Lauri Võsandi
15858083b3
Use UTC for log entries
2016-04-05 15:30:50 +03:00
Lauri Võsandi
c33da46f19
Push server fixes
2016-04-05 15:02:05 +03:00
Lauri Võsandi
7012f5b365
Make user certificate enrollment configurable
2016-04-01 01:55:51 +03:00
Lauri Võsandi
fa27253b50
Add 'certidude users' command for listing user accounts
2016-04-01 00:01:58 +03:00
Lauri Võsandi
ff2e983711
ui: Update CRL fetching command example
2016-03-30 22:06:15 +03:00
Lauri Võsandi
ec2dea7a13
cli: Authority setup script fixes
2016-03-30 22:05:32 +03:00
Lauri Võsandi
456fe586c3
Add revocation list JSON serialization
2016-03-30 22:00:18 +03:00
Lauri Võsandi
5bdf986b47
cli: Send Accept: application/x-pem-file while downloading CRL
2016-03-29 23:39:19 +03:00
Lauri Võsandi
d2a259b887
Merge authority setup and production setup
2016-03-29 22:03:27 +03:00
Lauri Võsandi
a094db794b
cli: Fix extended key usage flags for authority setup script
2016-03-29 19:43:50 +03:00
Lauri Võsandi
c644b065ef
Migrate authority setup from PyOpenSSL to cryptography.io
2016-03-29 19:29:06 +03:00
Lauri Võsandi
af60fd8047
cli: Fix authority setup script
2016-03-29 18:37:28 +03:00
Lauri Võsandi
476a312b4e
ui: Fix autosign subnets listing
2016-03-29 15:47:00 +03:00
Lauri Võsandi
09a67718ab
Expose certificate and CRL lifetime via session API call
2016-03-29 15:43:34 +03:00
Lauri Võsandi
d8f1e36ecf
Reduce default CRL lifetime to 20min
2016-03-29 15:17:44 +03:00
Lauri Võsandi
6de010a411
Make /api/revoked conform to RFC5280
2016-03-29 13:28:58 +03:00
Lauri Võsandi
1475828899
Fix CRL distriution points and add authority information access extensions
2016-03-29 12:29:15 +03:00
Lauri Võsandi
e721648328
Use common name instead of IP address as listening address for IPSec gateway
2016-03-29 12:28:10 +03:00
Lauri Võsandi
799b9e19c8
Use unicode literals for logging
2016-03-29 08:54:55 +03:00
Lauri Võsandi
acc0e29109
Add AKID and SKID
2016-03-29 08:47:43 +03:00
Lauri Võsandi
ff71ca42d7
Move GSSAPI credcache from authorization config section to accounts
2016-03-29 08:45:17 +03:00
Lauri Võsandi
22846327a0
Fix is_admin of PosixUserManager
2016-03-29 08:44:07 +03:00
Lauri Võsandi
de42d97b59
Add $ssl_client_s_dn_cn for nginx config template
2016-03-29 08:28:48 +03:00
Lauri Võsandi
3d32de8cad
Documentation fixes and attempt to fix Travis
2016-03-28 00:00:41 +03:00
Lauri Võsandi
925bc0ef9a
Refactor users, add OpenVPN and mailing support
...
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
2016-03-27 23:38:14 +03:00
Lauri Võsandi
811e6dbb08
Complete overhaul
...
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
2016-03-21 23:42:39 +02:00
Lauri Võsandi
d38a9a8103
Add preliminary PKCS#12 bundle generation
2016-03-01 11:01:53 +02:00
Lauri Võsandi
449dcea821
Add preliminary PAM authentication backend
2016-02-29 23:06:42 +02:00
Lauri Võsandi
4240d55fe4
Add preliminary Python 2.x support
2016-02-28 22:37:56 +02:00
Lauri Võsandi
5eed7cb6d9
ui: Add blue color for recently seen clients
2016-02-17 21:44:33 +02:00
Lauri Võsandi
489de4ec79
ui: Bundle template JavaScript
2016-02-17 16:16:00 +02:00
Lauri Võsandi
114e67ed6a
api: Use nchan headers for pushing events
2016-02-17 16:15:06 +02:00
Lauri Võsandi
b830ce7671
api: Fix exception includes
2016-01-25 11:19:08 +02:00
Lauri Võsandi
661e7608ef
ui: Precompile nunjucks templates
2016-01-25 11:18:19 +02:00
Lauri Võsandi
7cb9f04972
Add routes for NetworkManager only if they have been specified
2016-01-15 18:09:03 +02:00
Lauri Võsandi
6bfa1ccf9c
cli: Fix typo
2016-01-15 13:50:45 +02:00
Lauri Võsandi
589a31eb3d
Sanitize configuration file section names
2016-01-15 13:48:24 +02:00
Lauri Võsandi
704523626b
Rename spawn commands
2016-01-15 11:18:27 +02:00
Lauri Võsandi
f2df17bb88
Refactor signature request submission
...
