Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								85667a9cf6 
								
							 
						 
						
							
							
								
								Creat mitm certs on boot  
							
							
							
						 
						
							2016-04-29 14:10:33 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								6754131350 
								
							 
						 
						
							
							
								
								Optional tests (on by default) and better load order to reduce build time  
							
							
							
						 
						
							2016-04-29 14:10:33 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								492dcf4781 
								
							 
						 
						
							
							
								
								Verify that jwt was issued by clair  
							
							
							
						 
						
							2016-04-29 14:10:33 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								118f2d0ce5 
								
							 
						 
						
							
							
								
								Add mitm certs to jwtproxy  
							
							
							
						 
						
							2016-04-29 14:10:33 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								9e7a501dae 
								
							 
						 
						
							
							
								
								Authenticate in the other direction with jwtproxy  
							
							
							
						 
						
							2016-04-29 14:10:33 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								da0a988650 
								
							 
						 
						
							
							
								
								Configure jwtproxy from stack/conf yaml  
							
							
							
						 
						
							2016-04-29 14:10:33 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								adc86456b5 
								
							 
						 
						
							
							
								
								Secure the correct endpoint  
							
							
							
						 
						
							2016-04-29 14:10:33 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								8c8ee9c2be 
								
							 
						 
						
							
							
								
								Add jwtproxy and configure verifier for /secscan/notify  
							
							
							
						 
						
							2016-04-29 14:10:33 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								6091db983b 
								
							 
						 
						
							
							
								
								Hide expired keys outside of their staleness window  
							
							
							
						 
						
							2016-04-29 14:10:33 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a55e92bc95 
								
							 
						 
						
							
							
								
								Add UI support for multiple operations on keys  
							
							
							
						 
						
							2016-04-29 14:09:37 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								726cb5fe6a 
								
							 
						 
						
							
							
								
								key server: 403 on expired approved keys ( #1410 )  
							
							
							
						 
						
							2016-04-29 14:09:37 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4f63a50a17 
								
							 
						 
						
							
							
								
								Change account-less logs to use a user and not null  
							
							... 
							
							
							
							This allows us to skip the migration 
							
						 
						
							2016-04-29 14:09:37 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								5cb6ba4d12 
								
							 
						 
						
							
							
								
								keyserver migration: fix constraint name  
							
							
							
						 
						
							2016-04-29 14:09:37 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								28a80ef6a9 
								
							 
						 
						
							
							
								
								Make sure to verify service names on key creation  
							
							
							
						 
						
							2016-04-29 14:09:37 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								dc9bcec9ce 
								
							 
						 
						
							
							
								
								Add pre shared generation tool  
							
							
							
						 
						
							2016-04-29 14:09:37 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								ca5794ba18 
								
							 
						 
						
							
							
								
								key server: use total_seconds() for cache headers  
							
							
							
						 
						
							2016-04-29 14:09:37 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								5d6e5a42e8 
								
							 
						 
						
							
							
								
								Add delete logging and tests for logging  
							
							
							
						 
						
							2016-04-29 14:09:09 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								6aa7040f39 
								
							 
						 
						
							
							
								
								keyserver: add cache-control headers  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								bc08ac2749 
								
							 
						 
						
							
							
								
								Fix timeouts in the JWT endpoint tests  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								522cf68c5d 
								
							 
						 
						
							
							
								
								Lots of smaller fixes:  
							
							... 
							
							
							
							- Add the rotation_duration to the keys API
- Have the key service UI use the new rotation_duration field
- Fix notification deletion lookup path
- Add proper support for the new notification in the UI
- Only delete expired keys after 7 days (configurable)
- Fix angular digest loop
- Fix unit tests
- Regenerate initdb 
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								2805dad64f 
								
							 
						 
						
							
							
								
								test_endpoints: update to use JWT headers  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								d0bd70fb36 
								
							 
						 
						
							
							
								
								endpoints.web: add missing import  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								370ac3ecd0 
								
							 
						 
						
							
							
								
								service keys: add rotation_duration field  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								6577ac3e62 
								
							 
						 
						
							
							
								
								mv JWK-canonicalization util.security.fingerprint  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								4020ab9f55 
								
							 
						 
						
							
							
								
								service keys: delete notifications by prefix  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								fca258d8bf 
								
							 
						 
						
							
							
								
								endpoints: remove /keys  
							
							... 
							
