34e8fb9c8c
Make Kerberos keytab handling more universal
2017-01-30 17:48:30 +00:00
0bca61e61f
Add preliminary LDAP fallback support for Kerberos protected API calls
2017-01-30 07:04:05 +00:00
4ae40c5d45
Add long poll support for CRL API call
2017-01-30 06:29:01 +00:00
c979d73bec
Fix typos for local time conversion
2017-01-30 06:27:12 +00:00
4c1e72709c
Use local time for connected_since
2017-01-26 22:31:06 +00:00
108c2bc017
Clean up server.conf template
2017-01-26 22:14:56 +00:00
089d6b36b9
Hide tagging UI elements if tagging is disabled
2017-01-26 22:14:30 +00:00
5d5a24096c
Merge branch 'master' of github.com:laurivosandi/certidude
2017-01-26 21:59:37 +00:00
1ec5ad3b7c
Add openvpn-status.log support
2017-01-26 21:59:12 +00:00
6221fe9c00
Prompt for password when invalid password is entered
2017-01-26 15:22:02 +02:00
ef72cb70cd
Fixes for testing server as regular user
2017-01-26 15:11:04 +02:00
dc9e01b4ad
Merge branch 'master' of github.com:laurivosandi/certidude
2017-01-26 13:00:21 +02:00
372e71c175
Use TUN for network-manager/openvpn service
2017-01-26 12:55:26 +02:00
1925207a6d
Add OpenVPN bundle generation
2017-01-25 11:34:08 +00:00
cca9d2ab2d
Refactor LDAP authentication
...
* ldap uri can be specified in /etc/certidude/server.conf now
* /etc/ldap/ldap.conf is ignored
2017-01-25 09:43:19 +00:00
175f7f5d53
Fixes for LDAP access using machine credentials
2017-01-20 10:56:46 +00:00
4c69efbf87
Rely on nunjucks files provided by npm
2017-01-20 10:51:45 +00:00
e2f7c8d1d6
Trigger nmcli con reload
after config file creation
2017-01-10 15:09:52 +02:00
b3a45cf2ab
Expose insecure flag for turning off HTTPS
2017-01-10 15:01:16 +02:00
d68a9acac2
Work around Travis' long hostnames in const.py instead
2016-09-18 18:46:11 +03:00
fab52dca76
Add request submission from web interface
2016-09-18 16:25:52 +03:00
2590340355
Remove generated templates.js, add graceful fallback when not generated
2016-09-18 16:21:07 +03:00
e56b1b3f2b
Upgrade to nunjucks v2.5.2
2016-09-18 15:11:23 +03:00
23d8942ffe
Add fallbacks for e-mail handling if outbox is not defined
2016-09-18 14:32:39 +03:00
1b04a848e3
Improve Unicode handling in bundle generation
2016-09-18 14:32:14 +03:00
9cf5e298e8
Fix systemd service template
2016-09-18 00:21:24 +03:00
b4d006227a
Refactor codebase
...
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
2016-09-18 00:00:14 +03:00
15858083b3
Use UTC for log entries
2016-04-05 15:30:50 +03:00
c33da46f19
Push server fixes
2016-04-05 15:02:05 +03:00
7012f5b365
Make user certificate enrollment configurable
2016-04-01 01:55:51 +03:00
fa27253b50
Add 'certidude users' command for listing user accounts
2016-04-01 00:01:58 +03:00
ff2e983711
ui: Update CRL fetching command example
2016-03-30 22:06:15 +03:00
ec2dea7a13
cli: Authority setup script fixes
2016-03-30 22:05:32 +03:00
456fe586c3
Add revocation list JSON serialization
2016-03-30 22:00:18 +03:00
5bdf986b47
cli: Send Accept: application/x-pem-file while downloading CRL
2016-03-29 23:39:19 +03:00
d2a259b887
Merge authority setup and production setup
2016-03-29 22:03:27 +03:00
a094db794b
cli: Fix extended key usage flags for authority setup script
2016-03-29 19:43:50 +03:00
c644b065ef
Migrate authority setup from PyOpenSSL to cryptography.io
2016-03-29 19:29:06 +03:00
af60fd8047
cli: Fix authority setup script
2016-03-29 18:37:28 +03:00
476a312b4e
ui: Fix autosign subnets listing
2016-03-29 15:47:00 +03:00
09a67718ab
Expose certificate and CRL lifetime via session API call
2016-03-29 15:43:34 +03:00
d8f1e36ecf
Reduce default CRL lifetime to 20min
2016-03-29 15:17:44 +03:00
6de010a411
Make /api/revoked conform to RFC5280
2016-03-29 13:28:58 +03:00
1475828899
Fix CRL distriution points and add authority information access extensions
2016-03-29 12:29:15 +03:00
e721648328
Use common name instead of IP address as listening address for IPSec gateway
2016-03-29 12:28:10 +03:00
799b9e19c8
Use unicode literals for logging
2016-03-29 08:54:55 +03:00
acc0e29109
Add AKID and SKID
2016-03-29 08:47:43 +03:00
ff71ca42d7
Move GSSAPI credcache from authorization config section to accounts
2016-03-29 08:45:17 +03:00
22846327a0
Fix is_admin of PosixUserManager
2016-03-29 08:44:07 +03:00
de42d97b59
Add $ssl_client_s_dn_cn for nginx config template
2016-03-29 08:28:48 +03:00
3d32de8cad
Documentation fixes and attempt to fix Travis
2016-03-28 00:00:41 +03:00
925bc0ef9a
Refactor users, add OpenVPN and mailing support
...
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
2016-03-27 23:38:14 +03:00
811e6dbb08
Complete overhaul
...
