Merge pull request #3155 from charhate/key_type_column

Use key_type column for cert get/rotate/reissue/display
This commit is contained in:
charhate 2020-09-25 13:01:40 -07:00 committed by GitHub
commit 1e75cf4ab5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 20 additions and 2 deletions

View File

@ -235,6 +235,7 @@ class Certificate(db.Model):
self.replaces = kwargs.get("replaces", []) self.replaces = kwargs.get("replaces", [])
self.rotation = kwargs.get("rotation") self.rotation = kwargs.get("rotation")
self.rotation_policy = kwargs.get("rotation_policy") self.rotation_policy = kwargs.get("rotation_policy")
self.key_type = kwargs.get("key_type")
self.signing_algorithm = defaults.signing_algorithm(cert) self.signing_algorithm = defaults.signing_algorithm(cert)
self.bits = defaults.bitstrength(cert) self.bits = defaults.bitstrength(cert)
self.external_id = kwargs.get("external_id") self.external_id = kwargs.get("external_id")

View File

@ -155,6 +155,14 @@ class CertificateInputSchema(CertificateCreationSchema):
key_type = cert_utils.get_key_type_from_csr(data["csr"]) key_type = cert_utils.get_key_type_from_csr(data["csr"])
if key_type: if key_type:
data["key_type"] = key_type data["key_type"] = key_type
# This code will be exercised for certificate import (without CSR)
if data.get("key_type") is None:
if data.get("body"):
data["key_type"] = utils.get_key_type_from_certificate(data["body"])
else:
data["key_type"] = "RSA2048" # default value
return missing.convert_validity_years(data) return missing.convert_validity_years(data)
@ -277,6 +285,7 @@ class CertificateOutputSchema(LemurOutputSchema):
serial = fields.String() serial = fields.String()
serial_hex = Hex(attribute="serial") serial_hex = Hex(attribute="serial")
signing_algorithm = fields.String() signing_algorithm = fields.String()
key_type = fields.String(allow_none=True)
status = fields.String() status = fields.String()
user = fields.Nested(UserNestedOutputSchema) user = fields.Nested(UserNestedOutputSchema)

View File

@ -251,10 +251,13 @@ angular.module('lemur')
$scope.certificate.csr = null; // should not clone CSR in case other settings are changed in clone $scope.certificate.csr = null; // should not clone CSR in case other settings are changed in clone
$scope.certificate.validityStart = null; $scope.certificate.validityStart = null;
$scope.certificate.validityEnd = null; $scope.certificate.validityEnd = null;
$scope.certificate.keyType = 'RSA2048'; // default algo to show during clone
$scope.certificate.description = 'Cloning from cert ID ' + editId; $scope.certificate.description = 'Cloning from cert ID ' + editId;
$scope.certificate.replacedBy = []; // should not clone 'replaced by' info $scope.certificate.replacedBy = []; // should not clone 'replaced by' info
$scope.certificate.removeReplaces(); // should not clone 'replacement cert' info $scope.certificate.removeReplaces(); // should not clone 'replacement cert' info
if(!$scope.certificate.keyType) {
$scope.certificate.keyType = 'RSA2048'; // default algo to select during clone if backend did not return algo
}
CertificateService.getDefaults($scope.certificate); CertificateService.getDefaults($scope.certificate);
}); });

View File

@ -111,6 +111,8 @@
<div class="list-group-item"> <div class="list-group-item">
<dt>Key Length</dt> <dt>Key Length</dt>
<dd>{{ certificate.bits }}</dd> <dd>{{ certificate.bits }}</dd>
<dt>Key Type</dt>
<dd>{{ certificate.keyType }}</dd>
<dt>Signing Algorithm</dt> <dt>Signing Algorithm</dt>
<dd>{{ certificate.signingAlgorithm }}</dd> <dd>{{ certificate.signingAlgorithm }}</dd>
</div> </div>

View File

@ -61,7 +61,8 @@ LEMUR_ALLOW_WEEKEND_EXPIRATION = False
# Database # Database
# modify this if you are not using a local database # modify this if you are not using a local database. Do not use any development or production DBs,
# as Unit Tests drop the whole schema, recreate and again drop everything at the end
SQLALCHEMY_DATABASE_URI = os.getenv( SQLALCHEMY_DATABASE_URI = os.getenv(
"SQLALCHEMY_DATABASE_URI", "postgresql://lemur:lemur@localhost:5432/lemur" "SQLALCHEMY_DATABASE_URI", "postgresql://lemur:lemur@localhost:5432/lemur"
) )

View File

@ -155,6 +155,7 @@ def test_get_certificate_primitives(certificate):
with freeze_time(datetime.date(year=2016, month=10, day=30)): with freeze_time(datetime.date(year=2016, month=10, day=30)):
primitives = get_certificate_primitives(certificate) primitives = get_certificate_primitives(certificate)
assert len(primitives) == 26 assert len(primitives) == 26
assert (primitives["key_type"] == "RSA2048")
def test_certificate_output_schema(session, certificate, issuer_plugin): def test_certificate_output_schema(session, certificate, issuer_plugin):
@ -759,6 +760,7 @@ def test_reissue_certificate(
certificate.authority = crypto_authority certificate.authority = crypto_authority
new_cert = reissue_certificate(certificate) new_cert = reissue_certificate(certificate)
assert new_cert assert new_cert
assert (new_cert.key_type == "RSA2048")
def test_create_csr(): def test_create_csr():