Lauri Võsandi
f7a27c6044
tests: More verbose output while setting up CA
2017-05-01 18:06:47 +00:00
Lauri Võsandi
e0eb3ee471
tests: Create certidude user in advance
2017-05-01 17:56:10 +00:00
Lauri Võsandi
bba1edb070
tests: Lazier const import to prevent early FQDN lookup
2017-05-01 16:57:43 +00:00
Lauri Võsandi
b0683b268d
Attempt to run client as part of unittests
2017-05-01 16:20:50 +00:00
Lauri Võsandi
cc4f13086e
Improve init/openvpn handler
...
* Create systemd service for signaling OpenVPN client after suspend
* Use tun instead of tap
* Update DNS server/domain upon (dis)connect
* Include necessary templates
2017-04-29 22:09:31 +03:00
Lauri Võsandi
9aab212647
Add tests for token mechanism
2017-04-26 09:13:41 +03:00
Lauri Võsandi
5ddbf87ed2
Add test for fetching logs
2017-04-26 00:10:12 +03:00
Lauri Võsandi
d6d998a9e6
Add tests for SQLite based logging
2017-04-25 23:42:55 +03:00
Lauri Võsandi
b867eee67e
Add more API tests for lease, attribs etc
2017-04-25 23:32:21 +03:00
Lauri Võsandi
15ae064f55
Preliminary tests for auth
2017-04-25 21:47:41 +03:00
Lauri Võsandi
3ef4d96b1c
Use application/x-pem-file mimetype for user certs
2017-04-25 16:48:04 +03:00
Lauri Võsandi
f9429b2e94
Add autosign handling for request submission test
2017-04-25 16:40:33 +03:00
Lauri Võsandi
4c9744308a
Better branch handling for request API calls
2017-04-25 16:15:39 +03:00
Lauri Võsandi
7225726d66
Add request submission API call tests
2017-04-25 16:04:11 +03:00
Lauri Võsandi
4eb3c4146f
Add tests for non-existant certificate
2017-04-25 13:58:21 +03:00
Lauri Võsandi
ba9dca910f
Add tests for API calls
2017-04-25 13:06:59 +03:00
Lauri Võsandi
d5edbe50c5
Token mechanism fixes
2017-04-24 20:33:55 +03:00
Lauri Võsandi
9658d8cc83
Fixes, add some screenshots
2017-04-22 22:48:29 +03:00
Lauri Võsandi
029ee357fb
Token mechanism fixes:
...
* Save token secret to config
* OpenVPN profile fixes for Ubuntu 16.04
* Raise correct exceptions for invalid tokens
* Display token expiration time in local time
2017-04-22 14:10:54 +03:00
Lauri Võsandi
7651c220c8
Remove unused import
2017-04-22 06:04:55 +00:00
Lauri Võsandi
0344141faf
Add token based auth for profiles
2017-04-21 21:22:08 +00:00
Lauri Võsandi
9a793088c6
Use local MTA for sending e-mail
2017-04-21 16:58:01 +00:00
Lauri Võsandi
66e2b5fc35
api: Validate certificate serial only if serial is supplied
2017-04-20 14:17:03 +00:00
Lauri Võsandi
a5b880c020
Fix dependency on subprocess
2017-04-20 05:23:09 +00:00
Lauri Võsandi
5e812f5194
Fixes
2017-04-20 05:20:10 +00:00
Lauri Võsandi
772886e4d4
Fix typo
2017-04-14 20:32:59 +03:00
Lauri Võsandi
ca0386b649
StrongSwan gateway setup script cleanups
2017-04-14 20:21:31 +03:00
Lauri Võsandi
b57fbfa696
Fix typo
2017-04-14 11:08:26 +00:00
Lauri Võsandi
b9ac55fe26
Configuration generation fixes for nchan
2017-04-14 11:06:09 +00:00
Lauri Võsandi
d6265c10d6
Fix font family name for headings
2017-04-14 10:14:14 +00:00
Lauri Võsandi
91f8f09854
StrongSwan client setup fixes
2017-04-14 02:49:11 +03:00
Lauri Võsandi
8bf9ebfebb
Merge branch 'master' of github.com:laurivosandi/certidude
