Merge remote-tracking branch 'upstream/master' into elb-ssl-automation

2015-08-24 12:18:40 -07:00 · 2015-08-24 12:18:40 -07:00 · 09bc79ef84
parent 6e39a1e666 bb51b59400
commit 09bc79ef84
6 changed files with 22 additions and 20 deletions
--- a/lemur/auth/permissions.py
+++ b/lemur/auth/permissions.py
@ -21,13 +21,13 @@ CertificateCreatorNeed = partial(CertificateCreator, 'key')
 class ViewKeyPermission(Permission):
    def __init__(self, certificate_id, owner):
-        c_need = CertificateCreatorNeed(str(certificate_id))
+        c_need = CertificateCreatorNeed(certificate_id)
        super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
 class UpdateCertificatePermission(Permission):
    def __init__(self, certificate_id, owner):
-        c_need = CertificateCreatorNeed(str(certificate_id))
+        c_need = CertificateCreatorNeed(certificate_id)
        super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -320,17 +320,18 @@ def create_csr(csr_config):
        x509.BasicConstraints(ca=False, path_length=None), critical=True,
    )
-    for k, v in csr_config.get('extensions', {}).items():
+    if csr_config.get('extensions'):
-        if k == 'subAltNames':
+        for k, v in csr_config.get('extensions', {}).items():
-            # map types to their x509 objects
+            if k == 'subAltNames':
-            general_names = []
+                # map types to their x509 objects
-            for name in v['names']:
+                general_names = []
-                if name['nameType'] == 'DNSName':
+                for name in v['names']:
-                    general_names.append(x509.DNSName(name['value']))
+                    if name['nameType'] == 'DNSName':
                        general_names.append(x509.DNSName(name['value']))
-            builder = builder.add_extension(
+                builder = builder.add_extension(
-                x509.SubjectAlternativeName(general_names), critical=True
+                    x509.SubjectAlternativeName(general_names), critical=True
-            )
+                )
    # TODO support more CSR options, none of the authority plugins currently support these options
    #    builder.add_extension(
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@ -446,14 +446,13 @@ class CertificatePrivateKey(AuthenticatedResource):
        role = role_service.get_by_name(cert.owner)
-        if role:
+        permission = ViewKeyPermission(certificate_id, getattr(role, 'name', None))
            permission = ViewKeyPermission(certificate_id, role.name)
-            if permission.can():
+        if permission.can():
-                response = make_response(jsonify(key=cert.private_key), 200)
+            response = make_response(jsonify(key=cert.private_key), 200)
-                response.headers['cache-control'] = 'private, max-age=0, no-cache, no-store'
+            response.headers['cache-control'] = 'private, max-age=0, no-cache, no-store'
-                response.headers['pragma'] = 'no-cache'
+            response.headers['pragma'] = 'no-cache'
-                return response
+            return response
        return dict(message='You are not authorized to view this key'), 403
--- a/lemur/plugins/lemur_verisign/plugin.py
+++ b/lemur/plugins/lemur_verisign/plugin.py
@ -56,6 +56,7 @@ VERISIGN_ERRORS = {
    "0x4828": "Verisign certificates can be at most two years in length",
    "0x3043": "Certificates must have a validity of at least 1 day",
    "0x950b": "CSR: Invalid State",
    "0x3105": "Organization Name Not Matched",
 }
--- a/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html
@ -36,7 +36,7 @@
        Organization
      </label>
      <div class="col-sm-10">
-        <input name="organization" ng-model="certificate.organization" placeholder="Organization" class="form-control" ng-init="certificate.organization = 'Netflix'" required/>
+        <input name="organization" ng-model="certificate.organization" placeholder="Organization" class="form-control" ng-init="certificate.organization = 'Netflix, Inc.'" required/>
        <p ng-show="dnForm.organization.$invalid && !dnForm.organization.$pristine" class="help-block">You must enter a organization</p>
      </div>
    </div>
--- a/lemur/utils.py
+++ b/lemur/utils.py
@ -17,4 +17,5 @@ def get_key():
    try:
        return current_app.config.get('LEMUR_ENCRYPTION_KEY').strip()
    except RuntimeError:
        print("No Encryption Key Found")
        return ''