1. 31 Jul, 2019 3 commits
  2. 29 May, 2019 1 commit
  3. 15 May, 2019 1 commit
    • Łukasz Nowak's avatar
      updater: Implement prepare system · acf0f054
      Łukasz Nowak authored
      As updater is used in environment, which requires it to have certificates
      available as fast as possible, add a prepare step and allow to launch it with
      --prepare-only switch.
      
      Thanks to this it is possible to run it with configuration file to provide
      fallback or master certificates for all slaves without connecting to the
      network, thus resulting in fast preparation.
      
      /reviewed-on nexedi/kedifa!3
      acf0f054
  4. 14 May, 2019 1 commit
  5. 02 Apr, 2019 6 commits
    • Łukasz Nowak's avatar
      updater: Unlink lock file · 73a14b0e
      Łukasz Nowak authored
      Also cover loop method.
      73a14b0e
    • Łukasz Nowak's avatar
      test: Import once · 1f273c26
      Łukasz Nowak authored
      It will make further testing much easier
      1f273c26
    • Łukasz Nowak's avatar
      updater: Make stateful decision · d48b47a4
      Łukasz Nowak authored
      If at least once certificate has been downloaded from KeDiFa it shall never
      use again the fall-back, as otherwise it would result with a problem, that
      next unsuccessful download from KeDiFa would result replacement with
      fall-back.
      
      In order to do so state file is introduced keeping list of overridden
      certificates. As now there is critical path regarding fetching certificates,
      the lock is created to avoid concurrent updates.
      d48b47a4
    • Łukasz Nowak's avatar
      updater: Cover updateCertificate · 53e99f68
      Łukasz Nowak authored
      Fix one condition.
      53e99f68
    • Łukasz Nowak's avatar
      tests: Restructure · 2cd28eac
      Łukasz Nowak authored
      In order for further development and features create mixin.
      2cd28eac
    • Łukasz Nowak's avatar
      kedifa: Introduce asynchronous updater · 6c731311
      Łukasz Nowak authored
      Features:
      
       * by default runs with 60s sleep
       * allows to have master, updateable, certificate, which is used in case if
         specific certificate is not available
      6c731311
  6. 12 Dec, 2018 1 commit
  7. 10 Dec, 2018 1 commit
  8. 07 Dec, 2018 1 commit
  9. 04 Dec, 2018 3 commits
  10. 27 Nov, 2018 1 commit
  11. 13 Nov, 2018 1 commit
    • Łukasz Nowak's avatar
      KeDiFa: Initial implementation · f3a43056
      Łukasz Nowak authored
      Provided tools are kedifa and kedifa-getter.
      
      kedifa is a server to PUT and GET sensitive information, like SSL keys and
      certificates.
      
      kedifa-getter is a client to this server.
      
      As both are closely related to caucase, they allow to use information from
      caucase, like CA Certificate, to validate each other.
      
      Caucase is also used to generate certificates for kedifa-getter used to
      authenticate to kedifa.
      
      Extracted important points of development of the inital version:
      
       * kedifa and kedifa-getter has been implemented
       * TODOs list is kept for future improvements
       * IPv6 and SSL-only support came
       * API has been docstring documented
       * PUTting information is based on query string key authorisation
       * GETting information requires SSL authentication
       * only correct keys are stored in KeDiFa database
       * certificates are served orderd by theirs submission date
       * kedifa-csr has been implemented, and dropped, as started to become openssl
         req implementation
       * caucase.http has been used as base for wsgiref approach
       * caucase.utils has been used for certificate management
       * argparse has been used for command line arguments
       * time comparison has been done in python, instead of SQLite
       * reloading, in caucase way, has been implemented
       * CRLs are in-app checked only, as pythons implementation does not allow
         proper reloads
       * in critical places code raises instead of returning False, in order to
         disallow ignoring result value
       * ids to store data has to be reserved
      f3a43056
  12. 03 Oct, 2018 1 commit