1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00
Commit Graph

175 Commits

Author SHA1 Message Date
34e8fb9c8c Make Kerberos keytab handling more universal 2017-01-30 17:48:30 +00:00
0bca61e61f Add preliminary LDAP fallback support for Kerberos protected API calls 2017-01-30 07:04:05 +00:00
4ae40c5d45 Add long poll support for CRL API call 2017-01-30 06:29:01 +00:00
c979d73bec Fix typos for local time conversion 2017-01-30 06:27:12 +00:00
4c1e72709c Use local time for connected_since 2017-01-26 22:31:06 +00:00
108c2bc017 Clean up server.conf template 2017-01-26 22:14:56 +00:00
089d6b36b9 Hide tagging UI elements if tagging is disabled 2017-01-26 22:14:30 +00:00
5d5a24096c Merge branch 'master' of github.com:laurivosandi/certidude 2017-01-26 21:59:37 +00:00
1ec5ad3b7c Add openvpn-status.log support 2017-01-26 21:59:12 +00:00
6221fe9c00 Prompt for password when invalid password is entered 2017-01-26 15:22:02 +02:00
ef72cb70cd Fixes for testing server as regular user 2017-01-26 15:11:04 +02:00
dc9e01b4ad Merge branch 'master' of github.com:laurivosandi/certidude 2017-01-26 13:00:21 +02:00
372e71c175 Use TUN for network-manager/openvpn service 2017-01-26 12:55:26 +02:00
1925207a6d Add OpenVPN bundle generation 2017-01-25 11:34:08 +00:00
cca9d2ab2d Refactor LDAP authentication
* ldap uri can be specified in /etc/certidude/server.conf now
* /etc/ldap/ldap.conf is ignored
2017-01-25 09:43:19 +00:00
175f7f5d53 Fixes for LDAP access using machine credentials 2017-01-20 10:56:46 +00:00
4c69efbf87 Rely on nunjucks files provided by npm 2017-01-20 10:51:45 +00:00
e2f7c8d1d6 Trigger nmcli con reload after config file creation 2017-01-10 15:09:52 +02:00
b3a45cf2ab Expose insecure flag for turning off HTTPS 2017-01-10 15:01:16 +02:00
d68a9acac2 Work around Travis' long hostnames in const.py instead 2016-09-18 18:46:11 +03:00
fab52dca76 Add request submission from web interface 2016-09-18 16:25:52 +03:00
2590340355 Remove generated templates.js, add graceful fallback when not generated 2016-09-18 16:21:07 +03:00
e56b1b3f2b Upgrade to nunjucks v2.5.2 2016-09-18 15:11:23 +03:00
23d8942ffe Add fallbacks for e-mail handling if outbox is not defined 2016-09-18 14:32:39 +03:00
1b04a848e3 Improve Unicode handling in bundle generation 2016-09-18 14:32:14 +03:00
9cf5e298e8 Fix systemd service template 2016-09-18 00:21:24 +03:00
b4d006227a Refactor codebase
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
2016-09-18 00:00:14 +03:00
15858083b3 Use UTC for log entries 2016-04-05 15:30:50 +03:00
c33da46f19 Push server fixes 2016-04-05 15:02:05 +03:00
7012f5b365 Make user certificate enrollment configurable 2016-04-01 01:55:51 +03:00
fa27253b50 Add 'certidude users' command for listing user accounts 2016-04-01 00:01:58 +03:00
ff2e983711 ui: Update CRL fetching command example 2016-03-30 22:06:15 +03:00
ec2dea7a13 cli: Authority setup script fixes 2016-03-30 22:05:32 +03:00
456fe586c3 Add revocation list JSON serialization 2016-03-30 22:00:18 +03:00
5bdf986b47 cli: Send Accept: application/x-pem-file while downloading CRL 2016-03-29 23:39:19 +03:00
d2a259b887 Merge authority setup and production setup 2016-03-29 22:03:27 +03:00
a094db794b cli: Fix extended key usage flags for authority setup script 2016-03-29 19:43:50 +03:00
c644b065ef Migrate authority setup from PyOpenSSL to cryptography.io 2016-03-29 19:29:06 +03:00
af60fd8047 cli: Fix authority setup script 2016-03-29 18:37:28 +03:00
476a312b4e ui: Fix autosign subnets listing 2016-03-29 15:47:00 +03:00
09a67718ab Expose certificate and CRL lifetime via session API call 2016-03-29 15:43:34 +03:00
d8f1e36ecf Reduce default CRL lifetime to 20min 2016-03-29 15:17:44 +03:00
6de010a411 Make /api/revoked conform to RFC5280 2016-03-29 13:28:58 +03:00
1475828899 Fix CRL distriution points and add authority information access extensions 2016-03-29 12:29:15 +03:00
e721648328 Use common name instead of IP address as listening address for IPSec gateway 2016-03-29 12:28:10 +03:00
799b9e19c8 Use unicode literals for logging 2016-03-29 08:54:55 +03:00
acc0e29109 Add AKID and SKID 2016-03-29 08:47:43 +03:00
ff71ca42d7 Move GSSAPI credcache from authorization config section to accounts 2016-03-29 08:45:17 +03:00
22846327a0 Fix is_admin of PosixUserManager 2016-03-29 08:44:07 +03:00
de42d97b59 Add $ssl_client_s_dn_cn for nginx config template 2016-03-29 08:28:48 +03:00
3d32de8cad Documentation fixes and attempt to fix Travis 2016-03-28 00:00:41 +03:00
925bc0ef9a Refactor users, add OpenVPN and mailing support
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
2016-03-27 23:38:14 +03:00
811e6dbb08 Complete overhaul
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
2016-03-21 23:42:39 +02:00
d38a9a8103 Add preliminary PKCS#12 bundle generation 2016-03-01 11:01:53 +02:00
449dcea821 Add preliminary PAM authentication backend 2016-02-29 23:06:42 +02:00
4240d55fe4 Add preliminary Python 2.x support 2016-02-28 22:37:56 +02:00
5eed7cb6d9 ui: Add blue color for recently seen clients 2016-02-17 21:44:33 +02:00
489de4ec79 ui: Bundle template JavaScript 2016-02-17 16:16:00 +02:00
114e67ed6a api: Use nchan headers for pushing events 2016-02-17 16:15:06 +02:00
b830ce7671 api: Fix exception includes 2016-01-25 11:19:08 +02:00
661e7608ef ui: Precompile nunjucks templates 2016-01-25 11:18:19 +02:00
7cb9f04972 Add routes for NetworkManager only if they have been specified 2016-01-15 18:09:03 +02:00
6bfa1ccf9c cli: Fix typo 2016-01-15 13:50:45 +02:00
589a31eb3d Sanitize configuration file section names 2016-01-15 13:48:24 +02:00
704523626b Rename spawn commands 2016-01-15 11:18:27 +02:00
f2df17bb88 Refactor signature request submission
Certidude client now reads configuration from
/etc/certidude/client.conf, submits CSR-s and
once signed configures services based on
/etc/certidude/services.conf
2016-01-15 00:47:30 +02:00
d8abde3d53 Refactor request submission
API now properly distinguishes duplicate request from other requests with same common name.
