Changing the signature of save_cert, we don't create a csr_config anymore so it doesn't make sense to store it. Additionally 'challenge' is a verisign specific thing and should be factored out. We have stopped saving it as well.
This commit is contained in:
parent
6a18b01e4e
commit
002f83092d
|
@ -54,7 +54,7 @@ def create(kwargs):
|
||||||
kwargs['creator'] = g.current_user.email
|
kwargs['creator'] = g.current_user.email
|
||||||
cert_body, intermediate, issuer_roles = issuer.create_authority(kwargs)
|
cert_body, intermediate, issuer_roles = issuer.create_authority(kwargs)
|
||||||
|
|
||||||
cert = cert_service.save_cert(cert_body, None, intermediate, None, None, None)
|
cert = cert_service.save_cert(cert_body, None, intermediate, None)
|
||||||
cert.user = g.current_user
|
cert.user = g.current_user
|
||||||
|
|
||||||
# we create and attach any roles that the issuer gives us
|
# we create and attach any roles that the issuer gives us
|
||||||
|
@ -65,9 +65,11 @@ def create(kwargs):
|
||||||
password=r['password'],
|
password=r['password'],
|
||||||
description="{0} auto generated role".format(kwargs.get('pluginName')),
|
description="{0} auto generated role".format(kwargs.get('pluginName')),
|
||||||
username=r['username'])
|
username=r['username'])
|
||||||
|
|
||||||
# the user creating the authority should be able to administer it
|
# the user creating the authority should be able to administer it
|
||||||
if role.username == 'admin':
|
if role.username == 'admin':
|
||||||
g.current_user.roles.append(role)
|
g.current_user.roles.append(role)
|
||||||
|
|
||||||
role_objs.append(role)
|
role_objs.append(role)
|
||||||
|
|
||||||
authority = Authority(
|
authority = Authority(
|
||||||
|
@ -80,7 +82,6 @@ def create(kwargs):
|
||||||
roles=role_objs
|
roles=role_objs
|
||||||
)
|
)
|
||||||
|
|
||||||
# do this last encase we need to roll back/abort
|
|
||||||
database.update(cert)
|
database.update(cert)
|
||||||
authority = database.create(authority)
|
authority = database.create(authority)
|
||||||
|
|
||||||
|
|
|
@ -173,7 +173,7 @@ def import_certificate(**kwargs):
|
||||||
return cert
|
return cert
|
||||||
|
|
||||||
|
|
||||||
def save_cert(cert_body, private_key, cert_chain, challenge, csr_config, accounts):
|
def save_cert(cert_body, private_key, cert_chain, accounts):
|
||||||
"""
|
"""
|
||||||
Determines if the certificate needs to be uploaded to AWS or other services.
|
Determines if the certificate needs to be uploaded to AWS or other services.
|
||||||
|
|
||||||
|
@ -184,7 +184,7 @@ def save_cert(cert_body, private_key, cert_chain, challenge, csr_config, account
|
||||||
:param csr_config:
|
:param csr_config:
|
||||||
:param accounts:
|
:param accounts:
|
||||||
"""
|
"""
|
||||||
cert = Certificate(cert_body, private_key, challenge, cert_chain, csr_config)
|
cert = Certificate(cert_body, private_key, cert_chain)
|
||||||
# if we have an AWS accounts lets upload them
|
# if we have an AWS accounts lets upload them
|
||||||
if accounts:
|
if accounts:
|
||||||
for account in accounts:
|
for account in accounts:
|
||||||
|
@ -204,8 +204,6 @@ def upload(**kwargs):
|
||||||
kwargs.get('public_cert'),
|
kwargs.get('public_cert'),
|
||||||
kwargs.get('private_key'),
|
kwargs.get('private_key'),
|
||||||
kwargs.get('intermediate_cert'),
|
kwargs.get('intermediate_cert'),
|
||||||
None,
|
|
||||||
None,
|
|
||||||
kwargs.get('accounts')
|
kwargs.get('accounts')
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -223,6 +221,7 @@ def create(**kwargs):
|
||||||
|
|
||||||
cert.owner = kwargs['owner']
|
cert.owner = kwargs['owner']
|
||||||
database.create(cert)
|
database.create(cert)
|
||||||
|
cert.description = kwargs['description']
|
||||||
g.user.certificates.append(cert)
|
g.user.certificates.append(cert)
|
||||||
database.update(g.user)
|
database.update(g.user)
|
||||||
return cert
|
return cert
|
||||||
|
@ -372,7 +371,7 @@ def create_csr(csr_config):
|
||||||
# serialize our private key and CSR
|
# serialize our private key and CSR
|
||||||
pem = private_key.private_bytes(
|
pem = private_key.private_bytes(
|
||||||
encoding=serialization.Encoding.PEM,
|
encoding=serialization.Encoding.PEM,
|
||||||
format=serialization.PrivateFormat.PKCS8,
|
format=serialization.PrivateFormat.TraditionalOpenSSL, # would like to use PKCS8 but AWS ELBs don't like it
|
||||||
encryption_algorithm=serialization.NoEncryption()
|
encryption_algorithm=serialization.NoEncryption()
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue