Merge branch 'master' into password_noninteractive
This commit is contained in:
commit
1e708bf1c7
|
@ -227,6 +227,10 @@ class Certificate(db.Model):
|
||||||
def location(self):
|
def location(self):
|
||||||
return defaults.location(self.parsed_cert)
|
return defaults.location(self.parsed_cert)
|
||||||
|
|
||||||
|
@property
|
||||||
|
def distinguished_name(self):
|
||||||
|
return self.parsed_cert.subject.rfc4514_string()
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def key_type(self):
|
def key_type(self):
|
||||||
if isinstance(self.parsed_cert.public_key(), rsa.RSAPublicKey):
|
if isinstance(self.parsed_cert.public_key(), rsa.RSAPublicKey):
|
||||||
|
|
|
@ -206,6 +206,7 @@ class CertificateOutputSchema(LemurOutputSchema):
|
||||||
|
|
||||||
cn = fields.String()
|
cn = fields.String()
|
||||||
common_name = fields.String(attribute='cn')
|
common_name = fields.String(attribute='cn')
|
||||||
|
distinguished_name = fields.String()
|
||||||
|
|
||||||
not_after = fields.DateTime()
|
not_after = fields.DateTime()
|
||||||
validity_end = ArrowDateTime(attribute='not_after')
|
validity_end = ArrowDateTime(attribute='not_after')
|
||||||
|
|
|
@ -10,6 +10,9 @@
|
||||||
|
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
|
import base64
|
||||||
|
import hmac
|
||||||
|
import hashlib
|
||||||
|
|
||||||
from flask import current_app
|
from flask import current_app
|
||||||
|
|
||||||
|
@ -48,6 +51,21 @@ class CfsslIssuerPlugin(IssuerPlugin):
|
||||||
data = {'certificate_request': csr}
|
data = {'certificate_request': csr}
|
||||||
data = json.dumps(data)
|
data = json.dumps(data)
|
||||||
|
|
||||||
|
try:
|
||||||
|
hex_key = current_app.config.get('CFSSL_KEY')
|
||||||
|
key = bytes.fromhex(hex_key)
|
||||||
|
except (ValueError, NameError):
|
||||||
|
# unable to find CFSSL_KEY in config, continue using normal sign method
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
data = data.encode()
|
||||||
|
|
||||||
|
token = base64.b64encode(hmac.new(key, data, digestmod=hashlib.sha256).digest())
|
||||||
|
data = base64.b64encode(data)
|
||||||
|
|
||||||
|
data = json.dumps({'token': token.decode('utf-8'), 'request': data.decode('utf-8')})
|
||||||
|
|
||||||
|
url = "{0}{1}".format(current_app.config.get('CFSSL_URL'), '/api/v1/cfssl/authsign')
|
||||||
response = self.session.post(url, data=data.encode(encoding='utf_8', errors='strict'))
|
response = self.session.post(url, data=data.encode(encoding='utf_8', errors='strict'))
|
||||||
if response.status_code > 399:
|
if response.status_code > 399:
|
||||||
metrics.send('cfssl_create_certificate_failure', 'counter', 1)
|
metrics.send('cfssl_create_certificate_failure', 'counter', 1)
|
||||||
|
|
|
@ -83,6 +83,8 @@
|
||||||
</div>
|
</div>
|
||||||
<!-- Certificate fields -->
|
<!-- Certificate fields -->
|
||||||
<div class="list-group-item">
|
<div class="list-group-item">
|
||||||
|
<dt>Distinguished Name</dt>
|
||||||
|
<dd>{{ certificate.distinguishedName }}</dd>
|
||||||
<dt>Certificate Authority</dt>
|
<dt>Certificate Authority</dt>
|
||||||
<dd>{{ certificate.authority ? certificate.authority.name : "Imported" }} <span class="text-muted">({{ certificate.issuer }})</span></dd>
|
<dd>{{ certificate.authority ? certificate.authority.name : "Imported" }} <span class="text-muted">({{ certificate.issuer }})</span></dd>
|
||||||
<dt>Serial</dt>
|
<dt>Serial</dt>
|
||||||
|
|
|
@ -619,6 +619,12 @@ def test_certificate_get_body(client):
|
||||||
response_body = client.get(api.url_for(Certificates, certificate_id=1), headers=VALID_USER_HEADER_TOKEN).json
|
response_body = client.get(api.url_for(Certificates, certificate_id=1), headers=VALID_USER_HEADER_TOKEN).json
|
||||||
assert response_body['serial'] == '211983098819107449768450703123665283596'
|
assert response_body['serial'] == '211983098819107449768450703123665283596'
|
||||||
assert response_body['serialHex'] == '9F7A75B39DAE4C3F9524C68B06DA6A0C'
|
assert response_body['serialHex'] == '9F7A75B39DAE4C3F9524C68B06DA6A0C'
|
||||||
|
assert response_body['distinguishedName'] == ('CN=LemurTrust Unittests Class 1 CA 2018,'
|
||||||
|
'O=LemurTrust Enterprises Ltd,'
|
||||||
|
'OU=Unittesting Operations Center,'
|
||||||
|
'C=EE,'
|
||||||
|
'ST=N/A,'
|
||||||
|
'L=Earth')
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize("token,status", [
|
@pytest.mark.parametrize("token,status", [
|
||||||
|
|
Loading…
Reference in New Issue