Merge remote-tracking branch 'upstream/master' into elb-ssl-automation

This commit is contained in:
Jeremy Heffner 2015-08-24 12:18:40 -07:00
commit 09bc79ef84
6 changed files with 22 additions and 20 deletions

View File

@ -21,13 +21,13 @@ CertificateCreatorNeed = partial(CertificateCreator, 'key')
class ViewKeyPermission(Permission): class ViewKeyPermission(Permission):
def __init__(self, certificate_id, owner): def __init__(self, certificate_id, owner):
c_need = CertificateCreatorNeed(str(certificate_id)) c_need = CertificateCreatorNeed(certificate_id)
super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin')) super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
class UpdateCertificatePermission(Permission): class UpdateCertificatePermission(Permission):
def __init__(self, certificate_id, owner): def __init__(self, certificate_id, owner):
c_need = CertificateCreatorNeed(str(certificate_id)) c_need = CertificateCreatorNeed(certificate_id)
super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin')) super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))

View File

@ -320,6 +320,7 @@ def create_csr(csr_config):
x509.BasicConstraints(ca=False, path_length=None), critical=True, x509.BasicConstraints(ca=False, path_length=None), critical=True,
) )
if csr_config.get('extensions'):
for k, v in csr_config.get('extensions', {}).items(): for k, v in csr_config.get('extensions', {}).items():
if k == 'subAltNames': if k == 'subAltNames':
# map types to their x509 objects # map types to their x509 objects

View File

@ -446,8 +446,7 @@ class CertificatePrivateKey(AuthenticatedResource):
role = role_service.get_by_name(cert.owner) role = role_service.get_by_name(cert.owner)
if role: permission = ViewKeyPermission(certificate_id, getattr(role, 'name', None))
permission = ViewKeyPermission(certificate_id, role.name)
if permission.can(): if permission.can():
response = make_response(jsonify(key=cert.private_key), 200) response = make_response(jsonify(key=cert.private_key), 200)

View File

@ -56,6 +56,7 @@ VERISIGN_ERRORS = {
"0x4828": "Verisign certificates can be at most two years in length", "0x4828": "Verisign certificates can be at most two years in length",
"0x3043": "Certificates must have a validity of at least 1 day", "0x3043": "Certificates must have a validity of at least 1 day",
"0x950b": "CSR: Invalid State", "0x950b": "CSR: Invalid State",
"0x3105": "Organization Name Not Matched",
} }

View File

@ -36,7 +36,7 @@
Organization Organization
</label> </label>
<div class="col-sm-10"> <div class="col-sm-10">
<input name="organization" ng-model="certificate.organization" placeholder="Organization" class="form-control" ng-init="certificate.organization = 'Netflix'" required/> <input name="organization" ng-model="certificate.organization" placeholder="Organization" class="form-control" ng-init="certificate.organization = 'Netflix, Inc.'" required/>
<p ng-show="dnForm.organization.$invalid && !dnForm.organization.$pristine" class="help-block">You must enter a organization</p> <p ng-show="dnForm.organization.$invalid && !dnForm.organization.$pristine" class="help-block">You must enter a organization</p>
</div> </div>
</div> </div>

View File

@ -17,4 +17,5 @@ def get_key():
try: try:
return current_app.config.get('LEMUR_ENCRYPTION_KEY').strip() return current_app.config.get('LEMUR_ENCRYPTION_KEY').strip()
except RuntimeError: except RuntimeError:
print("No Encryption Key Found")
return '' return ''