Certidude client now reads configuration from
/etc/certidude/client.conf, submits CSR-s and
once signed configures services based on
/etc/certidude/services.conf
2016-01-15 00:47:30 +02:00
Lauri Võsandi
d8abde3d53
Refactor request submission
...
API now properly distinguishes duplicate request from other requests with same common name.
2016-01-14 11:02:57 +02:00
Lauri Võsandi
aacf94bb28
Fix encoding error in duplicate request check
2016-01-14 10:44:26 +02:00
Lauri Võsandi
de08ba759d
Release version 0.1.20
2016-01-10 19:51:54 +02:00
Lauri Võsandi
6a45592cd0
api: Fix CRL generation
2016-01-02 01:08:04 +02:00
Lauri Võsandi
6977d7148e
cli: Send Accept header when requesting signed certificate
2015-12-23 16:10:00 +02:00
Lauri Võsandi
af4d50db17
ui: Added product serial tag
2015-12-23 11:46:27 +00:00
Lauri Võsandi
c59198887c
api: Fixed API call for querying leases
2015-12-18 12:49:37 +00:00
Lauri Võsandi
ece05a21e0
cli: Added closeaction=restart to ipsec.conf template
2015-12-16 21:55:49 +00:00
Lauri Võsandi
da6600e2e9
api: Added signed certificate tagging mechanism
2015-12-16 17:41:49 +00:00
Lauri Võsandi
901b0f7224
api: Fix lookup of user context variable
2015-12-13 18:27:09 +00:00
Lauri Võsandi
fbbf7a320d
Add preliminary support for logging
...
Current logging mechanism makes use of Python's logging module.
MySQL logging handler inserts log entries to MySQL server and
another logging handler is used to stream events to web interface
via nginx streaming push.
2015-12-13 15:11:22 +00:00
Lauri Võsandi
b788d701eb
Refactor wrappers
...
Completely remove wrapper class for CA,
use certidude.authority module instead.
2015-12-12 22:39:17 +00:00
Lauri Võsandi
8397d02f26
Removed leftfirewall=yes from strongSwan config template
2015-11-20 21:17:46 +01:00
Lauri Võsandi
f893582338
Major refactoring, CA is associated with it's hostname now
2015-11-15 15:55:26 +01:00
Lauri Võsandi
e6f050c257
Added preliminary interfacing with updown scripts
2015-11-13 23:20:51 +01:00
Lauri Võsandi
887743cc0b
api: Preliminary API call for listing client leases
2015-11-13 19:41:19 +01:00
Lauri Võsandi
3d36b2f92c
Merge branch 'master' of github.com:laurivosandi/certidude
2015-11-11 20:12:28 +01:00
Lauri Võsandi
4eb0cceacc
api: Preliminary API-fication of user interface
2015-11-11 20:12:04 +01:00
Lauri Võsandi
ffd6eccd80
Merge branch 'codecov' of https://github.com/plaes/certidude into plaes-codecov
...
Conflicts:
certidude/api.py
2015-11-06 09:08:00 +02:00
Lauri Võsandi
a413a15854
Added preliminary event handling for front-end
2015-10-28 11:46:36 +01:00
Lauri Võsandi
f1c0a3925d
Merge branch 'master' of github.com:laurivosandi/certidude
2015-10-28 10:52:14 +02:00
Lauri Võsandi
e292e01aff
cli: Cleaned up certificate listing
2015-10-28 10:51:52 +02:00
Lauri Võsandi
3012d843a9
Enabled certificate publishing from command-line
...
Instead of defining environment variables for
push server URL-s the URL-s are now fetched
from openssl.cnf instead.
