lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
443 Commits 2 Branches 0 Tags 18 MiB
Commit Graph

127 Commits

Author SHA1 Message Date
Lauri Võsandi 9008744c48 api: Make logger use unicode literals 2017-07-08 08:56:01 +00:00
Lauri Võsandi a48331a9cb tests: Add test for machine attribute updates 2017-07-07 21:07:25 +00:00
Lauri Võsandi 34c72aaa9e tests: Fixes and better code coverage 2017-07-06 08:15:44 +00:00
Lauri Võsandi e25c774fa3 Bugfixes and test for SCEP 2017-07-05 21:22:02 +00:00
Lauri Võsandi 9b5511212e Several changes 
* OCSP workaround for StrongSwan
* Machine attributes framework
* Scripting support
* Default to nginx frontend
 2017-07-05 18:22:03 +03:00
Lauri Võsandi 0a98b3f82e Add tests for OCSP, several bugfixes 2017-06-04 14:19:29 +00:00
Lauri Võsandi 5d48abe973 api: Preliminary OCSP support 2017-05-25 22:20:45 +03:00
Lauri Võsandi 5ae872e1ea api: Add preliminary SCEP support 2017-05-18 22:29:49 +03:00
Lauri Võsandi b77a427949 api: Submit inner and outer IP address when updating lease 2017-05-08 20:33:20 +00:00
Lauri Võsandi 09f5b11505 tests: Add tests for machine keytab auth 2017-05-08 16:25:59 +00:00
Lauri Võsandi b1dd6f0093 tests: Checks for /etc/cron.hourly/certidude 2017-05-07 19:51:40 +00:00
Lauri Võsandi 71e77154d7 tests: Preliminary tests for Kerberos/LDAP auth 2017-05-07 19:11:24 +00:00
Lauri Võsandi b19e163a82 tests: Attempt to set up nchan as part of unittests 2017-05-06 21:07:41 +00:00
Lauri Võsandi de1d182320 Add API call for rendering scripts, bugfixes 2017-05-04 17:56:53 +00:00
Lauri Võsandi a75fb58cb5 tests: Lease and attribute API call fixes 2017-05-04 10:02:14 +00:00
Lauri Võsandi 94944e37f1 tests: Better coverage for tagging tests 2017-05-04 09:14:47 +00:00
Lauri Võsandi 9922516d24 tests: Test request deletion and signing API calls 2017-05-03 21:54:08 +00:00
Lauri Võsandi ba678e4b29 api: Remove unused event_source decorator 2017-05-04 00:24:25 +03:00
Lauri Võsandi 189c604832 tests: Better code coverage 2017-05-03 21:04:34 +00:00
Lauri Võsandi 47aded48d5 tests: Add e-mailing and more cli commands 2017-05-03 14:42:37 +00:00
Lauri Võsandi 649863a77e tests: Handle forking 2017-05-03 07:04:52 +00:00
Lauri Võsandi a9c29d2fbb tests: Improvements 2017-05-01 22:41:41 +00:00
Lauri Võsandi 227902b563 tests: More debugging info for CRL API calls 2017-05-01 21:19:28 +00:00
Lauri Võsandi 128369f6f6 tests: More detailed error captures for API calls 2017-05-01 20:49:25 +00:00
Lauri Võsandi ffdcbcc41a tests: Attempt to catch CRL export errors 2017-05-01 20:40:22 +00:00
Lauri Võsandi e228963bd2 api: More detailed logging for CRL API call 2017-05-01 20:25:08 +00:00
Lauri Võsandi b0683b268d Attempt to run client as part of unittests 2017-05-01 16:20:50 +00:00
Lauri Võsandi 9aab212647 Add tests for token mechanism 2017-04-26 09:13:41 +03:00
Lauri Võsandi 5ddbf87ed2 Add test for fetching logs 2017-04-26 00:10:12 +03:00
Lauri Võsandi b867eee67e Add more API tests for lease, attribs etc 2017-04-25 23:32:21 +03:00
Lauri Võsandi 3ef4d96b1c Use application/x-pem-file mimetype for user certs 2017-04-25 16:48:04 +03:00
Lauri Võsandi 4c9744308a Better branch handling for request API calls 2017-04-25 16:15:39 +03:00
Lauri Võsandi 4eb3c4146f Add tests for non-existant certificate 2017-04-25 13:58:21 +03:00
Lauri Võsandi ba9dca910f Add tests for API calls 2017-04-25 13:06:59 +03:00
Lauri Võsandi d5edbe50c5 Token mechanism fixes 2017-04-24 20:33:55 +03:00
Lauri Võsandi 029ee357fb Token mechanism fixes: 
* Save token secret to config
* OpenVPN profile fixes for Ubuntu 16.04
* Raise correct exceptions for invalid tokens
* Display token expiration time in local time
 2017-04-22 14:10:54 +03:00
Lauri Võsandi 7651c220c8 Remove unused import 2017-04-22 06:04:55 +00:00
Lauri Võsandi 0344141faf Add token based auth for profiles 2017-04-21 21:22:08 +00:00
Lauri Võsandi 9a793088c6 Use local MTA for sending e-mail 2017-04-21 16:58:01 +00:00
Lauri Võsandi 66e2b5fc35 api: Validate certificate serial only if serial is supplied 2017-04-20 14:17:03 +00:00
Lauri Võsandi 5e812f5194 Fixes 2017-04-20 05:20:10 +00:00
Lauri Võsandi 52d35012a4 Various fixes 2017-04-13 20:30:56 +00:00
Lauri Võsandi d91e12942d Tagging fixes 2017-04-13 15:42:38 +00:00
