From 002f83092d684872e2793b4ec8e0afe6f4d92e7a Mon Sep 17 00:00:00 2001 From: kevgliss Date: Wed, 8 Jul 2015 16:37:48 -0700 Subject: [PATCH] Changing the signature of save_cert, we don't create a csr_config anymore so it doesn't make sense to store it. Additionally 'challenge' is a verisign specific thing and should be factored out. We have stopped saving it as well. --- lemur/authorities/service.py | 5 +++-- lemur/certificates/service.py | 9 ++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lemur/authorities/service.py b/lemur/authorities/service.py index 9bed0eea..f414d6a8 100644 --- a/lemur/authorities/service.py +++ b/lemur/authorities/service.py @@ -54,7 +54,7 @@ def create(kwargs): kwargs['creator'] = g.current_user.email cert_body, intermediate, issuer_roles = issuer.create_authority(kwargs) - cert = cert_service.save_cert(cert_body, None, intermediate, None, None, None) + cert = cert_service.save_cert(cert_body, None, intermediate, None) cert.user = g.current_user # we create and attach any roles that the issuer gives us @@ -65,9 +65,11 @@ def create(kwargs): password=r['password'], description="{0} auto generated role".format(kwargs.get('pluginName')), username=r['username']) + # the user creating the authority should be able to administer it if role.username == 'admin': g.current_user.roles.append(role) + role_objs.append(role) authority = Authority( @@ -80,7 +82,6 @@ def create(kwargs): roles=role_objs ) - # do this last encase we need to roll back/abort database.update(cert) authority = database.create(authority) diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py index 5cfb6484..3b3b2089 100644 --- a/lemur/certificates/service.py +++ b/lemur/certificates/service.py @@ -173,7 +173,7 @@ def import_certificate(**kwargs): return cert -def save_cert(cert_body, private_key, cert_chain, challenge, csr_config, accounts): +def save_cert(cert_body, private_key, cert_chain, accounts): """ Determines if the certificate needs to be uploaded to AWS or other services. @@ -184,7 +184,7 @@ def save_cert(cert_body, private_key, cert_chain, challenge, csr_config, account :param csr_config: :param accounts: """ - cert = Certificate(cert_body, private_key, challenge, cert_chain, csr_config) + cert = Certificate(cert_body, private_key, cert_chain) # if we have an AWS accounts lets upload them if accounts: for account in accounts: @@ -204,8 +204,6 @@ def upload(**kwargs): kwargs.get('public_cert'), kwargs.get('private_key'), kwargs.get('intermediate_cert'), - None, - None, kwargs.get('accounts') ) @@ -223,6 +221,7 @@ def create(**kwargs): cert.owner = kwargs['owner'] database.create(cert) + cert.description = kwargs['description'] g.user.certificates.append(cert) database.update(g.user) return cert @@ -372,7 +371,7 @@ def create_csr(csr_config): # serialize our private key and CSR pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, - format=serialization.PrivateFormat.PKCS8, + format=serialization.PrivateFormat.TraditionalOpenSSL, # would like to use PKCS8 but AWS ELBs don't like it encryption_algorithm=serialization.NoEncryption() )