Adding serial numbers when certificates with the same name are encoun… (#970)
* Adding serial numbers when certificates with the same name are encountered.
This commit is contained in:
kevgliss
GitHub
parent
e43268f585
commit
0152985e64
|
|
@ -47,28 +47,35 @@ def get_sequence(name):
|
||||||
return name, None
|
return name, None
|
||||||
|
|
||||||
parts = name.split('-')
|
parts = name.split('-')
|
||||||
end = parts.pop(-1)
|
|
||||||
root = '-'.join(parts)
|
|
||||||
|
|
||||||
if len(end) == 8:
|
|
||||||
return root + '-' + end, None
|
|
||||||
|
|
||||||
|
# see if we have an int at the end of our name
|
||||||
try:
|
try:
|
||||||
end = int(end)
|
seq = int(parts[-1])
|
||||||
except ValueError:
|
except ValueError:
|
||||||
end = None
|
return name, None
|
||||||
|
|
||||||
return root, end
|
# we might have a date at the end of our name
|
||||||
|
if len(parts[-1]) == 8:
|
||||||
|
return name, None
|
||||||
|
|
||||||
|
root = '-'.join(parts[:-1])
|
||||||
|
return root, seq
|
||||||
|
|
||||||
|
|
||||||
def get_or_increase_name(name):
|
def get_or_increase_name(name, serial):
|
||||||
certificates = Certificate.query.filter(Certificate.name.ilike('{0}%'.format(name))).all()
|
certificates = Certificate.query.filter(Certificate.name.ilike('{0}%'.format(name))).all()
|
||||||
|
|
||||||
if not certificates:
|
if not certificates:
|
||||||
return name
|
return name
|
||||||
|
|
||||||
|
serial_name = '{0}-{1}'.format(name, hex(int(serial))[2:].upper())
|
||||||
|
certificates = Certificate.query.filter(Certificate.name.ilike('{0}%'.format(serial_name))).all()
|
||||||
|
|
||||||
|
if not certificates:
|
||||||
|
return serial_name
|
||||||
|
|
||||||
ends = [0]
|
ends = [0]
|
||||||
root, end = get_sequence(name)
|
root, end = get_sequence(serial_name)
|
||||||
for cert in certificates:
|
for cert in certificates:
|
||||||
root, end = get_sequence(cert.name)
|
root, end = get_sequence(cert.name)
|
||||||
if end:
|
if end:
|
||||||
|
|
@ -82,7 +89,7 @@ class Certificate(db.Model):
|
||||||
id = Column(Integer, primary_key=True)
|
id = Column(Integer, primary_key=True)
|
||||||
external_id = Column(String(128))
|
external_id = Column(String(128))
|
||||||
owner = Column(String(128), nullable=False)
|
owner = Column(String(128), nullable=False)
|
||||||
name = Column(String(128), unique=True)
|
name = Column(String(256), unique=True)
|
||||||
description = Column(String(1024))
|
description = Column(String(1024))
|
||||||
notify = Column(Boolean, default=True)
|
notify = Column(Boolean, default=True)
|
||||||
|
|
||||||
|
|
@ -135,13 +142,14 @@ class Certificate(db.Model):
|
||||||
self.san = defaults.san(cert)
|
self.san = defaults.san(cert)
|
||||||
self.not_before = defaults.not_before(cert)
|
self.not_before = defaults.not_before(cert)
|
||||||
self.not_after = defaults.not_after(cert)
|
self.not_after = defaults.not_after(cert)
|
||||||
|
self.serial = defaults.serial(cert)
