Merge remote-tracking branch 'upstream/master' into elb-ssl-automation
This commit is contained in:
commit
09bc79ef84
@ -21,13 +21,13 @@ CertificateCreatorNeed = partial(CertificateCreator, 'key')
|
|||||||
|
|
||||||
class ViewKeyPermission(Permission):
|
class ViewKeyPermission(Permission):
|
||||||
def __init__(self, certificate_id, owner):
|
def __init__(self, certificate_id, owner):
|
||||||
c_need = CertificateCreatorNeed(str(certificate_id))
|
c_need = CertificateCreatorNeed(certificate_id)
|
||||||
super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
|
super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
|
||||||
|
|
||||||
|
|
||||||
class UpdateCertificatePermission(Permission):
|
class UpdateCertificatePermission(Permission):
|
||||||
def __init__(self, certificate_id, owner):
|
def __init__(self, certificate_id, owner):
|
||||||
c_need = CertificateCreatorNeed(str(certificate_id))
|
c_need = CertificateCreatorNeed(certificate_id)
|
||||||
super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
|
super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
|
||||||
|
|
||||||
|
|
||||||
|
@ -320,6 +320,7 @@ def create_csr(csr_config):
|
|||||||
x509.BasicConstraints(ca=False, path_length=None), critical=True,
|
x509.BasicConstraints(ca=False, path_length=None), critical=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if csr_config.get('extensions'):
|
||||||
for k, v in csr_config.get('extensions', {}).items():
|
for k, v in csr_config.get('extensions', {}).items():
|
||||||
if k == 'subAltNames':
|
if k == 'subAltNames':
|
||||||
# map types to their x509 objects
|
# map types to their x509 objects
|
||||||
|
@ -446,8 +446,7 @@ class CertificatePrivateKey(AuthenticatedResource):
|
|||||||
|
|
||||||
role = role_service.get_by_name(cert.owner)
|
role = role_service.get_by_name(cert.owner)
|
||||||
|
|
||||||
if role:
|
permission = ViewKeyPermission(certificate_id, getattr(role, 'name', None))
|
||||||
permission = ViewKeyPermission(certificate_id, role.name)
|
|
||||||
|
|
||||||
if permission.can():
|
if permission.can():
|
||||||
response = make_response(jsonify(key=cert.private_key), 200)
|
response = make_response(jsonify(key=cert.private_key), 200)
|
||||||
|
@ -56,6 +56,7 @@ VERISIGN_ERRORS = {
|
|||||||
"0x4828": "Verisign certificates can be at most two years in length",
|
"0x4828": "Verisign certificates can be at most two years in length",
|
||||||
"0x3043": "Certificates must have a validity of at least 1 day",
|
"0x3043": "Certificates must have a validity of at least 1 day",
|
||||||
"0x950b": "CSR: Invalid State",
|
"0x950b": "CSR: Invalid State",
|
||||||
|
"0x3105": "Organization Name Not Matched",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@
|
|||||||
Organization
|
Organization
|
||||||
</label>
|
</label>
|
||||||
<div class="col-sm-10">
|
<div class="col-sm-10">
|
||||||
<input name="organization" ng-model="certificate.organization" placeholder="Organization" class="form-control" ng-init="certificate.organization = 'Netflix'" required/>
|
<input name="organization" ng-model="certificate.organization" placeholder="Organization" class="form-control" ng-init="certificate.organization = 'Netflix, Inc.'" required/>
|
||||||
<p ng-show="dnForm.organization.$invalid && !dnForm.organization.$pristine" class="help-block">You must enter a organization</p>
|
<p ng-show="dnForm.organization.$invalid && !dnForm.organization.$pristine" class="help-block">You must enter a organization</p>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
@ -17,4 +17,5 @@ def get_key():
|
|||||||
try:
|
try:
|
||||||
return current_app.config.get('LEMUR_ENCRYPTION_KEY').strip()
|
return current_app.config.get('LEMUR_ENCRYPTION_KEY').strip()
|
||||||
except RuntimeError:
|
except RuntimeError:
|
||||||
|
print("No Encryption Key Found")
|
||||||
return ''
|
return ''
|
||||||
|
Loading…
Reference in New Issue
Block a user