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
2016-03-21 23:42:39 +02:00
d38a9a8103
Add preliminary PKCS#12 bundle generation
2016-03-01 11:01:53 +02:00
449dcea821
Add preliminary PAM authentication backend
2016-02-29 23:06:42 +02:00
4240d55fe4
Add preliminary Python 2.x support
2016-02-28 22:37:56 +02:00
5eed7cb6d9
ui: Add blue color for recently seen clients
2016-02-17 21:44:33 +02:00
489de4ec79
ui: Bundle template JavaScript
2016-02-17 16:16:00 +02:00
114e67ed6a
api: Use nchan headers for pushing events
2016-02-17 16:15:06 +02:00
b830ce7671
api: Fix exception includes
2016-01-25 11:19:08 +02:00
661e7608ef
ui: Precompile nunjucks templates
2016-01-25 11:18:19 +02:00
7cb9f04972
Add routes for NetworkManager only if they have been specified
2016-01-15 18:09:03 +02:00
6bfa1ccf9c
cli: Fix typo
2016-01-15 13:50:45 +02:00
589a31eb3d
Sanitize configuration file section names
2016-01-15 13:48:24 +02:00
704523626b
Rename spawn commands
2016-01-15 11:18:27 +02:00
f2df17bb88
Refactor signature request submission
...
Certidude client now reads configuration from
/etc/certidude/client.conf, submits CSR-s and
once signed configures services based on
/etc/certidude/services.conf
2016-01-15 00:47:30 +02:00
d8abde3d53
Refactor request submission
...
API now properly distinguishes duplicate request from other requests with same common name.
2016-01-14 11:02:57 +02:00
aacf94bb28
Fix encoding error in duplicate request check
2016-01-14 10:44:26 +02:00
de08ba759d
Release version 0.1.20
2016-01-10 19:51:54 +02:00
6a45592cd0
api: Fix CRL generation
2016-01-02 01:08:04 +02:00
Lauri Võsandi
6977d7148e
cli: Send Accept header when requesting signed certificate
2015-12-23 16:10:00 +02:00
af4d50db17
ui: Added product serial tag
2015-12-23 11:46:27 +00:00
c59198887c
api: Fixed API call for querying leases
2015-12-18 12:49:37 +00:00
ece05a21e0
cli: Added closeaction=restart to ipsec.conf template
2015-12-16 21:55:49 +00:00
da6600e2e9
api: Added signed certificate tagging mechanism
2015-12-16 17:41:49 +00:00
901b0f7224
api: Fix lookup of user context variable
2015-12-13 18:27:09 +00:00
fbbf7a320d
Add preliminary support for logging
...
Current logging mechanism makes use of Python's logging module.
MySQL logging handler inserts log entries to MySQL server and
another logging handler is used to stream events to web interface
via nginx streaming push.
2015-12-13 15:11:22 +00:00
b788d701eb
Refactor wrappers
...
Completely remove wrapper class for CA,
use certidude.authority module instead.
2015-12-12 22:39:17 +00:00
8397d02f26
Removed leftfirewall=yes from strongSwan config template
2015-11-20 21:17:46 +01:00
f893582338
Major refactoring, CA is associated with it's hostname now
2015-11-15 15:55:26 +01:00
e6f050c257
Added preliminary interfacing with updown scripts
2015-11-13 23:20:51 +01:00
887743cc0b
api: Preliminary API call for listing client leases
2015-11-13 19:41:19 +01:00
3d36b2f92c
Merge branch 'master' of github.com:laurivosandi/certidude
2015-11-11 20:12:28 +01:00
4eb0cceacc
api: Preliminary API-fication of user interface
2015-11-11 20:12:04 +01:00
ffd6eccd80
Merge branch 'codecov' of https://github.com/plaes/certidude into plaes-codecov
...
Conflicts:
certidude/api.py
2015-11-06 09:08:00 +02:00
a413a15854
Added preliminary event handling for front-end
2015-10-28 11:46:36 +01:00
f1c0a3925d
Merge branch 'master' of github.com:laurivosandi/certidude
2015-10-28 10:52:14 +02:00
e292e01aff
cli: Cleaned up certificate listing
2015-10-28 10:51:52 +02:00
3012d843a9
Enabled certificate publishing from command-line
...
Instead of defining environment variables for
push server URL-s the URL-s are now fetched
from openssl.cnf instead.
2015-10-26 21:52:48 +01:00
42916a7ccc
cli: Improved strongSwan gateway setup heuristics
2015-10-20 20:38:48 +03:00
4c9f4ffd47
signer: Fixed typo
2015-10-20 11:32:46 +03:00
d4f735c34d
cli: Add IKE Intermediate flag for strongSwan server CSR
2015-10-20 11:32:31 +03:00
cf0317f7b3
api: Fixed CSR processing if autosign GET variable was not present
2015-10-20 10:47:41 +03:00
90e7458136
Added textual representation for "IKE Intermediate" key usage flag
2015-10-17 20:53:46 +03:00
0a92589f41
Cleaned up ipsec.conf templates
2015-10-17 20:36:12 +03:00
03d727fca9
cli: Added /etc/ipsec.secrets generation
2015-10-17 20:32:36 +03:00
af608f6c75
Added NetworkManager strongSwan plugin integration
2015-10-17 18:07:26 +03:00
fcb770aa7c
Fixed strongswan server setup helper
2015-10-16 18:44:42 +03:00
9a845fc009
Add basic tests for CA
2015-10-09 10:46:40 +03:00
6dec1eebd9
Fix traceback when no 'autosign' parameter was supplied
2015-10-08 14:47:22 +03:00