2017-04-14 01:50:33 +03:00
Lauri Võsandi
a3adba02a5
Fix CRL path for configuration generators
2017-04-14 01:50:04 +03:00
Lauri Võsandi
216af460cf
Better system keytab checking for client
2017-04-14 01:49:32 +03:00
Lauri Võsandi
bc43fdc402
Lazier evaluation for dependencies
2017-04-13 22:37:31 +00:00
Lauri Võsandi
1c5913ee3b
Add dynamic package installation via decorators
2017-04-13 22:30:20 +00:00
Lauri Võsandi
6264846284
Add OpenSSL as dependency for P12 generation
2017-04-13 21:20:02 +00:00
Lauri Võsandi
721cce05ac
Don't enforce dependency on ldap module
2017-04-13 21:03:26 +00:00
Lauri Võsandi
02b2f041cc
Clean up dependencies and Travis
2017-04-13 20:52:09 +00:00
Lauri Võsandi
52d35012a4
Various fixes
2017-04-13 20:30:56 +00:00
Lauri Võsandi
d91e12942d
Tagging fixes
2017-04-13 15:42:38 +00:00
Lauri Võsandi
7a7f22c1a1
Add clock sync tolerance of 5min for signed certs
2017-04-13 15:35:08 +00:00
Lauri Võsandi
4a9abab362
Fix nginx configuration generation
2017-04-13 15:19:26 +00:00
Lauri Võsandi
d7a2c7c193
Fix OpenVPN client configuration generation
2017-04-13 18:17:05 +03:00
Lauri Võsandi
a22e1eb557
Fix server certificate extensions for StrongSwan
2017-04-13 15:12:56 +00:00
Lauri Võsandi
02482e8d79
Migrate to python-gssapi
2017-04-13 14:33:40 +00:00
Lauri Võsandi
51d7dffa9b
Bugfixes
2017-04-12 13:56:29 +00:00
Lauri Võsandi
0201a84a64
Merge branch 'master' of github.com:laurivosandi/certidude
2017-04-12 13:22:21 +00:00
Lauri Võsandi
09724e04dc
Add preliminary bootstrap API call
2017-04-12 13:21:49 +00:00
Lauri Võsandi
e68829732d
Merge branch 'master' of github.com:laurivosandi/certidude
2017-04-07 10:57:38 +03:00
Lauri Võsandi
f477fb9ad8
cli: Add Yubikey enrollment command
2017-04-07 10:57:25 +03:00
Lauri Võsandi
848763160b
Merge github.com:laurivosandi/certidude
2017-04-04 05:03:33 +00:00
Lauri Võsandi
90b663ce26
Add file based rotating log handler
2017-04-04 05:02:08 +00:00
Lauri Võsandi
5c6097cc40
Fix CSR listing command
2017-03-28 12:24:51 +03:00
Lauri Võsandi
d5dcadc346
Remove dependency on pycountries
2017-03-26 20:47:45 +00:00
Lauri Võsandi
44b6f13669
Use random serial for CA certificate
2017-03-26 20:44:47 +00:00
Lauri Võsandi
a663efd39e
Create directories and set selinux context for `certidude request`
2017-03-26 17:40:39 +00:00
Lauri Võsandi
77db728294
Fix attribute API call whitelist handling
2017-03-26 16:58:29 +00:00
Lauri Võsandi
32356013fd
Correct configuration file tagging section name
2017-03-26 10:12:08 +00:00
Lauri Võsandi
f806545bee
Use filesystem extended attribute user.xdg.tags for tags, move leases to user.lease namespace
2017-03-26 10:09:18 +00:00
Lauri Võsandi
1813056fc7
Move leases and tagging backend to filesystem extended attributes
2017-03-26 00:10:09 +00:00
Lauri Võsandi
79aa1e18c0
Add explicit renewal flag for `certiude request`
2017-03-13 19:47:58 +02:00
Lauri Võsandi
7b1dae0901
Renew certificate only when 25% of certificate lifetime remains
2017-03-13 19:42:21 +02:00
Lauri Võsandi
7eb8378562
Attempt to fix tests
2017-03-13 17:20:41 +02:00
Lauri Võsandi
06010ceaf3
Refactor
...