							
							
							BitTorrent support should now be able to use the keyserver
infrastructure instead. 
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								6a00025545 
								
							 
						 
						
							
							
								
								Add a maximum width on the friendly name and service name columns  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								9f4a4092da 
								
							 
						 
						
							
							
								
								keyserver: get signer kid from unverified headers  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								08017c5111 
								
							 
						 
						
							
							
								
								Further UI updates  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a4a01e76c0 
								
							 
						 
						
							
							
								
								Fix up the migration to include the additional changes needed  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								dfe9a8e4e1 
								
							 
						 
						
							
							
								
								keyserver: tests!  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								cfc15746a6 
								
							 
						 
						
							
							
								
								keyserver: tests!  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								d19eb16b45 
								
							 
						 
						
							
							
								
								keyserver: add generate key function  
							
							... 
							
							
							
							The superuser API, initdb, and tests will all need this functionality. 
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								23a8a29654 
								
							 
						 
						
							
							
								
								More tests  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								b0dac1d27e 
								
							 
						 
						
							
							
								
								initdb: add unapproved service key  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								fb1dca4e94 
								
							 
						 
						
							
							
								
								Add API usage tests  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								11ff3e9b59 
								
							 
						 
						
							
							
								
								keys ui WIP  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								dc593c0197 
								
							 
						 
						
							
							
								
								tests: shell of key server tests  
							
							
							
						 
						
							2016-04-29 13:38:25 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								136f92400f 
								
							 
						 
						
							
							
								
								key_server: remove s at the end of endpoint  
							
							
							
						 
						
							2016-04-29 13:38:25 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								e456228434 
								
							 
						 
						
							
							
								
								keyserver: insert rotation policy into metadata  
							
							
							
						 
						
							2016-04-29 13:38:25 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								885a41e6f5 
								
							 
						 
						
							
							
								
								key server: misc fixes to make jwtproxy work  
							
							
							
						 
						
							2016-04-29 13:38:25 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								5cdc7812dc 
								
							 
						 
						
							
							
								
								migration.sh: update to reflect timing  
							
							
							
						 
						
							2016-04-29 13:38:25 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								50ad1bb6b1 
								
							 
						 
						
							
							
								
								key server: misc cleanup to get it working  
							
							
							
						 
						
							2016-04-29 13:38:25 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								c0ab45d335 
								
							 
						 
						
							
							
								
								key server: derive audience from host and scheme  
							
							
							
						 
						
							2016-04-29 13:38:25 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								c79bb14049 
								
							 
						 
						
							
							
								
								service keys: fix stale query  
							
							
							
						 
						
							2016-04-29 13:38:25 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								bbaeaffbdb 
								
							 
						 
						
							
							
								
								run initdb for service keys  
							
							
							
						 
						
							2016-04-29 13:38:25 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								08abe5ce02 
								
							 
						 
						
							
							
								
								key server: add blueprint to web  
							
							
							
						 
						
							2016-04-29 13:38:25 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								86df0124c1 
								
							 
						 
						
							
							
								
								service keys: join with approvals  
							
							... 
							
							
							
							Also fixes a bug where we weren't reassigning the query after adding a
WHERE. 
							
						 
						
							2016-04-29 13:38:25 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								93720bd0f4 
								
							 
						 
						
							
							
								
								superuser: proper view for approvals/keys  
							
							
							
						 
						
							2016-04-29 13:38:25 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								dff59b4a39 
								
							 
						 
						
							
							
								
								service key migration  
							
							
							
						 
						
							2016-04-29 13:38:25 -04:00