From e33a103ca1f45020c919d873860fb02265bebb20 Mon Sep 17 00:00:00 2001
From: Curtis Castrapel <ccastrapel@netflix.com>
Date: Thu, 9 May 2019 14:36:56 -0700
Subject: [PATCH 1/3] Allow searching for certificates by name via API

---
 lemur/certificates/service.py                 |  13 +++
 lemur/certificates/views.py                   | 109 ++++++++++++++++++
 .../app/angular/certificates/view/view.js     |   5 +
 .../angular/certificates/view/view.tpl.html   |   2 +-
 4 files changed, 128 insertions(+), 1 deletion(-)

diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py
index 23a9a3b9..8a1b74d2 100644
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@@ -388,6 +388,19 @@ def render(args):
     return result
 
 
+def query_name(certificate_name, args):
+    """
+    Helper function that queries for a certificate by name
+
+    :param args:
+    :return:
+    """
+    query = database.session_query(Certificate)
+    query = query.filter(Certificate.name == certificate_name)
+    result = database.sort_and_page(query, Certificate, args)
+    return result
+
+
 def create_csr(**csr_config):
     """
     Given a list of domains create the appropriate csr
diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py
index fe1a1f9c..17aa418f 100644
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@@ -37,6 +37,114 @@ mod = Blueprint('certificates', __name__)
 api = Api(mod)
 
 
+class CertificatesNameQuery(AuthenticatedResource):
+    """ Defines the 'certificates/name' endpoint """
+
+    def __init__(self):
+        self.reqparse = reqparse.RequestParser()
+        super(CertificatesNameQuery, self).__init__()
+
+    @validate_schema(None, certificates_output_schema)
+    def get(self, certificate_name):
+        """
+        .. http:get:: /certificates/name/<query>
+
+           The current list of certificates
+
+           **Example request**:
+
+           .. sourcecode:: http
+
+              GET /certificates/name/WILDCARD.test.example.net-SymantecCorporation-20160603-20180112 HTTP/1.1
+              Host: example.com
+              Accept: application/json, text/javascript
+
+           **Example response**:
+
+           .. sourcecode:: http
+
+              HTTP/1.1 200 OK
+              Vary: Accept
+              Content-Type: text/javascript
+
+              {
+                "items": [{
+                    "status": null,
+                    "cn": "*.test.example.net",
+                    "chain": "",
+                    "csr": "-----BEGIN CERTIFICATE REQUEST-----"
+                    "authority": {
+                        "active": true,
+                        "owner": "secure@example.com",
+                        "id": 1,
+                        "description": "verisign test authority",
+                        "name": "verisign"
+                    },
+                    "owner": "joe@example.com",
+                    "serial": "82311058732025924142789179368889309156",
+                    "id": 2288,
+                    "issuer": "SymantecCorporation",
+                    "dateCreated": "2016-06-03T06:09:42.133769+00:00",
+                    "notBefore": "2016-06-03T00:00:00+00:00",
+                    "notAfter": "2018-01-12T23:59:59+00:00",
+                    "destinations": [],
+                    "bits": 2048,
+                    "body": "-----BEGIN CERTIFICATE-----...",
+                    "description": null,
+                    "deleted": null,
+                    "notifications": [{
+                        "id": 1
+                    }],
+                    "signingAlgorithm": "sha256",
+                    "user": {
+                        "username": "jane",
+                        "active": true,
+                        "email": "jane@example.com",
+                        "id": 2
+                    },
+                    "active": true,
+                    "domains": [{
+                        "sensitive": false,
+                        "id": 1090,
+                        "name": "*.test.example.net"
+                    }],
+                    "replaces": [],
+                    "replaced": [],
+                    "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
+                    "roles": [{
+                        "id": 464,
+                        "description": "This is a google group based role created by Lemur",
+                        "name": "joe@example.com"
+                    }],
+                    "san": null
+                }],
+                "total": 1
+              }
+
+           :query sortBy: field to sort on
+           :query sortDir: asc or desc
+           :query page: int. default is 1
+           :query filter: key value pair format is k;v
+           :query count: count number. default is 10
+           :reqheader Authorization: OAuth token to authenticate
+           :statuscode 200: no error
+           :statuscode 403: unauthenticated
+
+        """
+        parser = paginated_parser.copy()
+        parser.add_argument('timeRange', type=int, dest='time_range', location='args')
+        parser.add_argument('owner', type=inputs.boolean, location='args')
+        parser.add_argument('id', type=str, location='args')
+        parser.add_argument('active', type=inputs.boolean, location='args')
+        parser.add_argument('destinationId', type=int, dest="destination_id", location='args')
+        parser.add_argument('creator', type=str, location='args')
+        parser.add_argument('show', type=str, location='args')
+
+        args = parser.parse_args()
+        args['user'] = g.user
+        return service.query_name(certificate_name, args)
+
+
 class CertificatesList(AuthenticatedResource):
     """ Defines the 'certificates' endpoint """
 
