class for CA,
use certidude.authority module instead.
 2015-12-12 22:39:17 +00:00
Lauri Võsandi f893582338 Major refactoring, CA is associated with it's hostname now 2015-11-15 15:55:26 +01:00
Lauri Võsandi f1c0a3925d Merge branch 'master' of github.com:laurivosandi/certidude 2015-10-28 10:52:14 +02:00
Lauri Võsandi e292e01aff cli: Cleaned up certificate listing 2015-10-28 10:51:52 +02:00
Lauri Võsandi 3012d843a9 Enabled certificate publishing from command-line 
Instead of defining environment variables for
push server URL-s the URL-s are now fetched
from openssl.cnf instead.
 2015-10-26 21:52:48 +01:00
Lauri Võsandi 42916a7ccc cli: Improved strongSwan gateway setup heuristics 2015-10-20 20:38:48 +03:00
Lauri Võsandi d4f735c34d cli: Add IKE Intermediate flag for strongSwan server CSR 2015-10-20 11:32:31 +03:00
Lauri Võsandi 03d727fca9 cli: Added /etc/ipsec.secrets generation 2015-10-17 20:32:36 +03:00
Lauri Võsandi af608f6c75 Added NetworkManager strongSwan plugin integration 2015-10-17 18:07:26 +03:00
Lauri Võsandi fcb770aa7c Fixed strongswan server setup helper 2015-10-16 18:44:42 +03:00
Priit Laes 91d09629e2 cli: Fix 'certidude list [CA]...' command 2015-09-30 15:41:19 +03:00
Priit Laes f73885fe70 cli: Use CERTIDUDE_CONF env variable to load custom configuration 2015-09-30 11:42:38 +03:00
Priit Laes 706f4f78d3 cli: sha1 is deprecated, use sha256 instead. 2015-09-29 15:17:08 +03:00
Priit Laes 3e93aeee72 cli: Make sure user doesn't accidentally overwrite existing setup 2015-09-29 15:17:08 +03:00
Priit Laes c68c5d2a07 Remove 'certidude' group requirement for creating CA configuration 
We shouldn't require user to have 'certidude' user/group in system
in order to just create initial CA setup.
 2015-09-29 15:17:08 +03:00
Priit Laes 81eef1d42f Remove the netifaces requirement 2015-09-29 15:17:08 +03:00
Priit Laes 4c1c2010c6 Add basic tests 2015-09-29 15:17:08 +03:00
Priit Laes 4a94715c68 Add workaround for chroot issues 2015-09-03 09:00:45 +00:00
Priit Laes 46fd8a2385 Move all falcon-specific stuff away from cli 2015-09-02 06:20:19 +00:00
Priit Laes f93ce70d6d Add factory function to create wsgi app - kills some duplicate code 2015-09-02 06:20:19 +00:00
Priit Laes 03f9c9fd50 cli: spawn: Fix error message when certidude signer is already running 2015-08-27 17:47:28 +00:00
Priit Laes 49a79c9180 cli: spawn: Return error code when spawn fails 2015-08-27 11:52:40 +00:00
Priit Laes 8b35102974 Refactor CertificateAuthorityConfig to accept single configuration file 2015-08-27 11:48:53 +00:00