diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py index f71d2199..60442de2 100644 --- a/lemur/certificates/models.py +++ b/lemur/certificates/models.py @@ -235,6 +235,7 @@ class Certificate(db.Model): self.replaces = kwargs.get("replaces", []) self.rotation = kwargs.get("rotation") self.rotation_policy = kwargs.get("rotation_policy") + self.key_type = kwargs.get("key_type") self.signing_algorithm = defaults.signing_algorithm(cert) self.bits = defaults.bitstrength(cert) self.external_id = kwargs.get("external_id") diff --git a/lemur/certificates/schemas.py b/lemur/certificates/schemas.py index 56c91196..ac7add38 100644 --- a/lemur/certificates/schemas.py +++ b/lemur/certificates/schemas.py @@ -155,6 +155,14 @@ class CertificateInputSchema(CertificateCreationSchema): key_type = cert_utils.get_key_type_from_csr(data["csr"]) if key_type: data["key_type"] = key_type + + # This code will be exercised for certificate import (without CSR) + if data.get("key_type") is None: + if data.get("body"): + data["key_type"] = utils.get_key_type_from_certificate(data["body"]) + else: + data["key_type"] = "RSA2048" # default value + return missing.convert_validity_years(data) @@ -277,6 +285,7 @@ class CertificateOutputSchema(LemurOutputSchema): serial = fields.String() serial_hex = Hex(attribute="serial") signing_algorithm = fields.String() + key_type = fields.String(allow_none=True) status = fields.String() user = fields.Nested(UserNestedOutputSchema) diff --git a/lemur/static/app/angular/certificates/certificate/certificate.js b/lemur/static/app/angular/certificates/certificate/certificate.js index 6b275328..9fadb655 100644 --- a/lemur/static/app/angular/certificates/certificate/certificate.js +++ b/lemur/static/app/angular/certificates/certificate/certificate.js @@ -251,10 +251,13 @@ angular.module('lemur') $scope.certificate.csr = null; // should not clone CSR in case other settings are changed in clone $scope.certificate.validityStart = null; $scope.certificate.validityEnd = null; - $scope.certificate.keyType = 'RSA2048'; // default algo to show during clone $scope.certificate.description = 'Cloning from cert ID ' + editId; $scope.certificate.replacedBy = []; // should not clone 'replaced by' info $scope.certificate.removeReplaces(); // should not clone 'replacement cert' info + + if(!$scope.certificate.keyType) { + $scope.certificate.keyType = 'RSA2048'; // default algo to select during clone if backend did not return algo + } CertificateService.getDefaults($scope.certificate); }); diff --git a/lemur/static/app/angular/certificates/view/view.tpl.html b/lemur/static/app/angular/certificates/view/view.tpl.html index 7b0919f8..06c4d860 100644 --- a/lemur/static/app/angular/certificates/view/view.tpl.html +++ b/lemur/static/app/angular/certificates/view/view.tpl.html @@ -111,6 +111,8 @@
Key Length
{{ certificate.bits }}
+
Key Type
+
{{ certificate.keyType }}
Signing Algorithm
{{ certificate.signingAlgorithm }}
diff --git a/lemur/tests/conf.py b/lemur/tests/conf.py index bf033421..df0be16c 100644 --- a/lemur/tests/conf.py +++ b/lemur/tests/conf.py @@ -61,7 +61,8 @@ LEMUR_ALLOW_WEEKEND_EXPIRATION = False # Database -# modify this if you are not using a local database +# modify this if you are not using a local database. Do not use any development or production DBs, +# as Unit Tests drop the whole schema, recreate and again drop everything at the end SQLALCHEMY_DATABASE_URI = os.getenv( "SQLALCHEMY_DATABASE_URI", "postgresql://lemur:lemur@localhost:5432/lemur" ) diff --git a/lemur/tests/test_certificates.py b/lemur/tests/test_certificates.py index 41584cb3..212ac9d9 100644 --- a/lemur/tests/test_certificates.py +++ b/lemur/tests/test_certificates.py @@ -155,6 +155,7 @@ def test_get_certificate_primitives(certificate): with freeze_time(datetime.date(year=2016, month=10, day=30)): primitives = get_certificate_primitives(certificate) assert len(primitives) == 26 + assert (primitives["key_type"] == "RSA2048") def test_certificate_output_schema(session, certificate, issuer_plugin): @@ -759,6 +760,7 @@ def test_reissue_certificate( certificate.authority = crypto_authority new_cert = reissue_certificate(certificate) assert new_cert + assert (new_cert.key_type == "RSA2048") def test_create_csr():