Changing the signature of save_cert, we don't create a csr_config anymore so it doesn't make sense to store it. Additionally 'challenge' is a verisign specific thing and should be factored out. We have stopped saving it as well.

2015-07-08 16:37:48 -07:00 · 2015-07-08 16:37:48 -07:00 · 002f83092d
parent 6a18b01e4e
commit 002f83092d
2 changed files with 7 additions and 7 deletions
--- a/lemur/authorities/service.py
+++ b/lemur/authorities/service.py
@ -54,7 +54,7 @@ def create(kwargs):
    kwargs['creator'] = g.current_user.email
    cert_body, intermediate, issuer_roles = issuer.create_authority(kwargs)

-    cert = cert_service.save_cert(cert_body, None, intermediate, None, None, None)
+    cert = cert_service.save_cert(cert_body, None, intermediate, None)
    cert.user = g.current_user

    # we create and attach any roles that the issuer gives us
@ -65,9 +65,11 @@ def create(kwargs):
           password=r['password'],
           description="{0} auto generated role".format(kwargs.get('pluginName')),
           username=r['username'])
+
        # the user creating the authority should be able to administer it
        if role.username == 'admin':
            g.current_user.roles.append(role)
+
        role_objs.append(role)

    authority = Authority(
@ -80,7 +82,6 @@ def create(kwargs):
        roles=role_objs
    )

-    # do this last encase we need to roll back/abort
    database.update(cert)
    authority = database.create(authority)

--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -173,7 +173,7 @@ def import_certificate(**kwargs):
    return cert


-def save_cert(cert_body, private_key, cert_chain, challenge, csr_config, accounts):
+def save_cert(cert_body, private_key, cert_chain, accounts):
    """
    Determines if the certificate needs to be uploaded to AWS or other services.

@ -184,7 +184,7 @@ def save_cert(cert_body, private_key, cert_chain, challenge, csr_config, account
    :param csr_config:
    :param accounts:
    """
-    cert = Certificate(cert_body, private_key, challenge, cert_chain, csr_config)
+    cert = Certificate(cert_body, private_key, cert_chain)
    # if we have an AWS accounts lets upload them
    if accounts:
        for account in accounts:
@ -204,8 +204,6 @@ def upload(**kwargs):
        kwargs.get('public_cert'),
        kwargs.get('private_key'),
        kwargs.get('intermediate_cert'),
-        None,
-        None,
        kwargs.get('accounts')
    )

@ -223,6 +221,7 @@ def create(**kwargs):

    cert.owner = kwargs['owner']
    database.create(cert)
+    cert.description = kwargs['description']
    g.user.certificates.append(cert)
    database.update(g.user)
    return cert
@ -372,7 +371,7 @@ def create_csr(csr_config):
    # serialize our private key and CSR
    pem = private_key.private_bytes(
        encoding=serialization.Encoding.PEM,
-        format=serialization.PrivateFormat.PKCS8,
+        format=serialization.PrivateFormat.TraditionalOpenSSL,  # would like to use PKCS8 but AWS ELBs don't like it
        encryption_algorithm=serialization.NoEncryption()
    )