Lauri Võsandi
f477fb9ad8
cli: Add Yubikey enrollment command
2017-04-07 10:57:25 +03:00
Lauri Võsandi
848763160b
Merge github.com:laurivosandi/certidude
2017-04-04 05:03:33 +00:00
Lauri Võsandi
90b663ce26
Add file based rotating log handler
2017-04-04 05:02:08 +00:00
Lauri Võsandi
5c6097cc40
Fix CSR listing command
2017-03-28 12:24:51 +03:00
Lauri Võsandi
d5dcadc346
Remove dependency on pycountries
2017-03-26 20:47:45 +00:00
Lauri Võsandi
44b6f13669
Use random serial for CA certificate
2017-03-26 20:44:47 +00:00
Lauri Võsandi
a663efd39e
Create directories and set selinux context for `certidude request`
2017-03-26 17:40:39 +00:00
Lauri Võsandi
77db728294
Fix attribute API call whitelist handling
2017-03-26 16:58:29 +00:00
Lauri Võsandi
32356013fd
Correct configuration file tagging section name
2017-03-26 10:12:08 +00:00
Lauri Võsandi
f806545bee
Use filesystem extended attribute user.xdg.tags for tags, move leases to user.lease namespace
2017-03-26 10:09:18 +00:00
Lauri Võsandi
1813056fc7
Move leases and tagging backend to filesystem extended attributes
2017-03-26 00:10:09 +00:00
Lauri Võsandi
79aa1e18c0
Add explicit renewal flag for `certiude request`
2017-03-13 19:47:58 +02:00
Lauri Võsandi
7b1dae0901
Renew certificate only when 25% of certificate lifetime remains
2017-03-13 19:42:21 +02:00
Lauri Võsandi
7eb8378562
Attempt to fix tests
2017-03-13 17:20:41 +02:00
Lauri Võsandi
06010ceaf3
Refactor
...
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
2017-03-13 11:42:58 +00:00
Lauri Võsandi
4eed940a66
Clean up PKCS#12 generation
2017-02-09 17:02:33 +00:00
Lauri Võsandi
dae282973e
Passphraseless PKCS#12 doesn't play well with Firefox
2017-02-09 16:59:01 +00:00
Lauri Võsandi
94757cf25c
Conform to RFC 5280, remove unused variable and a comment
2017-02-09 14:16:01 +00:00
Lauri Võsandi
b0e7ad9540
Fix mailbox configuration in the web interface
2017-02-08 20:22:26 +00:00
Lauri Võsandi
2a8109704a
Refactor
...
* Remove given name and surname attributes because of issues with OpenVPN Connect
* Remove e-mail attribute because of no reliable method of deriving usable address
* Remove organizational unit attribute
* Don't overwrite Kerberos cronjob during certidude setup authority
* Enforce path_length=0 for disabling intermediate CA-s
* Remove SAN attributes
* Add configuration options for outbox sender name and address
* Use common name attribute to derive signature flags
* Use distinct pub/sub URL-s for long poll and event source
2017-02-07 22:07:21 +00:00
Lauri Võsandi
703970c1d3
Add Mac device identifier string for bundles
2017-02-02 09:44:58 +00:00
Lauri Võsandi
9d29ff74be
Add timeago plugin for fuzzy timestamps
2017-01-30 22:59:43 +00:00
Lauri Võsandi
6c1d0bfae9
