Lauri Võsandi
aeb5d81aa6
tests: Generate DH params file in single location
2017-05-03 21:12:51 +00:00
Lauri Võsandi
189c604832
tests: Better code coverage
2017-05-03 21:04:34 +00:00
Lauri Võsandi
47aded48d5
tests: Add e-mailing and more cli commands
2017-05-03 14:42:37 +00:00
Lauri Võsandi
649863a77e
tests: Handle forking
2017-05-03 07:04:52 +00:00
Lauri Võsandi
9a7b806ff6
tests: Fix /run/certidude permissions
2017-05-01 23:06:45 +00:00
Lauri Võsandi
58491e7933
tests: Cleanups
2017-05-01 22:32:55 +00:00
Lauri Võsandi
986953f10f
tests: Prevent nginx setup on Travis
2017-05-01 18:45:15 +00:00
Lauri Võsandi
f7a27c6044
tests: More verbose output while setting up CA
2017-05-01 18:06:47 +00:00
Lauri Võsandi
e0eb3ee471
tests: Create certidude user in advance
2017-05-01 17:56:10 +00:00
Lauri Võsandi
b0683b268d
Attempt to run client as part of unittests
2017-05-01 16:20:50 +00:00
Lauri Võsandi
cc4f13086e
Improve init/openvpn handler
...
* Create systemd service for signaling OpenVPN client after suspend
* Use tun instead of tap
* Update DNS server/domain upon (dis)connect
* Include necessary templates
2017-04-29 22:09:31 +03:00
Lauri Võsandi
5ddbf87ed2
Add test for fetching logs
2017-04-26 00:10:12 +03:00
Lauri Võsandi
b867eee67e
Add more API tests for lease, attribs etc
2017-04-25 23:32:21 +03:00
Lauri Võsandi
d5edbe50c5
Token mechanism fixes
2017-04-24 20:33:55 +03:00
Lauri Võsandi
029ee357fb
Token mechanism fixes:
...
* Save token secret to config
* OpenVPN profile fixes for Ubuntu 16.04
* Raise correct exceptions for invalid tokens
* Display token expiration time in local time
2017-04-22 14:10:54 +03:00
Lauri Võsandi
9a793088c6
Use local MTA for sending e-mail
2017-04-21 16:58:01 +00:00
Lauri Võsandi
5e812f5194
Fixes
2017-04-20 05:20:10 +00:00
Lauri Võsandi
772886e4d4
Fix typo
2017-04-14 20:32:59 +03:00
Lauri Võsandi
ca0386b649
StrongSwan gateway setup script cleanups
2017-04-14 20:21:31 +03:00
Lauri Võsandi
91f8f09854
StrongSwan client setup fixes
2017-04-14 02:49:11 +03:00
Lauri Võsandi
8bf9ebfebb
Merge branch 'master' of github.com:laurivosandi/certidude
2017-04-14 01:50:33 +03:00
Lauri Võsandi
a3adba02a5
Fix CRL path for configuration generators
2017-04-14 01:50:04 +03:00
Lauri Võsandi
216af460cf
Better system keytab checking for client
2017-04-14 01:49:32 +03:00
Lauri Võsandi
1c5913ee3b
Add dynamic package installation via decorators
2017-04-13 22:30:20 +00:00
Lauri Võsandi
02b2f041cc
Clean up dependencies and Travis
2017-04-13 20:52:09 +00:00
Lauri Võsandi
52d35012a4
Various fixes
2017-04-13 20:30:56 +00:00
Lauri Võsandi
d7a2c7c193
Fix OpenVPN client configuration generation
2017-04-13 18:17:05 +03:00
Lauri Võsandi
51d7dffa9b
Bugfixes
2017-04-12 13:56:29 +00:00
Lauri Võsandi
0201a84a64
Merge branch 'master' of github.com:laurivosandi/certidude
2017-04-12 13:22:21 +00:00
Lauri Võsandi
09724e04dc
Add preliminary bootstrap API call
2017-04-12 13:21:49 +00:00
Lauri Võsandi
e68829732d
Merge branch 'master' of github.com:laurivosandi/certidude
2017-04-07 10:57:38 +03:00
Lauri Võsandi
f477fb9ad8
cli: Add Yubikey enrollment command
2017-04-07 10:57:25 +03:00
Lauri Võsandi
848763160b
Merge github.com:laurivosandi/certidude
2017-04-04 05:03:33 +00:00
Lauri Võsandi
90b663ce26
Add file based rotating log handler
2017-04-04 05:02:08 +00:00
Lauri Võsandi
5c6097cc40
Fix CSR listing command
2017-03-28 12:24:51 +03:00
Lauri Võsandi
d5dcadc346
Remove dependency on pycountries
2017-03-26 20:47:45 +00:00
Lauri Võsandi
44b6f13669
Use random serial for CA certificate
2017-03-26 20:44:47 +00:00
Lauri Võsandi
79aa1e18c0
Add explicit renewal flag for `certiude request`
2017-03-13 19:47:58 +02:00
Lauri Võsandi
7eb8378562
Attempt to fix tests
2017-03-13 17:20:41 +02:00
Lauri Võsandi
06010ceaf3
Refactor
...
