San alt name (#468)

lemur/certificates/schemas.py

@@ -115,6 +115,12 @@ class CertificateNestedOutputSchema(LemurOutputSchema):
     issuer = fields.Nested(AuthorityNestedOutputSchema)
 
 
+class CertificateCloneSchema(LemurOutputSchema):
+    __envelope__ = False
+    description = fields.String()
+    common_name = fields.String()
+
+
 class CertificateOutputSchema(LemurOutputSchema):
     id = fields.Integer()
     active = fields.Boolean()

lemur/certificates/service.py

@@ -456,3 +456,49 @@ def get_name_from_arn(arn):
     :return: name of the certificate as uploaded to AWS
     """
     return arn.split("/", 1)[1]
+
+
+def calculate_reissue_range(start, end):
+    """
+    Determine what the new validity_start and validity_end dates should be.
+    :param start:
+    :param end:
+    :return:
+    """
+    span = end - start
+
+    new_start = arrow.utcnow().date()
+    new_end = new_start + span
+
+    return new_start, new_end
+
+
+# TODO pull the OU, O, CN, etc + other extensions.
+def get_certificate_primitives(certificate):
+    """
+    Retrieve key primitive from a certificate such that the certificate
+    could be recreated with new expiration or be used to build upon.
+    :param certificate:
+    :return: dict of certificate primitives, should be enough to effectively re-issue
+    certificate via `create`.
+    """
+    start, end = calculate_reissue_range(certificate.not_before, certificate.not_after)
+    names = [{'name_type': 'DNSName', 'value': x.name} for x in certificate.domains]
+
+    extensions = {
+        'sub_alt_names': {
+            'names': names
+        }
+    }
+
+    return dict(
+        authority=certificate.authority,
+        common_name=certificate.cn,
+        description=certificate.description,
+        validity_start=start,
+        validity_end=end,
+        destinations=certificate.destinations,
+        roles=certificate.roles,
+        extensions=extensions,
+        owner=certificate.owner
+    )

lemur/certificates/views.py

@@ -890,12 +890,24 @@ class CertificateExport(AuthenticatedResource):
         return dict(extension=extension, passphrase=passphrase, data=base64.b64encode(data).decode('utf-8'))
 
 
+class CertificateClone(AuthenticatedResource):
+    def __init__(self):
+        self.reqparse = reqparse.RequestParser()
+        super(CertificateExport, self).__init__()
+
+    @validate_schema(None, certificate_output_schema)
+    def get(self, certificate_id):
+
+        pass
+
+
 api.add_resource(CertificatesList, '/certificates', endpoint='certificates')
 api.add_resource(Certificates, '/certificates/<int:certificate_id>', endpoint='certificate')
 api.add_resource(CertificatesStats, '/certificates/stats', endpoint='certificateStats')
 api.add_resource(CertificatesUpload, '/certificates/upload', endpoint='certificateUpload')
 api.add_resource(CertificatePrivateKey, '/certificates/<int:certificate_id>/key', endpoint='privateKeyCertificates')
 api.add_resource(CertificateExport, '/certificates/<int:certificate_id>/export', endpoint='exportCertificate')
+api.add_resource(CertificateClone, '/certificates/<int:certificate_id>/clone', endpoint='cloneCertificate')
 api.add_resource(NotificationCertificatesList, '/notifications/<int:notification_id>/certificates',
                  endpoint='notificationCertificates')
 api.add_resource(CertificatesReplacementsList, '/certificates/<int:certificate_id>/replacements',