From cd13832377f295717bab16333e21e8e0a48ac462 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Wed, 23 Sep 2020 15:16:19 -0700
Subject: [PATCH 1/3] Use key_type column for cert get/rotate/reissue/display
 Added unit tests

---
 lemur/certificates/models.py                             | 1 +
 lemur/certificates/schemas.py                            | 9 +++++++++
 .../app/angular/certificates/certificate/certificate.js  | 5 ++++-
 lemur/static/app/angular/certificates/view/view.tpl.html | 2 ++
 lemur/tests/conf.py                                      | 3 ++-
 lemur/tests/test_certificates.py                         | 2 ++
 6 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py
index f71d2199..60442de2 100644
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@@ -235,6 +235,7 @@ class Certificate(db.Model):
         self.replaces = kwargs.get("replaces", [])
         self.rotation = kwargs.get("rotation")
         self.rotation_policy = kwargs.get("rotation_policy")
+        self.key_type = kwargs.get("key_type")
         self.signing_algorithm = defaults.signing_algorithm(cert)
         self.bits = defaults.bitstrength(cert)
         self.external_id = kwargs.get("external_id")
diff --git a/lemur/certificates/schemas.py b/lemur/certificates/schemas.py
index 56c91196..ac7add38 100644
--- a/lemur/certificates/schemas.py
+++ b/lemur/certificates/schemas.py
@@ -155,6 +155,14 @@ class CertificateInputSchema(CertificateCreationSchema):
             key_type = cert_utils.get_key_type_from_csr(data["csr"])
             if key_type:
                 data["key_type"] = key_type
+
+        # This code will be exercised for certificate import (without CSR)
+        if data.get("key_type") is None:
+            if data.get("body"):
+                data["key_type"] = utils.get_key_type_from_certificate(data["body"])
+            else:
+                data["key_type"] = "RSA2048"  # default value
+
         return missing.convert_validity_years(data)
 
 
@@ -277,6 +285,7 @@ class CertificateOutputSchema(LemurOutputSchema):
     serial = fields.String()
     serial_hex = Hex(attribute="serial")
     signing_algorithm = fields.String()
+    key_type = fields.String(allow_none=True)
 
     status = fields.String()
     user = fields.Nested(UserNestedOutputSchema)
diff --git a/lemur/static/app/angular/certificates/certificate/certificate.js b/lemur/static/app/angular/certificates/certificate/certificate.js
index 6b275328..d332e0b0 100644
--- a/lemur/static/app/angular/certificates/certificate/certificate.js
+++ b/lemur/static/app/angular/certificates/certificate/certificate.js
@@ -251,10 +251,13 @@ angular.module('lemur')
     $scope.certificate.csr = null;  // should not clone CSR in case other settings are changed in clone
     $scope.certificate.validityStart = null;
     $scope.certificate.validityEnd = null;
-    $scope.certificate.keyType = 'RSA2048'; // default algo to show during clone
     $scope.certificate.description = 'Cloning from cert ID ' + editId;
     $scope.certificate.replacedBy = []; // should not clone 'replaced by' info
     $scope.certificate.removeReplaces(); // should not clone 'replacement cert' info
+
+    if(!$scope.certificate.keyType) {
+      $scope.certificate.keyType = 'RSA2048'; // default algo to show during clone if backend did not return algo
+    }
     CertificateService.getDefaults($scope.certificate);
   });
 
diff --git a/lemur/static/app/angular/certificates/view/view.tpl.html b/lemur/static/app/angular/certificates/view/view.tpl.html
index 7b0919f8..06c4d860 100644
--- a/lemur/static/app/angular/certificates/view/view.tpl.html
+++ b/lemur/static/app/angular/certificates/view/view.tpl.html
@@ -111,6 +111,8 @@
                     <div class="list-group-item">
                       <dt>Key Length</dt>
                       <dd>{{ certificate.bits }}</dd>
+                      <dt>Key Type</dt>
+                      <dd>{{ certificate.keyType }}</dd>
                       <dt>Signing Algorithm</dt>
                       <dd>{{ certificate.signingAlgorithm }}</dd>
                     </div>
diff --git a/lemur/tests/conf.py b/lemur/tests/conf.py
index af0c09ce..b3df73bf 100644
--- a/lemur/tests/conf.py
+++ b/lemur/tests/conf.py
@@ -52,7 +52,8 @@ LEMUR_ALLOW_WEEKEND_EXPIRATION = False
 