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
2017-03-13 11:42:58 +00:00
Lauri Võsandi
4eed940a66
Clean up PKCS#12 generation
2017-02-09 17:02:33 +00:00
Lauri Võsandi
dae282973e
Passphraseless PKCS#12 doesn't play well with Firefox
2017-02-09 16:59:01 +00:00
Lauri Võsandi
94757cf25c
Conform to RFC 5280, remove unused variable and a comment
2017-02-09 14:16:01 +00:00
Lauri Võsandi
b0e7ad9540
Fix mailbox configuration in the web interface
2017-02-08 20:22:26 +00:00
Lauri Võsandi
2a8109704a
Refactor
...
* Remove given name and surname attributes because of issues with OpenVPN Connect
* Remove e-mail attribute because of no reliable method of deriving usable address
* Remove organizational unit attribute
* Don't overwrite Kerberos cronjob during certidude setup authority
* Enforce path_length=0 for disabling intermediate CA-s
* Remove SAN attributes
* Add configuration options for outbox sender name and address
* Use common name attribute to derive signature flags
* Use distinct pub/sub URL-s for long poll and event source
2017-02-07 22:07:21 +00:00
Lauri Võsandi
703970c1d3
Add Mac device identifier string for bundles
2017-02-02 09:44:58 +00:00
Lauri Võsandi
9d29ff74be
Add timeago plugin for fuzzy timestamps
2017-01-30 22:59:43 +00:00
Lauri Võsandi
6c1d0bfae9
More fixes to make client work on Mac OS X
2017-01-30 18:12:27 +00:00
Lauri Võsandi
34e8fb9c8c
Make Kerberos keytab handling more universal
2017-01-30 17:48:30 +00:00
Lauri Võsandi
0bca61e61f
Add preliminary LDAP fallback support for Kerberos protected API calls
2017-01-30 07:04:05 +00:00
Lauri Võsandi
4ae40c5d45
Add long poll support for CRL API call
2017-01-30 06:29:01 +00:00
Lauri Võsandi
c979d73bec
Fix typos for local time conversion
2017-01-30 06:27:12 +00:00
Lauri Võsandi
4c1e72709c
Use local time for connected_since
2017-01-26 22:31:06 +00:00
Lauri Võsandi
108c2bc017
Clean up server.conf template
2017-01-26 22:14:56 +00:00
Lauri Võsandi
089d6b36b9
Hide tagging UI elements if tagging is disabled
2017-01-26 22:14:30 +00:00
Lauri Võsandi
5d5a24096c
Merge branch 'master' of github.com:laurivosandi/certidude
2017-01-26 21:59:37 +00:00
Lauri Võsandi
1ec5ad3b7c
Add openvpn-status.log support
2017-01-26 21:59:12 +00:00
Lauri Võsandi
6221fe9c00
Prompt for password when invalid password is entered
2017-01-26 15:22:02 +02:00
Lauri Võsandi
ef72cb70cd
Fixes for testing server as regular user
2017-01-26 15:11:04 +02:00
Lauri Võsandi
dc9e01b4ad
Merge branch 'master' of github.com:laurivosandi/certidude
2017-01-26 13:00:21 +02:00
Lauri Võsandi
372e71c175
Use TUN for network-manager/openvpn service
2017-01-26 12:55:26 +02:00
Lauri Võsandi
1925207a6d
Add OpenVPN bundle generation
2017-01-25 11:34:08 +00:00
Lauri Võsandi
cca9d2ab2d
Refactor LDAP authentication
...
