From 4b893ab5b49b622a1634ef54e7323b219390bf0f Mon Sep 17 00:00:00 2001
From: Marti Raudsepp <marti@juffo.org>
Date: Fri, 5 Jan 2018 13:08:07 +0200
Subject: [PATCH 1/4] Expose full certificate RFC 4514 Distinguished Name
 string

Using rfc4514_string() method added in cryptography version 2.5.
---
 lemur/certificates/models.py                             | 4 ++++
 lemur/certificates/schemas.py                            | 1 +
 lemur/static/app/angular/certificates/view/view.tpl.html | 2 ++
 lemur/tests/test_certificates.py                         | 6 ++++++
 requirements.txt                                         | 2 +-
 5 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py
index 3eaba746..34305cc2 100644
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@@ -227,6 +227,10 @@ class Certificate(db.Model):
     def location(self):
         return defaults.location(self.parsed_cert)
 
+    @property
+    def distinguished_name(self):
+        return self.parsed_cert.subject.rfc4514_string()
+
     @property
     def key_type(self):
         if isinstance(self.parsed_cert.public_key(), rsa.RSAPublicKey):
diff --git a/lemur/certificates/schemas.py b/lemur/certificates/schemas.py
index 6b457086..946bd541 100644
--- a/lemur/certificates/schemas.py
+++ b/lemur/certificates/schemas.py
@@ -206,6 +206,7 @@ class CertificateOutputSchema(LemurOutputSchema):
 
     cn = fields.String()
     common_name = fields.String(attribute='cn')
+    distinguished_name = fields.String()
 
     not_after = fields.DateTime()
     validity_end = ArrowDateTime(attribute='not_after')
diff --git a/lemur/static/app/angular/certificates/view/view.tpl.html b/lemur/static/app/angular/certificates/view/view.tpl.html
index ba17ffa6..28b4e08e 100644
--- a/lemur/static/app/angular/certificates/view/view.tpl.html
+++ b/lemur/static/app/angular/certificates/view/view.tpl.html
@@ -83,6 +83,8 @@
                     </div>
                     <!-- Certificate fields -->
                     <div class="list-group-item">
+                      <dt>Distinguished Name</dt>
+                      <dd>{{ certificate.distinguishedName }}</dd>
                       <dt>Certificate Authority</dt>
                       <dd>{{ certificate.authority ? certificate.authority.name : "Imported" }} <span class="text-muted">({{ certificate.issuer }})</span></dd>
                       <dt>Serial</dt>
diff --git a/lemur/tests/test_certificates.py b/lemur/tests/test_certificates.py
index a1df1c0d..db2d27cf 100644
--- a/lemur/tests/test_certificates.py
+++ b/lemur/tests/test_certificates.py
@@ -619,6 +619,12 @@ def test_certificate_get_body(client):
     response_body = client.get(api.url_for(Certificates, certificate_id=1), headers=VALID_USER_HEADER_TOKEN).json
     assert response_body['serial'] == '211983098819107449768450703123665283596'
     assert response_body['serialHex'] == '9F7A75B39DAE4C3F9524C68B06DA6A0C'
+    assert response_body['distinguishedName'] == ('CN=LemurTrust Unittests Class 1 CA 2018,'
+                                                  'O=LemurTrust Enterprises Ltd,'
+                                                  'OU=Unittesting Operations Center,'
+                                                  'C=EE,'
+                                                  'ST=N/A,'
+                                                  'L=Earth')
 
 
 @pytest.mark.parametrize("token,status", [
diff --git a/requirements.txt b/requirements.txt
index 79268c8a..d700de42 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -23,7 +23,7 @@ cffi==1.11.5              # via bcrypt, cryptography, pynacl
 chardet==3.0.4            # via requests
 click==7.0                # via flask
 cloudflare==2.1.0
-cryptography==2.4.2
+cryptography==2.5
 dnspython3==1.15.0
 dnspython==1.15.0         # via dnspython3
 docutils==0.14            # via botocore

From b4d1b80e04c6ead46635977fc9d21161718eb6e5 Mon Sep 17 00:00:00 2001
From: alwaysjolley <chris@alwaysjolley.com>
Date: Tue, 29 Jan 2019 10:13:44 -0500
Subject: [PATCH 2/4] Adding support for cfssl auth mode signing