 # Database
 
-# modify this if you are not using a local database
+# modify this if you are not using a local database. Please do not use any DB used for development or production purpose
+# Please note that Unit Tests drop the whole schema, recreate and again drop everything at the end
 SQLALCHEMY_DATABASE_URI = os.getenv(
     "SQLALCHEMY_DATABASE_URI", "postgresql://lemur:lemur@localhost:5432/lemur"
 )
diff --git a/lemur/tests/test_certificates.py b/lemur/tests/test_certificates.py
index 41584cb3..212ac9d9 100644
--- a/lemur/tests/test_certificates.py
+++ b/lemur/tests/test_certificates.py
@@ -155,6 +155,7 @@ def test_get_certificate_primitives(certificate):
     with freeze_time(datetime.date(year=2016, month=10, day=30)):
         primitives = get_certificate_primitives(certificate)
         assert len(primitives) == 26
+        assert (primitives["key_type"] == "RSA2048")
 
 
 def test_certificate_output_schema(session, certificate, issuer_plugin):
@@ -759,6 +760,7 @@ def test_reissue_certificate(
     certificate.authority = crypto_authority
     new_cert = reissue_certificate(certificate)
     assert new_cert
+    assert (new_cert.key_type == "RSA2048")
 
 
 def test_create_csr():

From e871c5eb1808c0ff4bf6aaded6d4435e1a8d31df Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Fri, 25 Sep 2020 12:30:37 -0700
Subject: [PATCH 2/3] Update conf.py

---
 lemur/tests/conf.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lemur/tests/conf.py b/lemur/tests/conf.py
index c314c8bc..df0be16c 100644
--- a/lemur/tests/conf.py
+++ b/lemur/tests/conf.py
@@ -61,8 +61,8 @@ LEMUR_ALLOW_WEEKEND_EXPIRATION = False
 
 # Database
 
-# modify this if you are not using a local database. Please do not use any DB used for development or production purpose
-# Please note that Unit Tests drop the whole schema, recreate and again drop everything at the end
+# modify this if you are not using a local database. Do not use any development or production DBs,
+# as Unit Tests drop the whole schema, recreate and again drop everything at the end
 SQLALCHEMY_DATABASE_URI = os.getenv(
     "SQLALCHEMY_DATABASE_URI", "postgresql://lemur:lemur@localhost:5432/lemur"
 )

From d49edd886b80fde9105fb136e48ff462c040c110 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Fri, 25 Sep 2020 12:32:33 -0700
Subject: [PATCH 3/3] language

---
 .../static/app/angular/certificates/certificate/certificate.js  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/static/app/angular/certificates/certificate/certificate.js b/lemur/static/app/angular/certificates/certificate/certificate.js
index d332e0b0..9fadb655 100644
--- a/lemur/static/app/angular/certificates/certificate/certificate.js
+++ b/lemur/static/app/angular/certificates/certificate/certificate.js
@@ -256,7 +256,7 @@ angular.module('lemur')
     $scope.certificate.removeReplaces(); // should not clone 'replacement cert' info
 
     if(!$scope.certificate.keyType) {
-      $scope.certificate.keyType = 'RSA2048'; // default algo to show during clone if backend did not return algo
+      $scope.certificate.keyType = 'RSA2048'; // default algo to select during clone if backend did not return algo
     }
     CertificateService.getDefaults($scope.certificate);
   });