summaryrefslogtreecommitdiffstats
path: root/custodia
Commit message (Collapse)AuthorAgeFilesLines
* Allow non prefixed forwardingSimo Sorce2015-10-191-2/+6
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* Add support for using listening on TCP socketsChristian Heimes2015-10-195-48/+98
| | | | | | | | | | | | | | | | | | | The server can be now configured using a new parameter called "server_url". Setting server_url to "http://0.0.0.0:80/" will make the server listen on TCP port 80, while setting it to "http+unix://%2fsocket" will make the server listen on the unix socket named "/socket". The backwards compatible "server_socket" is retained and used if no server_url is provided. The request dict has a new field "client_id" that contains either a PID or a peer name. In the future the field can be augmented with a TLS client cert DN or other similar identifier. Signed-off-by: Christian Heimes <cheimes@redhat.com> Signed-off-by: Simo Sorce <simo@redhat.com>
* Add forwarder pluginSimo Sorce2015-10-191-0/+72
| | | | | | | | This pugin allows to mangle and forward requests to another custodia server, locally or on the network. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* Add auditing to auth/authz modulesSimo Sorce2015-10-194-10/+77
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* Add client classes to query custodia serversSimo Sorce2015-10-191-0/+133
| | | | | | | | This makes it simpler to use a custodia server, whether exposed over HTTP, HTTPS or a unix socket with the http+unix schema. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* Add simple Keys-in-Header based authenticationSimo Sorce2015-10-191-1/+47
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* etcdstore: prevent path traversal attacksChristian Heimes2015-10-191-6/+14
| | | | | | | | | | A new internal method _absolute_key() is used to join key name and name space. etcd treats the key space like a file system so the method checks the key for '//', '.', and '..' to prevent invalid paths and path traversal attacks. Signed-off-by: Christian Heimes <cheimes@redhat.com> Signed-off-by: Simo Sorce <simo@redhat.com>
* Implement ETCD based StoreSimo Sorce2015-10-191-0/+94
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* Extend store interface to create namespacesSimo Sorce2015-10-193-3/+43
| | | | | | | | | | Use a new verb, "span" to create namespaces/containers. This will be needed for the Etcd plugin which need to distinguish between a directory and a key. The sqlite/enclite just pass the request to their set() method. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* Add UserNameSpace auths pluginSimo Sorce2015-10-192-30/+29
| | | | | | | | Moves the secrets.Namespaces plugin to the proper authorizers file and fixes it to properly enforce the user-named namespace is being used. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* Add Ability to retrieve peer's SELinux ContextSimo Sorce2015-10-191-2/+16
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* Better error handling for enclite storeSimo Sorce2015-10-191-3/+11
| | | | | | | | | The store as throwing an exception in case of an unesisting key. Now it returns None as expected on missing keys, and properly wraps encoding exceptions if the JWE can't be decoded. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* Remove filter option for directory listingsSimo Sorce2015-10-192-68/+41
| | | | | | | | | | This commit removes the option to pas a filter parameter. It also changes the way database plugins are expected to return results, results are now expected to be relative to the path requested. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* Fix traceback support in python 3.4Simo Sorce2015-10-191-5/+14
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* Make tox pep8 happySimo Sorce2015-10-199-66/+74
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* Fix pep8 issuesSimo Sorce2015-10-191-1/+1
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Christian Heimes <cheimes@redhat.com>
* Also capture loginuid of the remote processPavel Odvody2015-09-011-1/+18
| | | | | Reviewed-by: Simo Sorce <simo@redhat.com> Closes #9
* Make KEMClient actually check the replySimo Sorce2015-07-091-18/+24
| | | | | | | | | Uses the same method as the server, the request and response are quite symmetrical here. also fix a bug with the subject name missing in the replies. Adapt tests. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add audit logSimo Sorce2015-07-093-5/+80
| | | | | | The Secrets class now logs any GET/SET/DEL of a key in a audit log file. Signed-off-by: Simo Sorce <simo@redhat.com>
* Unquote the path before processingSimo Sorce2015-07-081-2/+3
| | | | | | | This avoids issues where spaces get turned to %20 and then name matching comparisons (like for KEMHandler) fail. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix typos in tests and add cleanupChristian Heimes2015-07-081-1/+1
| | | | | | | | | The patch fixes to typos in the tear down function of two test suites. The tests now cleanup and remove temporary files like Unix socket and test databases. Reviewed-by: Simo Sorce <simo@redhat.com> Closes: #3
* Fix Python 3 portablility issuesSimo Sorce2015-06-071-2/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Use reasonable algorithms based on key typeSimo Sorce2015-06-051-8/+11
| | | | | | | If 'signing_algorithms' is not explicitly set in the configuration file use a reasonable default based on the server key type. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix name checking for kem backendSimo Sorce2015-06-052-4/+7
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Change KEMClient to be able to encrypt requestsSimo Sorce2015-06-051-30/+50