More fixes to make client work on Mac OS X
2017-01-30 18:12:27 +00:00
Lauri Võsandi
34e8fb9c8c
Make Kerberos keytab handling more universal
2017-01-30 17:48:30 +00:00
Lauri Võsandi
0bca61e61f
Add preliminary LDAP fallback support for Kerberos protected API calls
2017-01-30 07:04:05 +00:00
Lauri Võsandi
4ae40c5d45
Add long poll support for CRL API call
2017-01-30 06:29:01 +00:00
Lauri Võsandi
c979d73bec
Fix typos for local time conversion
2017-01-30 06:27:12 +00:00
Lauri Võsandi
4c1e72709c
Use local time for connected_since
2017-01-26 22:31:06 +00:00
Lauri Võsandi
108c2bc017
Clean up server.conf template
2017-01-26 22:14:56 +00:00
Lauri Võsandi
089d6b36b9
Hide tagging UI elements if tagging is disabled
2017-01-26 22:14:30 +00:00
Lauri Võsandi
5d5a24096c
Merge branch 'master' of github.com:laurivosandi/certidude
2017-01-26 21:59:37 +00:00
Lauri Võsandi
1ec5ad3b7c
Add openvpn-status.log support
2017-01-26 21:59:12 +00:00
Lauri Võsandi
6221fe9c00
Prompt for password when invalid password is entered
2017-01-26 15:22:02 +02:00
Lauri Võsandi
ef72cb70cd
Fixes for testing server as regular user
2017-01-26 15:11:04 +02:00
Lauri Võsandi
dc9e01b4ad
Merge branch 'master' of github.com:laurivosandi/certidude
2017-01-26 13:00:21 +02:00
Lauri Võsandi
372e71c175
Use TUN for network-manager/openvpn service
2017-01-26 12:55:26 +02:00
Lauri Võsandi
1925207a6d
Add OpenVPN bundle generation
2017-01-25 11:34:08 +00:00
Lauri Võsandi
cca9d2ab2d
Refactor LDAP authentication
...
* ldap uri can be specified in /etc/certidude/server.conf now
* /etc/ldap/ldap.conf is ignored
2017-01-25 09:43:19 +00:00
Lauri Võsandi
175f7f5d53
Fixes for LDAP access using machine credentials
2017-01-20 10:56:46 +00:00
Lauri Võsandi
4c69efbf87
Rely on nunjucks files provided by npm
2017-01-20 10:51:45 +00:00
Lauri Võsandi
e2f7c8d1d6
Trigger `nmcli con reload` after config file creation
2017-01-10 15:09:52 +02:00
Lauri Võsandi
b3a45cf2ab
Expose insecure flag for turning off HTTPS
2017-01-10 15:01:16 +02:00
Lauri Võsandi
d68a9acac2
Work around Travis' long hostnames in const.py instead
2016-09-18 18:46:11 +03:00
Lauri Võsandi
fab52dca76
Add request submission from web interface
2016-09-18 16:25:52 +03:00
Lauri Võsandi
2590340355
Remove generated templates.js, add graceful fallback when not generated
2016-09-18 16:21:07 +03:00
Lauri Võsandi
e56b1b3f2b
Upgrade to nunjucks v2.5.2
2016-09-18 15:11:23 +03:00
Lauri Võsandi
23d8942ffe
Add fallbacks for e-mail handling if outbox is not defined
2016-09-18 14:32:39 +03:00
Lauri Võsandi
1b04a848e3
Improve Unicode handling in bundle generation
2016-09-18 14:32:14 +03:00
Lauri Võsandi
9cf5e298e8
Fix systemd service template
2016-09-18 00:21:24 +03:00
Lauri Võsandi
b4d006227a
Refactor codebase
...
