Lauri Võsandi
9008744c48
api: Make logger use unicode literals
2017-07-08 08:56:01 +00:00
Lauri Võsandi
a48331a9cb
tests: Add test for machine attribute updates
2017-07-07 21:07:25 +00:00
Lauri Võsandi
34c72aaa9e
tests: Fixes and better code coverage
2017-07-06 08:15:44 +00:00
Lauri Võsandi
e25c774fa3
Bugfixes and test for SCEP
2017-07-05 21:22:02 +00:00
Lauri Võsandi
9b5511212e
Several changes
...
* OCSP workaround for StrongSwan
* Machine attributes framework
* Scripting support
* Default to nginx frontend
2017-07-05 18:22:03 +03:00
Lauri Võsandi
0a98b3f82e
Add tests for OCSP, several bugfixes
2017-06-04 14:19:29 +00:00
Lauri Võsandi
5d48abe973
api: Preliminary OCSP support
2017-05-25 22:20:45 +03:00
Lauri Võsandi
5ae872e1ea
api: Add preliminary SCEP support
2017-05-18 22:29:49 +03:00
Lauri Võsandi
b77a427949
api: Submit inner and outer IP address when updating lease
2017-05-08 20:33:20 +00:00
Lauri Võsandi
09f5b11505
tests: Add tests for machine keytab auth
2017-05-08 16:25:59 +00:00
Lauri Võsandi
b1dd6f0093
tests: Checks for /etc/cron.hourly/certidude
2017-05-07 19:51:40 +00:00
Lauri Võsandi
71e77154d7
tests: Preliminary tests for Kerberos/LDAP auth
2017-05-07 19:11:24 +00:00
Lauri Võsandi
b19e163a82
tests: Attempt to set up nchan as part of unittests
2017-05-06 21:07:41 +00:00
Lauri Võsandi
de1d182320
Add API call for rendering scripts, bugfixes
2017-05-04 17:56:53 +00:00
Lauri Võsandi
a75fb58cb5
tests: Lease and attribute API call fixes
2017-05-04 10:02:14 +00:00
Lauri Võsandi
94944e37f1
tests: Better coverage for tagging tests
2017-05-04 09:14:47 +00:00
Lauri Võsandi
9922516d24
tests: Test request deletion and signing API calls
2017-05-03 21:54:08 +00:00
Lauri Võsandi
ba678e4b29
api: Remove unused event_source decorator
2017-05-04 00:24:25 +03:00
Lauri Võsandi
189c604832
tests: Better code coverage
2017-05-03 21:04:34 +00:00
Lauri Võsandi
47aded48d5
tests: Add e-mailing and more cli commands
2017-05-03 14:42:37 +00:00
Lauri Võsandi
649863a77e
tests: Handle forking
2017-05-03 07:04:52 +00:00
Lauri Võsandi
a9c29d2fbb
tests: Improvements
2017-05-01 22:41:41 +00:00
Lauri Võsandi
227902b563
tests: More debugging info for CRL API calls
2017-05-01 21:19:28 +00:00
Lauri Võsandi
128369f6f6
tests: More detailed error captures for API calls
2017-05-01 20:49:25 +00:00
Lauri Võsandi
ffdcbcc41a
tests: Attempt to catch CRL export errors
2017-05-01 20:40:22 +00:00
Lauri Võsandi
e228963bd2
api: More detailed logging for CRL API call
2017-05-01 20:25:08 +00:00
Lauri Võsandi
b0683b268d
Attempt to run client as part of unittests
2017-05-01 16:20:50 +00:00
Lauri Võsandi
9aab212647
Add tests for token mechanism
2017-04-26 09:13:41 +03:00
Lauri Võsandi
5ddbf87ed2
Add test for fetching logs
2017-04-26 00:10:12 +03:00
Lauri Võsandi
b867eee67e
Add more API tests for lease, attribs etc
2017-04-25 23:32:21 +03:00
Lauri Võsandi
3ef4d96b1c
Use application/x-pem-file mimetype for user certs
2017-04-25 16:48:04 +03:00
Lauri Võsandi
4c9744308a
Better branch handling for request API calls
2017-04-25 16:15:39 +03:00
Lauri Võsandi
4eb3c4146f
Add tests for non-existant certificate
2017-04-25 13:58:21 +03:00
Lauri Võsandi
ba9dca910f
Add tests for API calls
2017-04-25 13:06:59 +03:00
Lauri Võsandi
d5edbe50c5
Token mechanism fixes
2017-04-24 20:33:55 +03:00
Lauri Võsandi
029ee357fb
Token mechanism fixes:
...