| | | | | | | Also fix errors in handling encrypted requests, as well errors in the test suite. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add basic debugging capabilitiesSimo Sorce2015-06-056-18/+62
| | | | | | | If debug is set to True, then custodia's own Exception handlers will print a stack trace to standard output to aid debugging. Signed-off-by: Simo Sorce <simo@redhat.com>
* Assume keys are JWK objectsSimo Sorce2015-06-041-5/+7
| | | | | | | | This way clients that already have JWK key objects do not have to export/import them. Other clients can simply call JWK upfront like in the modified test. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add client class to build and parse kem tokensSimo Sorce2015-06-041-5/+32
| | | | | | This makes it easier to build clients. Signed-off-by: Simo Sorce <simo@redhat.com>
* Change KEM Parsing to actually check claimsSimo Sorce2015-06-045-16/+26
| | | | | | | The name ('sub') and the time ('exp') must be checked before letting the reuqest proceed. Signed-off-by: Simo Sorce <simo@redhat.com>
* Do not use the same key for encryption and signingSimo Sorce2015-06-031-37/+94
| | | | | | | | | | using the same key for signing and encryption is generally a frown upon approach in the scirty community as it may lead to some attacks. Change the code to use key pairs, where the first key is the signing key and the second one is the encryption key. Signed-off-by: Simo Sorce <simo@redhat.com>
* Use str to give back more human readable messagesSimo Sorce2015-05-281-2/+2
| | | | | | | These messages are returned as is by the HTTP server as the status code reason, str() returns a more human readable format. Signed-off-by: Simo Sorce <simo@redhat.com>
* Properly handle inputs from a query stringSimo Sorce2015-05-261-9/+21
| | | | | | | parse_qs will always return lists even for single-valued parameters, check for it in the Validator and properly handle the case. Signed-off-by: Simo Sorce <simo@redhat.com>
* List special configuration names in one placeSimo Sorce2015-05-261-3/+6
| | | | | | | This way checks and hives are created from the same list and will not get out of sync (they are before this commit). Signed-off-by: Simo Sorce <simo@redhat.com>
* Add server_socket [global] configuration optionSimo Sorce2015-05-261-1/+4
| | | | | | | This allows admins to configure where the socket needs to be created ithout forcing to change the cwd of the daemon to the same place. Signed-off-by: Simo Sorce <simo@redhat.com>
* Make the socket world accessible by defaultSimo Sorce2015-05-261-0/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Remove pylint star-args exceptionsSimo Sorce2015-05-263-7/+6
| | | | | | | | | | | Newer pylint version completely removed the star-args warning, including recognizing the exception in the source code. Remove it from all source code to avoid annoyinf pylint errors about unrecognized exceptions, and add a general exception in the pylint makefile invocation, as apparently it is ok there. This will avoid warnings if older versions of pylint are used. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add tests and fixes for 'simple' keysSimo Sorce2015-04-271-1/+3
| | | | | | | A missing query would not lead to the default 'simple' type being selected. Add tests for PUT/GET/DELETE of a simple key. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add support for signed/encrypted messagesSimo Sorce2015-04-272-2/+279
| | | | | | | | | The new 'kem' type allows the backend to authorize access to keys based on a signed request where the key mus be whitelisted in advance in a kemkeys database. The reply is encrypted with the client public key. Signed-off-by: Simo Sorce <simo@redhat.com>
* Move message parsing and validationSimo Sorce2015-04-206-39/+166
| | | | | | Create a message module to deal with message types and validation. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add Simple encrypted store.Simo Sorce2015-04-151-0/+37
| | | | | | | | | | | This uses JWCrypto to encrypt any key stored in the sqlite database with a master key. The master key is stored in a file and must be provided by the configuration. A sample key and configuration is provided too. Signed-off-by: Simo Sorce <simo@redhat.com>
* Allow to filter by keytype on key GETSimo Sorce2015-04-081-0/+16
|
* Return only key/containers names on LIST operationSimo Sorce2015-04-082-58/+45
|
* Always initialize db on store class instantiationSimo Sorce2015-04-082-15/+19
| | | | | | | | This will precreate the default tale if it doesn't exist and fail early if there are general database issues. Also change all CSStoreError events to report a 500 error and not silently transform them into innocuous 'no such data' errors.
* Move authz checks from Secrets to own classSimo Sorce2015-04-081-72/+113
| | | | | Add a Namespace authorization class to use in the pipeline instead of performing authorization within the Secrets class
* Move pipeline from server class to request handlerSimo Sorce2015-04-081-79/+80
| | | | | Doesn't really make sense to have it on the server class, just snatch the config from it.
* Add basic framework for authorization pluginsSimo Sorce2015-04-084-34/+87
|
* Change authenticators to return a resultSimo Sorce2015-04-072-12/+23
| | | | | | | | | Authenticators will not signal anymore validity by adding a request attributes. Instead they can return on of three values: - True, indicates positive authentication - False, indicate explicit failure - None, inicates neither success nor failure, not applicable
* Python3 compatibility fixesSimo Sorce2015-04-071-8/+8
|
* Mute lintSimo Sorce2015-04-071-2/+2
|
* Add detection of conflicts when creating elementsSimo Sorce2015-04-071-1/+26
|
generated by cgit (git 2.34.1) at 2024-05-05 08:41:39 +0000