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
2016-09-18 00:00:14 +03:00
Lauri Võsandi
15858083b3
Use UTC for log entries
2016-04-05 15:30:50 +03:00
Lauri Võsandi
c33da46f19
Push server fixes
2016-04-05 15:02:05 +03:00
Lauri Võsandi
7012f5b365
Make user certificate enrollment configurable
2016-04-01 01:55:51 +03:00
Lauri Võsandi
fa27253b50
Add 'certidude users' command for listing user accounts
2016-04-01 00:01:58 +03:00
Lauri Võsandi
ff2e983711
ui: Update CRL fetching command example
2016-03-30 22:06:15 +03:00
Lauri Võsandi
ec2dea7a13
cli: Authority setup script fixes
2016-03-30 22:05:32 +03:00
Lauri Võsandi
456fe586c3
Add revocation list JSON serialization
2016-03-30 22:00:18 +03:00
Lauri Võsandi
5bdf986b47
cli: Send Accept: application/x-pem-file while downloading CRL
2016-03-29 23:39:19 +03:00
Lauri Võsandi
d2a259b887
Merge authority setup and production setup
2016-03-29 22:03:27 +03:00
Lauri Võsandi
a094db794b
cli: Fix extended key usage flags for authority setup script
2016-03-29 19:43:50 +03:00
Lauri Võsandi
c644b065ef
Migrate authority setup from PyOpenSSL to cryptography.io
2016-03-29 19:29:06 +03:00
Lauri Võsandi
af60fd8047
cli: Fix authority setup script
2016-03-29 18:37:28 +03:00
Lauri Võsandi
476a312b4e
ui: Fix autosign subnets listing
2016-03-29 15:47:00 +03:00
Lauri Võsandi
09a67718ab
Expose certificate and CRL lifetime via session API call
2016-03-29 15:43:34 +03:00
Lauri Võsandi
d8f1e36ecf
Reduce default CRL lifetime to 20min
2016-03-29 15:17:44 +03:00
Lauri Võsandi
6de010a411
Make /api/revoked conform to RFC5280
2016-03-29 13:28:58 +03:00
Lauri Võsandi
1475828899
Fix CRL distriution points and add authority information access extensions
2016-03-29 12:29:15 +03:00
Lauri Võsandi
e721648328
Use common name instead of IP address as listening address for IPSec gateway
2016-03-29 12:28:10 +03:00
Lauri Võsandi
799b9e19c8
Use unicode literals for logging
2016-03-29 08:54:55 +03:00
Lauri Võsandi
acc0e29109
Add AKID and SKID
2016-03-29 08:47:43 +03:00
Lauri Võsandi
ff71ca42d7
Move GSSAPI credcache from authorization config section to accounts
2016-03-29 08:45:17 +03:00
Lauri Võsandi
22846327a0
Fix is_admin of PosixUserManager
2016-03-29 08:44:07 +03:00
Lauri Võsandi
de42d97b59
Add $ssl_client_s_dn_cn for nginx config template
2016-03-29 08:28:48 +03:00
Lauri Võsandi
3d32de8cad
Documentation fixes and attempt to fix Travis
2016-03-28 00:00:41 +03:00
Lauri Võsandi
925bc0ef9a
Refactor users, add OpenVPN and mailing support
...
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
2016-03-27 23:38:14 +03:00
Lauri Võsandi
811e6dbb08
Complete overhaul
...
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
2016-03-21 23:42:39 +02:00
Lauri Võsandi
d38a9a8103
Add preliminary PKCS#12 bundle generation
2016-03-01 11:01:53 +02:00
Lauri Võsandi
449dcea821
Add preliminary PAM authentication backend
2016-02-29 23:06:42 +02:00
Lauri Võsandi
4240d55fe4
Add preliminary Python 2.x support
2016-02-28 22:37:56 +02:00
Lauri Võsandi
5eed7cb6d9
ui: Add blue color for recently seen clients
2016-02-17 21:44:33 +02:00
Lauri Võsandi
489de4ec79
ui: Bundle template JavaScript
2016-02-17 16:16:00 +02:00
Lauri Võsandi
114e67ed6a
api: Use nchan headers for pushing events
2016-02-17 16:15:06 +02:00
Lauri Võsandi
b830ce7671
api: Fix exception includes
2016-01-25 11:19:08 +02:00
Lauri Võsandi
661e7608ef
ui: Precompile nunjucks templates
2016-01-25 11:18:19 +02:00
Lauri Võsandi
7cb9f04972
Add routes for NetworkManager only if they have been specified
2016-01-15 18:09:03 +02:00
Lauri Võsandi
6bfa1ccf9c
cli: Fix typo
2016-01-15 13:50:45 +02:00
Lauri Võsandi
589a31eb3d
Sanitize configuration file section names
2016-01-15 13:48:24 +02:00
Lauri Võsandi
704523626b
Rename spawn commands
2016-01-15 11:18:27 +02:00
Lauri Võsandi
f2df17bb88
Refactor signature request submission
...
Certidude client now reads configuration from
/etc/certidude/client.conf, submits CSR-s and
once signed configures services based on
/etc/certidude/services.conf
2016-01-15 00:47:30 +02:00
Lauri Võsandi
d8abde3d53
Refactor request submission
...