---
 lemur/plugins/lemur_cfssl/plugin.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/lemur/plugins/lemur_cfssl/plugin.py b/lemur/plugins/lemur_cfssl/plugin.py
index 030f290a..ead633bc 100644
--- a/lemur/plugins/lemur_cfssl/plugin.py
+++ b/lemur/plugins/lemur_cfssl/plugin.py
@@ -10,6 +10,9 @@
 
 import json
 import requests
+import base64
+import hmac
+import hashlib
 
 from flask import current_app
 
@@ -48,6 +51,21 @@ class CfsslIssuerPlugin(IssuerPlugin):
         data = {'certificate_request': csr}
         data = json.dumps(data)
 
+        try:
+            hex_key = current_app.config.get('CFSSL_KEY')
+            key=bytes.fromhex(hex_key)
+        except:
+            #unable to find CFSSL_KEY in config, continue using normal sign method
+            pass
+        else:
+            data=data.encode()
+
+            token = base64.b64encode(hmac.new(key,data,digestmod=hashlib.sha256).digest())
+            data = base64.b64encode(data)
+
+            data = json.dumps({'token': token.decode('utf-8'), 'request': data.decode('utf-8')})
+
+            url = "{0}{1}".format(current_app.config.get('CFSSL_URL'), '/api/v1/cfssl/authsign')
         response = self.session.post(url, data=data.encode(encoding='utf_8', errors='strict'))
         if response.status_code > 399:
             metrics.send('cfssl_create_certificate_failure', 'counter', 1)

From 254a3079f2ceb7408b42d3ec9626cbf69d4abb7e Mon Sep 17 00:00:00 2001
From: alwaysjolley <chris@alwaysjolley.com>
Date: Tue, 29 Jan 2019 11:01:55 -0500
Subject: [PATCH 3/4] fix whitespace

---
 lemur/plugins/lemur_cfssl/plugin.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lemur/plugins/lemur_cfssl/plugin.py b/lemur/plugins/lemur_cfssl/plugin.py
index ead633bc..d2abc2aa 100644
--- a/lemur/plugins/lemur_cfssl/plugin.py
+++ b/lemur/plugins/lemur_cfssl/plugin.py
@@ -53,14 +53,14 @@ class CfsslIssuerPlugin(IssuerPlugin):
 
         try:
             hex_key = current_app.config.get('CFSSL_KEY')
-            key=bytes.fromhex(hex_key)
+            key = bytes.fromhex(hex_key)
         except:
             #unable to find CFSSL_KEY in config, continue using normal sign method
             pass
         else:
-            data=data.encode()
+            data = data.encode()
 
-            token = base64.b64encode(hmac.new(key,data,digestmod=hashlib.sha256).digest())
+            token = base64.b64encode(hmac.new(key, data, digestmod=hashlib.sha256).digest())
             data = base64.b64encode(data)
 
             data = json.dumps({'token': token.decode('utf-8'), 'request': data.decode('utf-8')})

From c68a9cf80acd651ad18fe48a6c7d0e0a43ef7f29 Mon Sep 17 00:00:00 2001
From: alwaysjolley <chris@alwaysjolley.com>
Date: Tue, 29 Jan 2019 11:10:56 -0500
Subject: [PATCH 4/4] fixing linting issues

---
 lemur/plugins/lemur_cfssl/plugin.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lemur/plugins/lemur_cfssl/plugin.py b/lemur/plugins/lemur_cfssl/plugin.py
index d2abc2aa..4bfefc85 100644
--- a/lemur/plugins/lemur_cfssl/plugin.py
+++ b/lemur/plugins/lemur_cfssl/plugin.py
@@ -54,8 +54,8 @@ class CfsslIssuerPlugin(IssuerPlugin):
         try:
             hex_key = current_app.config.get('CFSSL_KEY')
             key = bytes.fromhex(hex_key)
-        except:
-            #unable to find CFSSL_KEY in config, continue using normal sign method
+        except (ValueError, NameError):
+            # unable to find CFSSL_KEY in config, continue using normal sign method
             pass
         else:
             data = data.encode()