2015-10-26 21:52:48 +01:00
Lauri Võsandi
42916a7ccc
cli: Improved strongSwan gateway setup heuristics
2015-10-20 20:38:48 +03:00
Lauri Võsandi
4c9f4ffd47
signer: Fixed typo
2015-10-20 11:32:46 +03:00
Lauri Võsandi
d4f735c34d
cli: Add IKE Intermediate flag for strongSwan server CSR
2015-10-20 11:32:31 +03:00
Lauri Võsandi
cf0317f7b3
api: Fixed CSR processing if autosign GET variable was not present
2015-10-20 10:47:41 +03:00
Lauri Võsandi
90e7458136
Added textual representation for "IKE Intermediate" key usage flag
2015-10-17 20:53:46 +03:00
Lauri Võsandi
0a92589f41
Cleaned up ipsec.conf templates
2015-10-17 20:36:12 +03:00
Lauri Võsandi
03d727fca9
cli: Added /etc/ipsec.secrets generation
2015-10-17 20:32:36 +03:00
Lauri Võsandi
af608f6c75
Added NetworkManager strongSwan plugin integration
2015-10-17 18:07:26 +03:00
Lauri Võsandi
fcb770aa7c
Fixed strongswan server setup helper
2015-10-16 18:44:42 +03:00
Priit Laes
9a845fc009
Add basic tests for CA
2015-10-09 10:46:40 +03:00
Priit Laes
6dec1eebd9
Fix traceback when no 'autosign' parameter was supplied
2015-10-08 14:47:22 +03:00
Priit Laes
91d09629e2
cli: Fix 'certidude list [CA]...' command
2015-09-30 15:41:19 +03:00
Priit Laes
f73885fe70
cli: Use CERTIDUDE_CONF env variable to load custom configuration
2015-09-30 11:42:38 +03:00
Priit Laes
5d5894a77a
Drop netifaces requirement
2015-09-29 15:26:33 +03:00
Priit Laes
706f4f78d3
cli: sha1 is deprecated, use sha256 instead.
2015-09-29 15:17:08 +03:00
Priit Laes
3e93aeee72
cli: Make sure user doesn't accidentally overwrite existing setup
2015-09-29 15:17:08 +03:00
Priit Laes
c68c5d2a07
Remove 'certidude' group requirement for creating CA configuration
...
We shouldn't require user to have 'certidude' user/group in system
in order to just create initial CA setup.
2015-09-29 15:17:08 +03:00
Priit Laes
81eef1d42f
Remove the netifaces requirement
2015-09-29 15:17:08 +03:00
Priit Laes
4c1c2010c6
Add basic tests
2015-09-29 15:17:08 +03:00
Priit Laes
4a94715c68
Add workaround for chroot issues
2015-09-03 09:00:45 +00:00
Priit Laes
0435b802af
Kill unused imports from api
2015-09-02 06:20:19 +00:00
Priit Laes
46fd8a2385
Move all falcon-specific stuff away from cli
2015-09-02 06:20:19 +00:00
Priit Laes
f93ce70d6d
Add factory function to create wsgi app - kills some duplicate code
2015-09-02 06:20:19 +00:00
Priit Laes
03f9c9fd50
cli: spawn: Fix error message when certidude signer is already running
2015-08-27 17:47:28 +00:00
Priit Laes
49a79c9180
cli: spawn: Return error code when spawn fails
2015-08-27 11:52:40 +00:00
Priit Laes
8b35102974
Refactor CertificateAuthorityConfig to accept single configuration file
2015-08-27 11:48:53 +00:00
Priit Laes
2877c32c69
cli: Kill unused imports
2015-08-27 09:28:08 +00:00
Priit Laes
da2002538e
cli: Generate openssl.cnf snippet as file instead of writing it to terminal
2015-08-27 09:20:44 +00:00
Priit Laes
f7183fd1ab
cli: Add some error checks for ca target directory
2015-08-27 09:20:38 +00:00
Lauri Võsandi
f92853bedb
Added diagrams and improved docs
2015-08-16 18:09:06 +03:00
Lauri Võsandi
e2f27078d1
Added preliminary Kerberos authentication support
2015-08-16 17:21:42 +03:00
Lauri Võsandi
c5d27e8a76
Released 0.1.17
2015-08-13 11:11:08 +03:00
Lauri Võsandi
f24ef4024c
Fixes
2015-07-27 18:49:50 +03:00
Lauri Võsandi
10a329c0fe
Added uWSGI support and documentation
2015-07-27 15:30:50 +03:00
Lauri Võsandi
d024f778f8
Implemented essential functionality
2015-07-26 23:34:46 +03:00
Lauri Võsandi
0af381fc46
Initial commit
2015-07-12 22:22:10 +03:00