API now properly distinguishes duplicate request from other requests with same common name.
2016-01-14 11:02:57 +02:00
Lauri Võsandi
aacf94bb28
Fix encoding error in duplicate request check
2016-01-14 10:44:26 +02:00
Lauri Võsandi
de08ba759d
Release version 0.1.20
2016-01-10 19:51:54 +02:00
Lauri Võsandi
6a45592cd0
api: Fix CRL generation
2016-01-02 01:08:04 +02:00
Lauri Võsandi
6977d7148e
cli: Send Accept header when requesting signed certificate
2015-12-23 16:10:00 +02:00
Lauri Võsandi
af4d50db17
ui: Added product serial tag
2015-12-23 11:46:27 +00:00
Lauri Võsandi
c59198887c
api: Fixed API call for querying leases
2015-12-18 12:49:37 +00:00
Lauri Võsandi
ece05a21e0
cli: Added closeaction=restart to ipsec.conf template
2015-12-16 21:55:49 +00:00
Lauri Võsandi
da6600e2e9
api: Added signed certificate tagging mechanism
2015-12-16 17:41:49 +00:00
Lauri Võsandi
901b0f7224
api: Fix lookup of user context variable
2015-12-13 18:27:09 +00:00
Lauri Võsandi
fbbf7a320d
Add preliminary support for logging
...
Current logging mechanism makes use of Python's logging module.
MySQL logging handler inserts log entries to MySQL server and
another logging handler is used to stream events to web interface
via nginx streaming push.
2015-12-13 15:11:22 +00:00
Lauri Võsandi
b788d701eb
Refactor wrappers
...
Completely remove wrapper class for CA,
use certidude.authority module instead.
2015-12-12 22:39:17 +00:00
Lauri Võsandi
8397d02f26
Removed leftfirewall=yes from strongSwan config template
2015-11-20 21:17:46 +01:00
Lauri Võsandi
f893582338
Major refactoring, CA is associated with it's hostname now
2015-11-15 15:55:26 +01:00
Lauri Võsandi
e6f050c257
Added preliminary interfacing with updown scripts
2015-11-13 23:20:51 +01:00
Lauri Võsandi
887743cc0b
api: Preliminary API call for listing client leases
2015-11-13 19:41:19 +01:00
Lauri Võsandi
3d36b2f92c
Merge branch 'master' of github.com:laurivosandi/certidude
2015-11-11 20:12:28 +01:00
Lauri Võsandi
4eb0cceacc
api: Preliminary API-fication of user interface
2015-11-11 20:12:04 +01:00
Lauri Võsandi
ffd6eccd80
Merge branch 'codecov' of https://github.com/plaes/certidude into plaes-codecov
...
Conflicts:
certidude/api.py
2015-11-06 09:08:00 +02:00
Lauri Võsandi
a413a15854
Added preliminary event handling for front-end
2015-10-28 11:46:36 +01:00
Lauri Võsandi
f1c0a3925d
Merge branch 'master' of github.com:laurivosandi/certidude
2015-10-28 10:52:14 +02:00
Lauri Võsandi
e292e01aff
cli: Cleaned up certificate listing
2015-10-28 10:51:52 +02:00
Lauri Võsandi
3012d843a9
Enabled certificate publishing from command-line
...
Instead of defining environment variables for
push server URL-s the URL-s are now fetched
from openssl.cnf instead.