* ldap uri can be specified in /etc/certidude/server.conf now
* /etc/ldap/ldap.conf is ignored
2017-01-25 09:43:19 +00:00
Lauri Võsandi
175f7f5d53
Fixes for LDAP access using machine credentials
2017-01-20 10:56:46 +00:00
Lauri Võsandi
4c69efbf87
Rely on nunjucks files provided by npm
2017-01-20 10:51:45 +00:00
Lauri Võsandi
e2f7c8d1d6
Trigger `nmcli con reload` after config file creation
2017-01-10 15:09:52 +02:00
Lauri Võsandi
b3a45cf2ab
Expose insecure flag for turning off HTTPS
2017-01-10 15:01:16 +02:00
Lauri Võsandi
d68a9acac2
Work around Travis' long hostnames in const.py instead
2016-09-18 18:46:11 +03:00
Lauri Võsandi
fab52dca76
Add request submission from web interface
2016-09-18 16:25:52 +03:00
Lauri Võsandi
2590340355
Remove generated templates.js, add graceful fallback when not generated
2016-09-18 16:21:07 +03:00
Lauri Võsandi
e56b1b3f2b
Upgrade to nunjucks v2.5.2
2016-09-18 15:11:23 +03:00
Lauri Võsandi
23d8942ffe
Add fallbacks for e-mail handling if outbox is not defined
2016-09-18 14:32:39 +03:00
Lauri Võsandi
1b04a848e3
Improve Unicode handling in bundle generation
2016-09-18 14:32:14 +03:00
Lauri Võsandi
9cf5e298e8
Fix systemd service template
2016-09-18 00:21:24 +03:00
Lauri Võsandi
b4d006227a
Refactor codebase
...
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
2016-09-18 00:00:14 +03:00
Lauri Võsandi
15858083b3
Use UTC for log entries
2016-04-05 15:30:50 +03:00
Lauri Võsandi
c33da46f19
Push server fixes
2016-04-05 15:02:05 +03:00
Lauri Võsandi
7012f5b365
Make user certificate enrollment configurable
2016-04-01 01:55:51 +03:00
Lauri Võsandi
fa27253b50
Add 'certidude users' command for listing user accounts
2016-04-01 00:01:58 +03:00
Lauri Võsandi
ff2e983711
ui: Update CRL fetching command example
2016-03-30 22:06:15 +03:00
Lauri Võsandi
ec2dea7a13
cli: Authority setup script fixes
2016-03-30 22:05:32 +03:00
Lauri Võsandi
456fe586c3
Add revocation list JSON serialization
2016-03-30 22:00:18 +03:00
Lauri Võsandi
5bdf986b47
cli: Send Accept: application/x-pem-file while downloading CRL
2016-03-29 23:39:19 +03:00
Lauri Võsandi
d2a259b887
Merge authority setup and production setup
2016-03-29 22:03:27 +03:00
Lauri Võsandi
a094db794b
cli: Fix extended key usage flags for authority setup script
2016-03-29 19:43:50 +03:00
Lauri Võsandi
c644b065ef
Migrate authority setup from PyOpenSSL to cryptography.io
2016-03-29 19:29:06 +03:00
Lauri Võsandi
af60fd8047
cli: Fix authority setup script
2016-03-29 18:37:28 +03:00
Lauri Võsandi
476a312b4e
ui: Fix autosign subnets listing
2016-03-29 15:47:00 +03:00
Lauri Võsandi
09a67718ab
Expose certificate and CRL lifetime via session API call
2016-03-29 15:43:34 +03:00
Lauri Võsandi
d8f1e36ecf
Reduce default CRL lifetime to 20min
2016-03-29 15:17:44 +03:00
Lauri Võsandi
6de010a411
Make /api/revoked conform to RFC5280
2016-03-29 13:28:58 +03:00
Lauri Võsandi
1475828899
Fix CRL distriution points and add authority information access extensions
2016-03-29 12:29:15 +03:00
Lauri Võsandi
e721648328
Use common name instead of IP address as listening address for IPSec gateway
2016-03-29 12:28:10 +03:00
Lauri Võsandi
799b9e19c8
Use unicode literals for logging
2016-03-29 08:54:55 +03:00
Lauri Võsandi
acc0e29109
Add AKID and SKID
2016-03-29 08:47:43 +03:00
Lauri Võsandi
ff71ca42d7
Move GSSAPI credcache from authorization config section to accounts
2016-03-29 08:45:17 +03:00
Lauri Võsandi
22846327a0
Fix is_admin of PosixUserManager
2016-03-29 08:44:07 +03:00
Lauri Võsandi
de42d97b59
Add $ssl_client_s_dn_cn for nginx config template
2016-03-29 08:28:48 +03:00
Lauri Võsandi
3d32de8cad
Documentation fixes and attempt to fix Travis
2016-03-28 00:00:41 +03:00
Lauri Võsandi
925bc0ef9a
Refactor users, add OpenVPN and mailing support
...