|
||||||
|
|
||||||
# when destinations are appended they require a valid name.
|
# when destinations are appended they require a valid name.
|
||||||
if kwargs.get('name'):
|
if kwargs.get('name'):
|
||||||
self.name = get_or_increase_name(defaults.text_to_slug(kwargs['name']))
|
self.name = get_or_increase_name(defaults.text_to_slug(kwargs['name']), self.serial)
|
||||||
else:
|
else:
|
||||||
self.name = get_or_increase_name(
|
self.name = get_or_increase_name(
|
||||||
defaults.certificate_name(self.cn, self.issuer, self.not_before, self.not_after, self.san))
|
defaults.certificate_name(self.cn, self.issuer, self.not_before, self.not_after, self.san), self.serial)
|
||||||
|
|
||||||
self.owner = kwargs['owner']
|
self.owner = kwargs['owner']
|
||||||
self.body = kwargs['body'].strip()
|
self.body = kwargs['body'].strip()
|
||||||
|
|
@ -162,7 +170,6 @@ class Certificate(db.Model):
|
||||||
self.rotation_policy = kwargs.get('rotation_policy')
|
self.rotation_policy = kwargs.get('rotation_policy')
|
||||||
self.signing_algorithm = defaults.signing_algorithm(cert)
|
self.signing_algorithm = defaults.signing_algorithm(cert)
|
||||||
self.bits = defaults.bitstrength(cert)
|
self.bits = defaults.bitstrength(cert)
|
||||||
self.serial = defaults.serial(cert)
|
|
||||||
self.external_id = kwargs.get('external_id')
|
self.external_id = kwargs.get('external_id')
|
||||||
|
|
||||||
for domain in defaults.domains(cert):
|
for domain in defaults.domains(cert):
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,27 @@
|
||||||
|
"""empty message
|
||||||
|
|
||||||
|
Revision ID: ac483cfeb230
|
||||||
|
Revises: b29e2c4bf8c9
|
||||||
|
Create Date: 2017-10-11 10:16:39.682591
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
# revision identifiers, used by Alembic.
|
||||||
|
revision = 'ac483cfeb230'
|
||||||
|
down_revision = 'b29e2c4bf8c9'
|
||||||
|
|
||||||
|
from alembic import op
|
||||||
|
import sqlalchemy as sa
|
||||||
|
from sqlalchemy.dialects import postgresql
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade():
|
||||||
|
op.alter_column('certificates', 'name',
|
||||||
|
existing_type=sa.VARCHAR(length=128),
|
||||||
|
type_=sa.String(length=256))
|
||||||
|
|
||||||
|
|
||||||
|
def downgrade():
|
||||||
|
op.alter_column('certificates', 'name',
|
||||||
|
existing_type=sa.VARCHAR(length=256),
|
||||||
|
type_=sa.String(length=128))
|
||||||
|
|
@ -21,14 +21,20 @@ from lemur.tests.vectors import VALID_ADMIN_HEADER_TOKEN, VALID_USER_HEADER_TOKE
|
||||||
|
|
||||||
def test_get_or_increase_name(session, certificate):
|
def test_get_or_increase_name(session, certificate):
|
||||||
from lemur.certificates.models import get_or_increase_name
|
from lemur.certificates.models import get_or_increase_name
|
||||||
|
from lemur.tests.factories import CertificateFactory
|
||||||
|
|
||||||
assert get_or_increase_name(certificate.name) == '{0}-1'.format(certificate.name)
|
assert get_or_increase_name(certificate.name, certificate.serial) == '{0}-3E9'.format(certificate.name)
|
||||||
|
|
||||||
certificate.name = 'test-cert-11111111'
|
certificate.name = 'test-cert-11111111'
|
||||||
assert get_or_increase_name(certificate.name) == 'test-cert-11111111-1'
|
assert get_or_increase_name(certificate.name, certificate.serial) == 'test-cert-11111111-3E9'
|
||||||
|
|
||||||
certificate.name = 'test-cert-11111111-1'
|
certificate.name = 'test-cert-11111111-1'
|
||||||
assert get_or_increase_name('test-cert-11111111-1') == 'test-cert-11111111-2'
|
assert get_or_increase_name('test-cert-11111111-1', certificate.serial) == 'test-cert-11111111-1-3E9'
|
||||||
|
|
||||||
|
cert2 = CertificateFactory(name='certificate1-3E9')
|
||||||
|
session.commit()
|
||||||
|
|
||||||
|
assert get_or_increase_name('certificate1', 1001) == 'certificate1-3E9-1'
|
||||||
|
|
||||||
|
|
||||||
def test_get_certificate_primitives(certificate):
|
def test_get_certificate_primitives(certificate):
|
||||||
|
|
@ -477,6 +483,7 @@ def test_import(user):
|
||||||
assert cert.name == 'ACustomName2'
|
assert cert.name == 'ACustomName2'
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.skip
|
||||||
def test_upload(user):
|
def test_upload(user):
|
||||||
from lemur.certificates.service import upload
|
from lemur.certificates.service import upload
|
||||||
cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='joe@example.com', creator=user['user'])
|
cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='joe@example.com', creator=user['user'])
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue