Merge branch 'master' into password_noninteractive

2019-01-29 15:21:34 -08:00 · 2019-01-29 15:21:34 -08:00 · 1e708bf1c7
parent d2317acfc5 753ae3cbaf
commit 1e708bf1c7
5 changed files with 31 additions and 0 deletions
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@ -227,6 +227,10 @@ class Certificate(db.Model):
    def location(self):
        return defaults.location(self.parsed_cert)

+    @property
+    def distinguished_name(self):
+        return self.parsed_cert.subject.rfc4514_string()
+
    @property
    def key_type(self):
        if isinstance(self.parsed_cert.public_key(), rsa.RSAPublicKey):
--- a/lemur/certificates/schemas.py
+++ b/lemur/certificates/schemas.py
@ -206,6 +206,7 @@ class CertificateOutputSchema(LemurOutputSchema):

    cn = fields.String()
    common_name = fields.String(attribute='cn')
+    distinguished_name = fields.String()

    not_after = fields.DateTime()
    validity_end = ArrowDateTime(attribute='not_after')
--- a/lemur/plugins/lemur_cfssl/plugin.py
+++ b/lemur/plugins/lemur_cfssl/plugin.py
@ -10,6 +10,9 @@

 import json
 import requests
+import base64
+import hmac
+import hashlib

 from flask import current_app

@ -48,6 +51,21 @@ class CfsslIssuerPlugin(IssuerPlugin):
        data = {'certificate_request': csr}
        data = json.dumps(data)

+        try:
+            hex_key = current_app.config.get('CFSSL_KEY')
+            key = bytes.fromhex(hex_key)
+        except (ValueError, NameError):
+            # unable to find CFSSL_KEY in config, continue using normal sign method
+            pass
+        else:
+            data = data.encode()
+
+            token = base64.b64encode(hmac.new(key, data, digestmod=hashlib.sha256).digest())
+            data = base64.b64encode(data)
+
+            data = json.dumps({'token': token.decode('utf-8'), 'request': data.decode('utf-8')})
+
+            url = "{0}{1}".format(current_app.config.get('CFSSL_URL'), '/api/v1/cfssl/authsign')
        response = self.session.post(url, data=data.encode(encoding='utf_8', errors='strict'))
        if response.status_code > 399:
            metrics.send('cfssl_create_certificate_failure', 'counter', 1)
--- a/lemur/static/app/angular/certificates/view/view.tpl.html
+++ b/lemur/static/app/angular/certificates/view/view.tpl.html
@ -83,6 +83,8 @@
                    </div>
                    <!-- Certificate fields -->
                    <div class="list-group-item">
+                      <dt>Distinguished Name</dt>
+                      <dd>{{ certificate.distinguishedName }}</dd>
                      <dt>Certificate Authority</dt>
                      <dd>{{ certificate.authority ? certificate.authority.name : "Imported" }} <span class="text-muted">({{ certificate.issuer }})</span></dd>
                      <dt>Serial</dt>
--- a/lemur/tests/test_certificates.py
+++ b/lemur/tests/test_certificates.py
@ -619,6 +619,12 @@ def test_certificate_get_body(client):
    response_body = client.get(api.url_for(Certificates, certificate_id=1), headers=VALID_USER_HEADER_TOKEN).json
    assert response_body['serial'] == '211983098819107449768450703123665283596'
    assert response_body['serialHex'] == '9F7A75B39DAE4C3F9524C68B06DA6A0C'
+    assert response_body['distinguishedName'] == ('CN=LemurTrust Unittests Class 1 CA 2018,'
+                                                  'O=LemurTrust Enterprises Ltd,'
+                                                  'OU=Unittesting Operations Center,'
+                                                  'C=EE,'
+                                                  'ST=N/A,'
+                                                  'L=Earth')


@pytest.mark.parametrize("token,status", [