@@ -1080,6 +1188,7 @@ class CertificateRevoke(AuthenticatedResource):
 
 
 api.add_resource(CertificateRevoke, '/certificates/<int:certificate_id>/revoke', endpoint='revokeCertificate')
+api.add_resource(CertificatesNameQuery, '/certificates/name/<string:certificate_name>', endpoint='certificatesNameQuery')
 api.add_resource(CertificatesList, '/certificates', endpoint='certificates')
 api.add_resource(Certificates, '/certificates/<int:certificate_id>', endpoint='certificate')
 api.add_resource(CertificatesStats, '/certificates/stats', endpoint='certificateStats')
diff --git a/lemur/static/app/angular/certificates/view/view.js b/lemur/static/app/angular/certificates/view/view.js
index 0008dd64..3eb0ebb2 100644
--- a/lemur/static/app/angular/certificates/view/view.js
+++ b/lemur/static/app/angular/certificates/view/view.js
@@ -14,6 +14,11 @@ angular.module('lemur')
         url: '/certificates/:name',
         templateUrl: '/angular/certificates/view/view.tpl.html',
         controller: 'CertificatesViewController'
+      })
+      .state('certificate_name', {
+        url: '/certificates/name/:name',
+        templateUrl: '/angular/certificates/view/view.tpl.html',
+        controller: 'CertificatesViewController'
       });
   })
 
diff --git a/lemur/static/app/angular/certificates/view/view.tpl.html b/lemur/static/app/angular/certificates/view/view.tpl.html
index 28b4e08e..4e60b5cc 100644
--- a/lemur/static/app/angular/certificates/view/view.tpl.html
+++ b/lemur/static/app/angular/certificates/view/view.tpl.html
@@ -47,7 +47,7 @@
             </td>
             <td data-title="''" style="text-align: center; vertical-align: middle;">
                 <div class="btn-group pull-right" role="group" aria-label="...">
-                  <a class="btn btn-sm btn-primary" ui-sref="certificate({name: certificate.name})">Permalink</a>
+                  <a class="btn btn-sm btn-primary" ui-sref="certificate_name({name: certificate.name})">Permalink</a>
                   <button ng-model="certificate.toggle" class="btn btn-sm btn-info" uib-btn-checkbox btn-checkbox-true="1"
                             btn-checkbox-false="0">More
                   </button>

From ed18df22db6ee96d0157e4f72d68d1d7038f8d38 Mon Sep 17 00:00:00 2001
From: Curtis Castrapel <ccastrapel@netflix.com>
Date: Thu, 9 May 2019 14:54:44 -0700
Subject: [PATCH 2/3] remove permalink change

---
 lemur/static/app/angular/certificates/view/view.js       | 5 -----
 lemur/static/app/angular/certificates/view/view.tpl.html | 2 +-
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/lemur/static/app/angular/certificates/view/view.js b/lemur/static/app/angular/certificates/view/view.js
index 3eb0ebb2..0008dd64 100644
--- a/lemur/static/app/angular/certificates/view/view.js
+++ b/lemur/static/app/angular/certificates/view/view.js
@@ -14,11 +14,6 @@ angular.module('lemur')
         url: '/certificates/:name',
         templateUrl: '/angular/certificates/view/view.tpl.html',
         controller: 'CertificatesViewController'
-      })
-      .state('certificate_name', {
-        url: '/certificates/name/:name',
-        templateUrl: '/angular/certificates/view/view.tpl.html',
-        controller: 'CertificatesViewController'
       });
   })
 
diff --git a/lemur/static/app/angular/certificates/view/view.tpl.html b/lemur/static/app/angular/certificates/view/view.tpl.html
index 4e60b5cc..28b4e08e 100644
--- a/lemur/static/app/angular/certificates/view/view.tpl.html
+++ b/lemur/static/app/angular/certificates/view/view.tpl.html
@@ -47,7 +47,7 @@
             </td>
             <td data-title="''" style="text-align: center; vertical-align: middle;">
                 <div class="btn-group pull-right" role="group" aria-label="...">
-                  <a class="btn btn-sm btn-primary" ui-sref="certificate_name({name: certificate.name})">Permalink</a>
+                  <a class="btn btn-sm btn-primary" ui-sref="certificate({name: certificate.name})">Permalink</a>
                   <button ng-model="certificate.toggle" class="btn btn-sm btn-info" uib-btn-checkbox btn-checkbox-true="1"
                             btn-checkbox-false="0">More
                   </button>

From 3f10b43254bec0c850322cd84445aad1d3ed14c3 Mon Sep 17 00:00:00 2001
From: Curtis Castrapel <ccastrapel@netflix.com>
Date: Thu, 9 May 2019 15:00:09 -0700
Subject: [PATCH 3/3] Ignore bandit error

---
 docs/conf.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/conf.py b/docs/conf.py
index d5b1698c..dfa96543 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -68,7 +68,7 @@ copyright = u'2018, Netflix Inc.'
 base_dir = os.path.join(os.path.dirname(__file__), os.pardir)
 about = {}
 with open(os.path.join(base_dir, "lemur", "__about__.py")) as f:
-    exec(f.read(), about)
+    exec(f.read(), about)  # nosec
 
 version = release = about["__version__"]