Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Changing the signature of save_cert, we don't create a csr_config anymore so it doesn't make sense to store it. Additionally 'challenge' is a verisign specific thing and should be factored out. We have stopped saving it as well.

This commit is contained in:
kevgliss 2015-07-08 16:37:48 -07:00
parent 6a18b01e4e
commit 002f83092d
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lemur/authorities/service.py
View File

@ -54,7 +54,7 @@ def create(kwargs):
kwargs['creator'] = g.current_user.email kwargs['creator'] = g.current_user.email
cert_body, intermediate, issuer_roles = issuer.create_authority(kwargs) cert_body, intermediate, issuer_roles = issuer.create_authority(kwargs)
cert = cert_service.save_cert(cert_body, None, intermediate, None, None, None) cert = cert_service.save_cert(cert_body, None, intermediate, None)
cert.user = g.current_user cert.user = g.current_user
# we create and attach any roles that the issuer gives us # we create and attach any roles that the issuer gives us
@ -65,9 +65,11 @@ def create(kwargs):
password=r['password'], password=r['password'],
description="{0} auto generated role".format(kwargs.get('pluginName')), description="{0} auto generated role".format(kwargs.get('pluginName')),
username=r['username']) username=r['username'])
# the user creating the authority should be able to administer it # the user creating the authority should be able to administer it
if role.username == 'admin': if role.username == 'admin':
g.current_user.roles.append(role) g.current_user.roles.append(role)
role_objs.append(role) role_objs.append(role)
authority = Authority( authority = Authority(
@ -80,7 +82,6 @@ def create(kwargs):
roles=role_objs roles=role_objs
) )
# do this last encase we need to roll back/abort
database.update(cert) database.update(cert)
authority = database.create(authority) authority = database.create(authority)

9
lemur/certificates/service.py
View File

@ -173,7 +173,7 @@ def import_certificate(**kwargs):
return cert return cert
def save_cert(cert_body, private_key, cert_chain, challenge, csr_config, accounts): def save_cert(cert_body, private_key, cert_chain, accounts):
""" """
Determines if the certificate needs to be uploaded to AWS or other services. Determines if the certificate needs to be uploaded to AWS or other services.
@ -184,7 +184,7 @@ def save_cert(cert_body, private_key, cert_chain, challenge, csr_config, account
:param csr_config: :param csr_config:
:param accounts: :param accounts:
""" """
cert = Certificate(cert_body, private_key, challenge, cert_chain, csr_config) cert = Certificate(cert_body, private_key, cert_chain)
# if we have an AWS accounts lets upload them # if we have an AWS accounts lets upload them
if accounts: if accounts:
for account in accounts: for account in accounts:
@ -204,8 +204,6 @@ def upload(**kwargs):
kwargs.get('public_cert'), kwargs.get('public_cert'),
kwargs.get('private_key'), kwargs.get('private_key'),
kwargs.get('intermediate_cert'), kwargs.get('intermediate_cert'),
None,
None,
kwargs.get('accounts') kwargs.get('accounts')
) )
@ -223,6 +221,7 @@ def create(**kwargs):
cert.owner = kwargs['owner'] cert.owner = kwargs['owner']
database.create(cert) database.create(cert)
cert.description = kwargs['description']
g.user.certificates.append(cert) g.user.certificates.append(cert)
database.update(g.user) database.update(g.user)
return cert return cert
@ -372,7 +371,7 @@ def create_csr(csr_config):
# serialize our private key and CSR # serialize our private key and CSR
pem = private_key.private_bytes( pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM, encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8, format=serialization.PrivateFormat.TraditionalOpenSSL, # would like to use PKCS8 but AWS ELBs don't like it
encryption_algorithm=serialization.NoEncryption() encryption_algorithm=serialization.NoEncryption()
) )