2015-10-26 21:52:48 +01:00
Lauri Võsandi
42916a7ccc
cli: Improved strongSwan gateway setup heuristics
2015-10-20 20:38:48 +03:00
Lauri Võsandi
4c9f4ffd47
signer: Fixed typo
2015-10-20 11:32:46 +03:00
Lauri Võsandi
d4f735c34d
cli: Add IKE Intermediate flag for strongSwan server CSR
2015-10-20 11:32:31 +03:00
Lauri Võsandi
cf0317f7b3
api: Fixed CSR processing if autosign GET variable was not present
2015-10-20 10:47:41 +03:00
Lauri Võsandi
90e7458136
Added textual representation for "IKE Intermediate" key usage flag
2015-10-17 20:53:46 +03:00
Lauri Võsandi
0a92589f41
Cleaned up ipsec.conf templates
2015-10-17 20:36:12 +03:00
Lauri Võsandi
03d727fca9
cli: Added /etc/ipsec.secrets generation
2015-10-17 20:32:36 +03:00
Lauri Võsandi
af608f6c75
Added NetworkManager strongSwan plugin integration
2015-10-17 18:07:26 +03:00
Lauri Võsandi
fcb770aa7c
Fixed strongswan server setup helper
2015-10-16 18:44:42 +03:00
Priit Laes
9a845fc009
Add basic tests for CA
2015-10-09 10:46:40 +03:00
Priit Laes
6dec1eebd9
Fix traceback when no 'autosign' parameter was supplied
2015-10-08 14:47:22 +03:00
Priit Laes
91d09629e2
cli: Fix 'certidude list [CA]...' command
2015-09-30 15:41:19 +03:00
Priit Laes
f73885fe70
cli: Use CERTIDUDE_CONF env variable to load custom configuration
2015-09-30 11:42:38 +03:00
Priit Laes
5d5894a77a
Drop netifaces requirement
2015-09-29 15:26:33 +03:00
Priit Laes
706f4f78d3
cli: sha1 is deprecated, use sha256 instead.
2015-09-29 15:17:08 +03:00
Priit Laes
3e93aeee72
cli: Make sure user doesn't accidentally overwrite existing setup
2015-09-29 15:17:08 +03:00
Priit Laes
c68c5d2a07
Remove 'certidude' group requirement for creating CA configuration
...
We shouldn't require user to have 'certidude' user/group in system
in order to just create initial CA setup.
2015-09-29 15:17:08 +03:00
Priit Laes
81eef1d42f
Remove the netifaces requirement
2015-09-29 15:17:08 +03:00
Priit Laes
4c1c2010c6
Add basic tests
2015-09-29 15:17:08 +03:00
Priit Laes
4a94715c68
Add workaround for chroot issues
2015-09-03 09:00:45 +00:00
Priit Laes
0435b802af
Kill unused imports from api
2015-09-02 06:20:19 +00:00
Priit Laes
46fd8a2385
Move all falcon-specific stuff away from cli
2015-09-02 06:20:19 +00:00
Priit Laes
f93ce70d6d
Add factory function to create wsgi app - kills some duplicate code
2015-09-02 06:20:19 +00:00
Priit Laes
03f9c9fd50
cli: spawn: Fix error message when certidude signer is already running
2015-08-27 17:47:28 +00:00
Priit Laes
49a79c9180
cli: spawn: Return error code when spawn fails
2015-08-27 11:52:40 +00:00
Priit Laes
8b35102974
Refactor CertificateAuthorityConfig to accept single configuration file
2015-08-27 11:48:53 +00:00
Priit Laes
2877c32c69
cli: Kill unused imports
2015-08-27 09:28:08 +00:00
Priit Laes
da2002538e
cli: Generate openssl.cnf snippet as file instead of writing it to terminal
2015-08-27 09:20:44 +00:00
Priit Laes
f7183fd1ab
cli: Add some error checks for ca target directory
2015-08-27 09:20:38 +00:00
Lauri Võsandi
f92853bedb
Added diagrams and improved docs
2015-08-16 18:09:06 +03:00
Lauri Võsandi
e2f27078d1
Added preliminary Kerberos authentication support
2015-08-16 17:21:42 +03:00
Lauri Võsandi
c5d27e8a76
Released 0.1.17
2015-08-13 11:11:08 +03:00
Lauri Võsandi
f24ef4024c
Fixes
2015-07-27 18:49:50 +03:00
Lauri Võsandi
10a329c0fe
Added uWSGI support and documentation
2015-07-27 15:30:50 +03:00
Lauri Võsandi
d024f778f8
Implemented essential functionality
2015-07-26 23:34:46 +03:00
Lauri Võsandi
0af381fc46
Initial commit
2015-07-12 22:22:10 +03:00