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
2017-03-13 11:42:58 +00:00
Lauri Võsandi
2a8109704a
Refactor
...
* Remove given name and surname attributes because of issues with OpenVPN Connect
* Remove e-mail attribute because of no reliable method of deriving usable address
* Remove organizational unit attribute
* Don't overwrite Kerberos cronjob during certidude setup authority
* Enforce path_length=0 for disabling intermediate CA-s
* Remove SAN attributes
* Add configuration options for outbox sender name and address
* Use common name attribute to derive signature flags
* Use distinct pub/sub URL-s for long poll and event source
2017-02-07 22:07:21 +00:00
Lauri Võsandi
ef72cb70cd
Fixes for testing server as regular user
2017-01-26 15:11:04 +02:00
Lauri Võsandi
372e71c175
Use TUN for network-manager/openvpn service
2017-01-26 12:55:26 +02:00
Lauri Võsandi
e2f7c8d1d6
Trigger `nmcli con reload` after config file creation
2017-01-10 15:09:52 +02:00
Lauri Võsandi
b3a45cf2ab
Expose insecure flag for turning off HTTPS
2017-01-10 15:01:16 +02:00
Lauri Võsandi
b4d006227a
Refactor codebase
...
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
2016-09-18 00:00:14 +03:00
Lauri Võsandi
fa27253b50
Add 'certidude users' command for listing user accounts
2016-04-01 00:01:58 +03:00
Lauri Võsandi
ec2dea7a13
cli: Authority setup script fixes
2016-03-30 22:05:32 +03:00
Lauri Võsandi
d2a259b887
Merge authority setup and production setup
2016-03-29 22:03:27 +03:00
Lauri Võsandi
a094db794b
cli: Fix extended key usage flags for authority setup script
2016-03-29 19:43:50 +03:00
Lauri Võsandi
c644b065ef
Migrate authority setup from PyOpenSSL to cryptography.io
2016-03-29 19:29:06 +03:00
Lauri Võsandi
af60fd8047
cli: Fix authority setup script
2016-03-29 18:37:28 +03:00
Lauri Võsandi
1475828899
Fix CRL distriution points and add authority information access extensions
2016-03-29 12:29:15 +03:00
Lauri Võsandi
acc0e29109
Add AKID and SKID
2016-03-29 08:47:43 +03:00
Lauri Võsandi
925bc0ef9a
Refactor users, add OpenVPN and mailing support
...
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
2016-03-27 23:38:14 +03:00
Lauri Võsandi
811e6dbb08
Complete overhaul
...
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
2016-03-21 23:42:39 +02:00
Lauri Võsandi
d38a9a8103
Add preliminary PKCS#12 bundle generation
2016-03-01 11:01:53 +02:00
Lauri Võsandi
449dcea821
Add preliminary PAM authentication backend
2016-02-29 23:06:42 +02:00
Lauri Võsandi
4240d55fe4
Add preliminary Python 2.x support
2016-02-28 22:37:56 +02:00
Lauri Võsandi
7cb9f04972
Add routes for NetworkManager only if they have been specified
2016-01-15 18:09:03 +02:00
Lauri Võsandi
6bfa1ccf9c
cli: Fix typo
2016-01-15 13:50:45 +02:00
Lauri Võsandi
589a31eb3d
Sanitize configuration file section names
2016-01-15 13:48:24 +02:00
Lauri Võsandi
704523626b
Rename spawn commands
2016-01-15 11:18:27 +02:00
Lauri Võsandi
f2df17bb88
Refactor signature request submission
...
Certidude client now reads configuration from
/etc/certidude/client.conf, submits CSR-s and
once signed configures services based on
/etc/certidude/services.conf
2016-01-15 00:47:30 +02:00
Lauri Võsandi
de08ba759d
Release version 0.1.20
2016-01-10 19:51:54 +02:00
Lauri Võsandi
da6600e2e9
api: Added signed certificate tagging mechanism
2015-12-16 17:41:49 +00:00
Lauri Võsandi
b788d701eb
Refactor wrappers
...