Lauri Võsandi 51d7dffa9b Bugfixes 2017-04-12 13:56:29 +00:00
Lauri Võsandi 09724e04dc Add preliminary bootstrap API call 2017-04-12 13:21:49 +00:00
Lauri Võsandi 90b663ce26 Add file based rotating log handler 2017-04-04 05:02:08 +00:00
Lauri Võsandi 77db728294 Fix attribute API call whitelist handling 2017-03-26 16:58:29 +00:00
Lauri Võsandi f806545bee Use filesystem extended attribute user.xdg.tags for tags, move leases to user.lease namespace 2017-03-26 10:09:18 +00:00
Lauri Võsandi 1813056fc7 Move leases and tagging backend to filesystem extended attributes 2017-03-26 00:10:09 +00:00
Lauri Võsandi 06010ceaf3 Refactor 
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
 2017-03-13 11:42:58 +00:00
Lauri Võsandi b0e7ad9540 Fix mailbox configuration in the web interface 2017-02-08 20:22:26 +00:00
Lauri Võsandi 2a8109704a Refactor 
* Remove given name and surname attributes because of issues with OpenVPN Connect
* Remove e-mail attribute because of no reliable method of deriving usable address
* Remove organizational unit attribute
* Don't overwrite Kerberos cronjob during certidude setup authority
* Enforce path_length=0 for disabling intermediate CA-s
* Remove SAN attributes
* Add configuration options for outbox sender name and address
* Use common name attribute to derive signature flags
* Use distinct pub/sub URL-s for long poll and event source
 2017-02-07 22:07:21 +00:00
Lauri Võsandi 703970c1d3 Add Mac device identifier string for bundles 2017-02-02 09:44:58 +00:00
Lauri Võsandi 4ae40c5d45 Add long poll support for CRL API call 2017-01-30 06:29:01 +00:00
Lauri Võsandi c979d73bec Fix typos for local time conversion 2017-01-30 06:27:12 +00:00
Lauri Võsandi 4c1e72709c Use local time for connected_since 2017-01-26 22:31:06 +00:00
Lauri Võsandi 1ec5ad3b7c Add openvpn-status.log support 2017-01-26 21:59:12 +00:00
Lauri Võsandi 1925207a6d Add OpenVPN bundle generation 2017-01-25 11:34:08 +00:00
Lauri Võsandi cca9d2ab2d Refactor LDAP authentication 
* ldap uri can be specified in /etc/certidude/server.conf now
* /etc/ldap/ldap.conf is ignored
 2017-01-25 09:43:19 +00:00
Lauri Võsandi fab52dca76 Add request submission from web interface 2016-09-18 16:25:52 +03:00
Lauri Võsandi 1b04a848e3 Improve Unicode handling in bundle generation 2016-09-18 14:32:14 +03:00
Lauri Võsandi b4d006227a Refactor codebase 
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
 2016-09-18 00:00:14 +03:00
Lauri Võsandi 7012f5b365 Make user certificate enrollment configurable 2016-04-01 01:55:51 +03:00
Lauri Võsandi 456fe586c3 Add revocation list JSON serialization 2016-03-30 22:00:18 +03:00
Lauri Võsandi 09a67718ab Expose certificate and CRL lifetime via session API call 2016-03-29 15:43:34 +03:00
Lauri Võsandi 6de010a411 Make /api/revoked conform to RFC5280 2016-03-29 13:28:58 +03:00
Lauri Võsandi 799b9e19c8 Use unicode literals for logging 2016-03-29 08:54:55 +03:00
Lauri Võsandi 925bc0ef9a Refactor users, add OpenVPN and mailing support 
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
 2016-03-27 23:38:14 +03:00
Lauri Võsandi 811e6dbb08 Complete overhaul 
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
 2016-03-21 23:42:39 +02:00
Lauri Võsandi 4240d55fe4 Add preliminary Python 2.x support 2016-02-28 22:37:56 +02:00
Lauri Võsandi b830ce7671 api: Fix exception includes 2016-01-25 11:19:08 +02:00
Lauri Võsandi d8abde3d53 Refactor request submission 
API now properly distinguishes duplicate request from other requests with same common name.
 2016-01-14 11:02:57 +02:00
Lauri Võsandi de08ba759d Release version 0.1.20 2016-01-10 19:51:54 +02:00
Lauri Võsandi c59198887c api: Fixed API call for querying leases 2015-12-18 12:49:37 +00:00
Lauri Võsandi da6600e2e9 api: Added signed certificate tagging mechanism 2015-12-16 17:41:49 +00:00
Lauri Võsandi fbbf7a320d Add preliminary support for logging 
Current logging mechanism makes use of Python's logging module.
MySQL logging handler inserts log entries to MySQL server and
another logging handler is used to stream events to web interface
via nginx streaming push.
 2015-12-13 15:11:22 +00:00
Lauri Võsandi b788d701eb Refactor wrappers 
Completely remove wrapper class for CA,
use certidude.authority module instead.
 2015-12-12 22:39:17 +00:00