* Save token secret to config
* OpenVPN profile fixes for Ubuntu 16.04
* Raise correct exceptions for invalid tokens
* Display token expiration time in local time
2017-04-22 14:10:54 +03:00
Lauri Võsandi
7651c220c8
Remove unused import
2017-04-22 06:04:55 +00:00
Lauri Võsandi
0344141faf
Add token based auth for profiles
2017-04-21 21:22:08 +00:00
Lauri Võsandi
9a793088c6
Use local MTA for sending e-mail
2017-04-21 16:58:01 +00:00
Lauri Võsandi
66e2b5fc35
api: Validate certificate serial only if serial is supplied
2017-04-20 14:17:03 +00:00
Lauri Võsandi
5e812f5194
Fixes
2017-04-20 05:20:10 +00:00
Lauri Võsandi
52d35012a4
Various fixes
2017-04-13 20:30:56 +00:00
Lauri Võsandi
d91e12942d
Tagging fixes
2017-04-13 15:42:38 +00:00
Lauri Võsandi
51d7dffa9b
Bugfixes
2017-04-12 13:56:29 +00:00
Lauri Võsandi
09724e04dc
Add preliminary bootstrap API call
2017-04-12 13:21:49 +00:00
Lauri Võsandi
90b663ce26
Add file based rotating log handler
2017-04-04 05:02:08 +00:00
Lauri Võsandi
77db728294
Fix attribute API call whitelist handling
2017-03-26 16:58:29 +00:00
Lauri Võsandi
f806545bee
Use filesystem extended attribute user.xdg.tags for tags, move leases to user.lease namespace
2017-03-26 10:09:18 +00:00
Lauri Võsandi
1813056fc7
Move leases and tagging backend to filesystem extended attributes
2017-03-26 00:10:09 +00:00
Lauri Võsandi
06010ceaf3
Refactor
...
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
2017-03-13 11:42:58 +00:00
Lauri Võsandi
b0e7ad9540
Fix mailbox configuration in the web interface
2017-02-08 20:22:26 +00:00
Lauri Võsandi
2a8109704a
Refactor
...
* Remove given name and surname attributes because of issues with OpenVPN Connect
* Remove e-mail attribute because of no reliable method of deriving usable address
* Remove organizational unit attribute
* Don't overwrite Kerberos cronjob during certidude setup authority
* Enforce path_length=0 for disabling intermediate CA-s
* Remove SAN attributes
* Add configuration options for outbox sender name and address
* Use common name attribute to derive signature flags
* Use distinct pub/sub URL-s for long poll and event source
2017-02-07 22:07:21 +00:00
Lauri Võsandi
703970c1d3
Add Mac device identifier string for bundles
2017-02-02 09:44:58 +00:00
Lauri Võsandi
4ae40c5d45
Add long poll support for CRL API call
2017-01-30 06:29:01 +00:00
Lauri Võsandi
c979d73bec
Fix typos for local time conversion
2017-01-30 06:27:12 +00:00
Lauri Võsandi
4c1e72709c
Use local time for connected_since
2017-01-26 22:31:06 +00:00
Lauri Võsandi
1ec5ad3b7c
Add openvpn-status.log support
2017-01-26 21:59:12 +00:00
Lauri Võsandi
1925207a6d
Add OpenVPN bundle generation
2017-01-25 11:34:08 +00:00
Lauri Võsandi
cca9d2ab2d
Refactor LDAP authentication
...
* ldap uri can be specified in /etc/certidude/server.conf now
* /etc/ldap/ldap.conf is ignored
2017-01-25 09:43:19 +00:00
Lauri Võsandi
fab52dca76
Add request submission from web interface
2016-09-18 16:25:52 +03:00
Lauri Võsandi
1b04a848e3
Improve Unicode handling in bundle generation
2016-09-18 14:32:14 +03:00
Lauri Võsandi
b4d006227a
Refactor codebase
...
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
2016-09-18 00:00:14 +03:00
Lauri Võsandi
7012f5b365
Make user certificate enrollment configurable
2016-04-01 01:55:51 +03:00
Lauri Võsandi
456fe586c3
Add revocation list JSON serialization
2016-03-30 22:00:18 +03:00
Lauri Võsandi
09a67718ab
Expose certificate and CRL lifetime via session API call
2016-03-29 15:43:34 +03:00
Lauri Võsandi
6de010a411
Make /api/revoked conform to RFC5280
2016-03-29 13:28:58 +03:00
Lauri Võsandi
799b9e19c8
Use unicode literals for logging
2016-03-29 08:54:55 +03:00
Lauri Võsandi
925bc0ef9a
Refactor users, add OpenVPN and mailing support
...
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
2016-03-27 23:38:14 +03:00
Lauri Võsandi
811e6dbb08
Complete overhaul
...
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
2016-03-21 23:42:39 +02:00
Lauri Võsandi
4240d55fe4
Add preliminary Python 2.x support
2016-02-28 22:37:56 +02:00
Lauri Võsandi
b830ce7671
api: Fix exception includes
2016-01-25 11:19:08 +02:00
Lauri Võsandi
d8abde3d53
Refactor request submission
...
API now properly distinguishes duplicate request from other requests with same common name.
2016-01-14 11:02:57 +02:00
Lauri Võsandi
de08ba759d
Release version 0.1.20
2016-01-10 19:51:54 +02:00
Lauri Võsandi
c59198887c
api: Fixed API call for querying leases
2015-12-18 12:49:37 +00:00
Lauri Võsandi
da6600e2e9
api: Added signed certificate tagging mechanism
2015-12-16 17:41:49 +00:00
Lauri Võsandi
fbbf7a320d
Add preliminary support for logging
...
Current logging mechanism makes use of Python's logging module.
MySQL logging handler inserts log entries to MySQL server and
another logging handler is used to stream events to web interface
via nginx streaming push.
2015-12-13 15:11:22 +00:00
Lauri Võsandi
b788d701eb
Refactor wrappers
...
Completely remove wrapper class for CA,
use certidude.authority module instead.
2015-12-12 22:39:17 +00:00