Completely remove wrapper class for CA,
use certidude.authority module instead.
2015-12-12 22:39:17 +00:00
Lauri Võsandi
f893582338
Major refactoring, CA is associated with it's hostname now
2015-11-15 15:55:26 +01:00
Lauri Võsandi
f1c0a3925d
Merge branch 'master' of github.com:laurivosandi/certidude
2015-10-28 10:52:14 +02:00
Lauri Võsandi
e292e01aff
cli: Cleaned up certificate listing
2015-10-28 10:51:52 +02:00
Lauri Võsandi
3012d843a9
Enabled certificate publishing from command-line
...
Instead of defining environment variables for
push server URL-s the URL-s are now fetched
from openssl.cnf instead.
2015-10-26 21:52:48 +01:00
Lauri Võsandi
42916a7ccc
cli: Improved strongSwan gateway setup heuristics
2015-10-20 20:38:48 +03:00
Lauri Võsandi
d4f735c34d
cli: Add IKE Intermediate flag for strongSwan server CSR
2015-10-20 11:32:31 +03:00
Lauri Võsandi
03d727fca9
cli: Added /etc/ipsec.secrets generation
2015-10-17 20:32:36 +03:00
Lauri Võsandi
af608f6c75
Added NetworkManager strongSwan plugin integration
2015-10-17 18:07:26 +03:00
Lauri Võsandi
fcb770aa7c
Fixed strongswan server setup helper
2015-10-16 18:44:42 +03:00
Priit Laes
91d09629e2
cli: Fix 'certidude list [CA]...' command
2015-09-30 15:41:19 +03:00
Priit Laes
f73885fe70
cli: Use CERTIDUDE_CONF env variable to load custom configuration
2015-09-30 11:42:38 +03:00
Priit Laes
706f4f78d3
cli: sha1 is deprecated, use sha256 instead.
2015-09-29 15:17:08 +03:00
Priit Laes
3e93aeee72
cli: Make sure user doesn't accidentally overwrite existing setup
2015-09-29 15:17:08 +03:00
Priit Laes
c68c5d2a07
Remove 'certidude' group requirement for creating CA configuration
...
We shouldn't require user to have 'certidude' user/group in system
in order to just create initial CA setup.
2015-09-29 15:17:08 +03:00
Priit Laes
81eef1d42f
Remove the netifaces requirement
2015-09-29 15:17:08 +03:00
Priit Laes
4c1c2010c6
Add basic tests
2015-09-29 15:17:08 +03:00
Priit Laes
4a94715c68
Add workaround for chroot issues
2015-09-03 09:00:45 +00:00
Priit Laes
46fd8a2385
Move all falcon-specific stuff away from cli
2015-09-02 06:20:19 +00:00
Priit Laes
f93ce70d6d
Add factory function to create wsgi app - kills some duplicate code
2015-09-02 06:20:19 +00:00
Priit Laes
03f9c9fd50
cli: spawn: Fix error message when certidude signer is already running
2015-08-27 17:47:28 +00:00
Priit Laes
49a79c9180
cli: spawn: Return error code when spawn fails
2015-08-27 11:52:40 +00:00
Priit Laes
8b35102974
Refactor CertificateAuthorityConfig to accept single configuration file
2015-08-27 11:48:53 +00:00
Priit Laes
2877c32c69
cli: Kill unused imports
2015-08-27 09:28:08 +00:00
Priit Laes
da2002538e
cli: Generate openssl.cnf snippet as file instead of writing it to terminal
2015-08-27 09:20:44 +00:00
Priit Laes
f7183fd1ab
cli: Add some error checks for ca target directory
2015-08-27 09:20:38 +00:00
Lauri Võsandi
e2f27078d1
Added preliminary Kerberos authentication support
2015-08-16 17:21:42 +03:00
Lauri Võsandi
c5d27e8a76
Released 0.1.17
2015-08-13 11:11:08 +03:00
Lauri Võsandi
f24ef4024c
Fixes
2015-07-27 18:49:50 +03:00
Lauri Võsandi
10a329c0fe
Added uWSGI support and documentation
2015-07-27 15:30:50 +03:00
Lauri Võsandi
d024f778f8
Implemented essential functionality
2015-07-26 23:34:46 +03:00
Lauri Võsandi
0af381fc46
Initial commit
2015-07-12 22:22:10 +03:00