- 31 Jul, 2019 3 commits
-
-
Łukasz Nowak authored
-
Łukasz Nowak authored
It's better to reply 400 Bad Request on malformed requests and do not pollute log with exceptions.
-
Łukasz Nowak authored
Also improve message in case of failure.
-
- 29 May, 2019 1 commit
-
-
Łukasz Nowak authored
/reviewed-on !4
-
- 15 May, 2019 1 commit
-
-
Łukasz Nowak authored
As updater is used in environment, which requires it to have certificates available as fast as possible, add a prepare step and allow to launch it with --prepare-only switch. Thanks to this it is possible to run it with configuration file to provide fallback or master certificates for all slaves without connecting to the network, thus resulting in fast preparation. /reviewed-on nexedi/kedifa!3
-
- 14 May, 2019 1 commit
-
-
Łukasz Nowak authored
-
- 02 Apr, 2019 6 commits
-
-
Łukasz Nowak authored
Also cover loop method.
-
Łukasz Nowak authored
It will make further testing much easier
-
Łukasz Nowak authored
If at least once certificate has been downloaded from KeDiFa it shall never use again the fall-back, as otherwise it would result with a problem, that next unsuccessful download from KeDiFa would result replacement with fall-back. In order to do so state file is introduced keeping list of overridden certificates. As now there is critical path regarding fetching certificates, the lock is created to avoid concurrent updates.
-
Łukasz Nowak authored
Fix one condition.
-
Łukasz Nowak authored
In order for further development and features create mixin.
-
Łukasz Nowak authored
Features: * by default runs with 60s sleep * allows to have master, updateable, certificate, which is used in case if specific certificate is not available
-
- 12 Dec, 2018 1 commit
-
-
Łukasz Nowak authored
-
- 10 Dec, 2018 1 commit
-
-
Łukasz Nowak authored
-
- 07 Dec, 2018 1 commit
-
-
Łukasz Nowak authored
Having PRIMARY KEY on certificate.id is to strict -- as real uniques is required on id + reference in certificate table.
-
- 04 Dec, 2018 3 commits
-
-
Łukasz Nowak authored
capturer does not work in some of tests environment.
-
Łukasz Nowak authored
-
Łukasz Nowak authored
-
- 27 Nov, 2018 1 commit
-
-
Łukasz Nowak authored
In some places it is not working, and anyway KeDiFa is used in pinned versions environment mostly.
-
- 13 Nov, 2018 1 commit
-
-
Łukasz Nowak authored
Provided tools are kedifa and kedifa-getter. kedifa is a server to PUT and GET sensitive information, like SSL keys and certificates. kedifa-getter is a client to this server. As both are closely related to caucase, they allow to use information from caucase, like CA Certificate, to validate each other. Caucase is also used to generate certificates for kedifa-getter used to authenticate to kedifa. Extracted important points of development of the inital version: * kedifa and kedifa-getter has been implemented * TODOs list is kept for future improvements * IPv6 and SSL-only support came * API has been docstring documented * PUTting information is based on query string key authorisation * GETting information requires SSL authentication * only correct keys are stored in KeDiFa database * certificates are served orderd by theirs submission date * kedifa-csr has been implemented, and dropped, as started to become openssl req implementation * caucase.http has been used as base for wsgiref approach * caucase.utils has been used for certificate management * argparse has been used for command line arguments * time comparison has been done in python, instead of SQLite * reloading, in caucase way, has been implemented * CRLs are in-app checked only, as pythons implementation does not allow proper reloads * in critical places code raises instead of returning False, in order to disallow ignoring result value * ids to store data has to be reserved
-
- 03 Oct, 2018 1 commit
-
-
Łukasz Nowak authored
Use versioneer. Add basic README. Create structure.
-