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
2016-03-27 23:38:14 +03:00
Lauri Võsandi
811e6dbb08
Complete overhaul
...
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
2016-03-21 23:42:39 +02:00
Lauri Võsandi
d38a9a8103
Add preliminary PKCS#12 bundle generation
2016-03-01 11:01:53 +02:00
Lauri Võsandi
449dcea821
Add preliminary PAM authentication backend
2016-02-29 23:06:42 +02:00
Lauri Võsandi
4240d55fe4
Add preliminary Python 2.x support
2016-02-28 22:37:56 +02:00
Lauri Võsandi
5eed7cb6d9
ui: Add blue color for recently seen clients
2016-02-17 21:44:33 +02:00
Lauri Võsandi
489de4ec79
ui: Bundle template JavaScript
2016-02-17 16:16:00 +02:00
Lauri Võsandi
114e67ed6a
api: Use nchan headers for pushing events
2016-02-17 16:15:06 +02:00
Lauri Võsandi
b830ce7671
api: Fix exception includes
2016-01-25 11:19:08 +02:00
Lauri Võsandi
661e7608ef
ui: Precompile nunjucks templates
2016-01-25 11:18:19 +02:00
Lauri Võsandi
7cb9f04972
Add routes for NetworkManager only if they have been specified
2016-01-15 18:09:03 +02:00
Lauri Võsandi
6bfa1ccf9c
cli: Fix typo
2016-01-15 13:50:45 +02:00
Lauri Võsandi
589a31eb3d
Sanitize configuration file section names
2016-01-15 13:48:24 +02:00
Lauri Võsandi
704523626b
Rename spawn commands
2016-01-15 11:18:27 +02:00
Lauri Võsandi
f2df17bb88
Refactor signature request submission
...
Certidude client now reads configuration from
/etc/certidude/client.conf, submits CSR-s and
once signed configures services based on
/etc/certidude/services.conf
2016-01-15 00:47:30 +02:00
Lauri Võsandi
d8abde3d53
Refactor request submission
...
API now properly distinguishes duplicate request from other requests with same common name.
2016-01-14 11:02:57 +02:00
Lauri Võsandi
aacf94bb28
Fix encoding error in duplicate request check
2016-01-14 10:44:26 +02:00
Lauri Võsandi
de08ba759d
Release version 0.1.20
2016-01-10 19:51:54 +02:00
Lauri Võsandi
6a45592cd0
api: Fix CRL generation
2016-01-02 01:08:04 +02:00
Lauri Võsandi
6977d7148e
cli: Send Accept header when requesting signed certificate
2015-12-23 16:10:00 +02:00
Lauri Võsandi
af4d50db17
ui: Added product serial tag
2015-12-23 11:46:27 +00:00
Lauri Võsandi
c59198887c
api: Fixed API call for querying leases
2015-12-18 12:49:37 +00:00
Lauri Võsandi
ece05a21e0
cli: Added closeaction=restart to ipsec.conf template
2015-12-16 21:55:49 +00:00
Lauri Võsandi
da6600e2e9
api: Added signed certificate tagging mechanism
2015-12-16 17:41:49 +00:00
Lauri Võsandi
901b0f7224
api: Fix lookup of user context variable
2015-12-13 18:27:09 +00:00
Lauri Võsandi
fbbf7a320d
Add preliminary support for logging
...
Current logging mechanism makes use of Python's logging module.
MySQL logging handler inserts log entries to MySQL server and
another logging handler is used to stream events to web interface
via nginx streaming push.
2015-12-13 15:11:22 +00:00