2016-01-14 11:02:57 +02:00
aacf94bb28 Fix encoding error in duplicate request check 2016-01-14 10:44:26 +02:00
de08ba759d Release version 0.1.20 2016-01-10 19:51:54 +02:00
6a45592cd0 api: Fix CRL generation 2016-01-02 01:08:04 +02:00
Lauri Võsandi
6977d7148e cli: Send Accept header when requesting signed certificate 2015-12-23 16:10:00 +02:00
af4d50db17 ui: Added product serial tag 2015-12-23 11:46:27 +00:00
c59198887c api: Fixed API call for querying leases 2015-12-18 12:49:37 +00:00
ece05a21e0 cli: Added closeaction=restart to ipsec.conf template 2015-12-16 21:55:49 +00:00
da6600e2e9 api: Added signed certificate tagging mechanism 2015-12-16 17:41:49 +00:00
901b0f7224 api: Fix lookup of user context variable 2015-12-13 18:27:09 +00:00
fbbf7a320d Add preliminary support for logging
Current logging mechanism makes use of Python's logging module.
MySQL logging handler inserts log entries to MySQL server and
another logging handler is used to stream events to web interface
via nginx streaming push.
2015-12-13 15:11:22 +00:00
b788d701eb Refactor wrappers
Completely remove wrapper class for CA,
use certidude.authority module instead.
2015-12-12 22:39:17 +00:00
8397d02f26 Removed leftfirewall=yes from strongSwan config template 2015-11-20 21:17:46 +01:00
f893582338 Major refactoring, CA is associated with it's hostname now 2015-11-15 15:55:26 +01:00
e6f050c257 Added preliminary interfacing with updown scripts 2015-11-13 23:20:51 +01:00
887743cc0b api: Preliminary API call for listing client leases 2015-11-13 19:41:19 +01:00
3d36b2f92c Merge branch 'master' of github.com:laurivosandi/certidude 2015-11-11 20:12:28 +01:00
4eb0cceacc api: Preliminary API-fication of user interface 2015-11-11 20:12:04 +01:00
ffd6eccd80 Merge branch 'codecov' of https://github.com/plaes/certidude into plaes-codecov
Conflicts:
	certidude/api.py
2015-11-06 09:08:00 +02:00
a413a15854 Added preliminary event handling for front-end 2015-10-28 11:46:36 +01:00
f1c0a3925d Merge branch 'master' of github.com:laurivosandi/certidude 2015-10-28 10:52:14 +02:00
e292e01aff cli: Cleaned up certificate listing 2015-10-28 10:51:52 +02:00
3012d843a9 Enabled certificate publishing from command-line
Instead of defining environment variables for
push server URL-s the URL-s are now fetched
from openssl.cnf instead.
2015-10-26 21:52:48 +01:00
42916a7ccc cli: Improved strongSwan gateway setup heuristics 2015-10-20 20:38:48 +03:00
4c9f4ffd47 signer: Fixed typo 2015-10-20 11:32:46 +03:00
d4f735c34d cli: Add IKE Intermediate flag for strongSwan server CSR 2015-10-20 11:32:31 +03:00
cf0317f7b3 api: Fixed CSR processing if autosign GET variable was not present 2015-10-20 10:47:41 +03:00
90e7458136 Added textual representation for "IKE Intermediate" key usage flag 2015-10-17 20:53:46 +03:00
0a92589f41 Cleaned up ipsec.conf templates 2015-10-17 20:36:12 +03:00
03d727fca9 cli: Added /etc/ipsec.secrets generation 2015-10-17 20:32:36 +03:00
af608f6c75 Added NetworkManager strongSwan plugin integration 2015-10-17 18:07:26 +03:00
fcb770aa7c Fixed strongswan server setup helper 2015-10-16 18:44:42 +03:00
9a845fc009 Add basic tests for CA 2015-10-09 10:46:40 +03:00
6dec1eebd9 Fix traceback when no 'autosign' parameter was supplied 2015-10-08 14:47:22 +03:00