1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-11-10 23:20:35 +00:00
Commit Graph

87 Commits

Author SHA1 Message Date
ce93fbb58b Several updates #4
* Improved offline install docs
* Migrated token mechanism backend to SQL
* Preliminary token mechanism frontend integration
* Add clock skew tolerance for OCSP
* Add 'ldap computer filter' support for Kerberized machine enroll
* Include OCSP and CRL URL-s in certificates, controlled by profile.conf
* Better certificate extension handling
* Place DH parameters file in /etc/ssl/dhparam.pem
* Always talk to CA over port 8443 for 'certidude enroll'
* Hardened frontend nginx config
* Separate log files for frontend nginx
* Better provisioning heuristics
* Add sample site.sh config for LEDE image builder
* Add more device profiles for LEDE image builder
* Various bugfixes and improvements
2018-05-15 07:45:29 +00:00
f4627b3bd6 Allow provisioning as subordinate CA and add offline install docs 2018-05-07 11:18:29 +00:00
bfdd8c4887 Several updates #3
* Move SessionResource and CertificateAuthorityResource to api/session.py
* Log browser user agent for logins
* Remove static sink from backend, nginx always serves static now
* Don't emit 'attribute-update' event if no attributes were changed
* Better CN extraction from DN during lease update
* Log user who deleted request
* Remove long polling CRL fetch API call and relevant test
* Merge auth decorators ldap_authenticate, kerberos_authenticate, pam_authenticate
* Add 'kerberos subnets' to distinguish authentication method
* Add 'admin subnets' to filter traffic to administrative API calls
* Highlight recent log events
* Links to switch between 2, 3 and 4 column layouts in the dashboard
* Restored certidude client snippets in request dialog
* Various bugfixes, improved log messages
2018-05-04 08:55:49 +00:00
4e4b551cc2 Several updates #2
* Reverse RDN components for all certs
* Less side effects in unittests
* Split help dialog shell snippets into separate files
* Restore 'admin subnets' config option
* Embedded subnets, IKE and ESP proposals now configurable in builder.conf
* Use expr instead of bc for math operations in shell
* Better frontend support for Let's Encrypt certificates
2018-05-02 08:11:01 +00:00
5e9251f365 Several updates
* Subnets configuration option for Kerberos machine enrollment
* Configurable script snippets via [service] configuration section
* Preliminary revocation reason support
* Improved signature profile support
* Add domain components to DN to distinguish certificate CN's namespace
* Image builder improvements, add Elliptic Curve support
* Added GetCACaps operation and more digest algorithms for SCEP
* Generate certificate and CRL serial from timestamp (64+32bits) and random bytes (56bits)
* Move client storage pool to /etc/certidude/authority/
* Cleanups & bugfixes
2018-04-27 07:48:15 +00:00
dbbcec6d64 tests: Fix several issues with signature profiles 2018-04-10 09:29:05 +00:00
098aa5657d tests: More explicit errors for OCSP and SCEP 2018-01-05 12:42:14 +00:00
59bedc1f16 Major refactor
* Migrate to Python 3
* Update token generator mechanism
* Switch to Bootstrap 4
* Switch from Iconmonstr to Font Awesome icons
* Rename default CA common name to "Certidude at ca.example.lan"
* Add self-enroll for the TLS server certificates
* TLS client auth for lease updating
* Compile assets from npm packages to /var/lib/certidude/ca.example.lan/assets
2017-12-30 14:00:19 +00:00
d32ec224d7 Install cryptography.io just for unittests 2017-08-16 21:08:20 +00:00
509f7bfaa8 Migrate from cryptography.io to oscrypto 2017-08-16 20:25:16 +00:00
f7d8e95aa8 tests: Fix /api/revoked check 2017-07-29 21:27:15 +00:00
03b9778170 Better starttup/shutdown notification 2017-07-11 18:57:19 +00:00
486a5d3459 tests: Lazier import for xattr 2017-07-08 08:51:00 +00:00
a48331a9cb tests: Add test for machine attribute updates 2017-07-07 21:07:25 +00:00
39363a57c7 tests: More coverage 2017-07-06 09:29:02 +00:00
34c72aaa9e tests: Fixes and better code coverage 2017-07-06 08:15:44 +00:00
e25c774fa3 Bugfixes and test for SCEP 2017-07-05 21:22:02 +00:00
0a98b3f82e Add tests for OCSP, several bugfixes 2017-06-04 14:19:29 +00:00
eecfbee384 tests: Fix signer shutdown and add tests for event source 2017-05-09 09:48:24 +00:00
b77a427949 api: Submit inner and outer IP address when updating lease 2017-05-08 20:33:20 +00:00
dfb90689db tests: Disable LDAP auth check for now 2017-05-08 16:49:45 +00:00
09f5b11505 tests: Add tests for machine keytab auth 2017-05-08 16:25:59 +00:00
e27b3ff9d1 tests: Never verify TLS certfs for LDAP 2017-05-08 10:27:27 +00:00
4e41655532 api: Better error message when confronted with NTLM 2017-05-08 10:26:11 +00:00
545febf3d0 tests: Cover LDAP auth and more 2017-05-07 22:14:58 +00:00
b1dd6f0093 tests: Checks for /etc/cron.hourly/certidude 2017-05-07 19:51:40 +00:00
8440cd840d tests: Fix race condition bugs 2017-05-07 19:29:07 +00:00
71e77154d7 tests: Preliminary tests for Kerberos/LDAP auth 2017-05-07 19:11:24 +00:00
60a0f2ba7c tests: Set up nchan as part of certidude setup authority 2017-05-06 21:35:02 +00:00
b19e163a82 tests: Attempt to set up nchan as part of unittests 2017-05-06 21:07:41 +00:00
de1d182320 Add API call for rendering scripts, bugfixes 2017-05-04 17:56:53 +00:00
a75fb58cb5 tests: Lease and attribute API call fixes 2017-05-04 10:02:14 +00:00
8c8a3a9930 tests: Better tagging tests 2017-05-04 09:35:39 +00:00
94944e37f1 tests: Better coverage for tagging tests 2017-05-04 09:14:47 +00:00
2ffcc64d86 tests: Test CRL checks on client side 2017-05-04 07:38:49 +00:00
505fa9d557 tests: Fix NetworkManager setup tests 2017-05-04 06:40:47 +00:00
9922516d24 tests: Test request deletion and signing API calls 2017-05-03 21:54:08 +00:00
189c604832 tests: Better code coverage 2017-05-03 21:04:34 +00:00
47aded48d5 tests: Add e-mailing and more cli commands 2017-05-03 14:42:37 +00:00
649863a77e tests: Handle forking 2017-05-03 07:04:52 +00:00
8f9da9c2f1 tests: Add test for certificate renewal 2017-05-02 06:11:28 +00:00
9a7b806ff6 tests: Fix /run/certidude permissions 2017-05-01 23:06:45 +00:00
60ff382d74 tests: More verbosity 2017-05-01 22:53:24 +00:00
a9c29d2fbb tests: Improvements 2017-05-01 22:41:41 +00:00
58491e7933 tests: Cleanups 2017-05-01 22:32:55 +00:00
3c8aef4fd2 tests: Better CA cert checks 2017-05-01 21:52:27 +00:00
1484ad7826 tests: Fix typo 2017-05-01 21:41:34 +00:00
c60fd6ac9e tests: Add requests.get for static serving tests 2017-05-01 21:37:56 +00:00
be561cc52f tests: Add test for export_crl() function 2017-05-01 21:06:28 +00:00
128369f6f6 tests: More detailed error captures for API calls 2017-05-01 20:49:25 +00:00