From 03e2991ced00a3dfdf0d39f1b94f3abee7e7efef Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Sat, 29 Aug 2015 11:48:39 -0700
Subject: [PATCH 01/21] Closes #57

---
 lemur/certificates/service.py                            | 4 ++++
 lemur/certificates/views.py                              | 4 +++-
 .../app/angular/certificates/certificate/upload.tpl.html | 9 +++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py
index 8a1e20fa..1eb82b7b 100644
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@@ -168,6 +168,10 @@ def upload(**kwargs):
         kwargs.get('intermediate_cert'),
     )
 
+    # we override the generated name if one is provided
+    if kwargs.get('name'):
+        cert.name = kwargs['name']
+
     cert.description = kwargs.get('description')
 
     cert.owner = kwargs['owner']
diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py
index b6cb597d..4643dedc 100644
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@@ -332,7 +332,8 @@ class CertificatesUpload(AuthenticatedResource):
                  "intermediateCert": "---Begin Public...",
                  "privateKey": "---Begin Private..."
                  "destinations": [],
-                 "notifications": []
+                 "notifications": [],
+                 "name": "cert1"
               }
 
            **Example response**:
@@ -373,6 +374,7 @@ class CertificatesUpload(AuthenticatedResource):
         """
         self.reqparse.add_argument('description', type=str, location='json')
         self.reqparse.add_argument('owner', type=str, required=True, location='json')
+        self.reqparse.add_argument('name', type=str, location='json')
         self.reqparse.add_argument('publicCert', type=pem_str, required=True, dest='public_cert', location='json')
         self.reqparse.add_argument('destinations', type=list, default=[], dest='destinations', location='json')
         self.reqparse.add_argument('notifications', type=list, default=[], dest='notifications', location='json')
diff --git a/lemur/static/app/angular/certificates/certificate/upload.tpl.html b/lemur/static/app/angular/certificates/certificate/upload.tpl.html
index 6ba63232..928e923e 100644
--- a/lemur/static/app/angular/certificates/certificate/upload.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/upload.tpl.html
@@ -18,6 +18,15 @@
                         email.</p>
                 </div>
             </div>
+            <div class="form-group"
+                 ng-class="{'has-error': uploadForm.name.$invalid, 'has-success': !uploadForm.name.$invalid&&uploadForm.name.$dirty}">
+                <label class="control-label col-sm-2" tooltip="If no name is provided, Lemur will generate a name for you">
+                    Custom Name <span class="glyphicon glyphicon-question-sign"></span>
+                </label>
+                <div class="col-sm-10">
+                    <input name="name" ng-model="certificate.name" placeholder="example.netflix.net-SymantecCorporation-20150828-20160830" class="form-control"/>
+                </div>
+            </div>
             <div class="form-group"
                  ng-class="{'has-error': uploadForm.description.$invalid, 'has-success': !uploadForm.$invalid&&uploadForm.description.$dirty}">
                 <label class="control-label col-sm-2">

From f492e9ec1b9a99c43755c68dd2d4f0faf731242f Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Sat, 29 Aug 2015 11:53:46 -0700
Subject: [PATCH 02/21] Closes #55

---
 lemur/certificates/views.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py
index b6cb597d..fb8b70d5 100644
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@@ -572,7 +572,8 @@ class Certificates(AuthenticatedResource):
 
         cert = service.get(certificate_id)
         role = role_service.get_by_name(cert.owner)
-        permission = UpdateCertificatePermission(certificate_id, role.name)
+
+        permission = UpdateCertificatePermission(certificate_id, getattr(role, 'name', None))
 
         if permission.can():
             return service.update(

From a484a6e24d52dce39a8c46c4c4dc29028995293a Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Sat, 29 Aug 2015 13:07:30 -0700
Subject: [PATCH 03/21] Closes #53

---
 lemur/certificates/service.py | 18 ++++++++++++++++--
 lemur/certificates/views.py   |  4 +++-
 lemur/notifications/views.py  | 30 ++++++++++++++++++++++++++++++
 3 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py
index 1eb82b7b..081ea733 100644
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@@ -85,14 +85,28 @@ def update(cert_id, owner, description, active, destinations, notifications):
     :param active:
     :return:
     """
+    from lemur.notifications import service as notification_service
     cert = get(cert_id)
-    cert.owner = owner
     cert.active = active
     cert.description = description
 
-    database.update_list(cert, 'notifications', Notification, notifications)
+    # we might have to create new notifications if the owner changes
+    new_notifications = []
+    # get existing names to remove
+    notification_name = "DEFAULT_{0}".format(cert.owner.split('@')[0].upper())
+    for n in notifications:
+        if notification_name not in n.label:
+            new_notifications.append(n)
+
+    notification_name = "DEFAULT_{0}".format(owner.split('@')[0].upper())
+    new_notifications += notification_service.create_default_expiration_notifications(notification_name, owner)
+
+    cert.notifications = new_notifications
+
     database.update_list(cert, 'destinations', Destination, destinations)
 
+    cert.owner = owner
+
     return database.update(cert)
 
 
diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py
index 063f6dfb..834fdff7 100644
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@@ -24,6 +24,8 @@ from lemur.roles import service as role_service
 
 from lemur.common.utils import marshal_items, paginated_parser
 
+from lemur.notifications.views import notification_list
+
 
 mod = Blueprint('certificates', __name__)
 api = Api(mod)
@@ -569,7 +571,7 @@ class Certificates(AuthenticatedResource):
         self.reqparse.add_argument('owner', type=str, location='json')
         self.reqparse.add_argument('description', type=str, location='json')
         self.reqparse.add_argument('destinations', type=list, default=[], location='json')
-        self.reqparse.add_argument('notifications', type=list, default=[], location='json')
+        self.reqparse.add_argument('notifications', type=notification_list, default=[], location='json')
         args = self.reqparse.parse_args()
 
         cert = service.get(certificate_id)
diff --git a/lemur/notifications/views.py b/lemur/notifications/views.py
index 82bb3b86..5366c716 100644
--- a/lemur/notifications/views.py
+++ b/lemur/notifications/views.py
@@ -28,6 +28,36 @@ FIELDS = {
 }
 
 
+def notification(value, name):
+    """
+    Validates a given notification exits
+    :param value:
+    :param name:
+    :return:
+    """
+    n = service.get(value)
+    if not n:
+        raise ValueError("Unable to find notification specified")
+    return n
+
+
+def notification_list(value, name):
+    """
+    Validates a given notification exists and returns a list
+    :param value:
+    :param name:
+    :return:
+    """
+    notifications = []
+    for v in value:
+        try:
+            notifications.append(notification(v['id'], 'id'))
+        except ValueError:
+            pass
+
+    return notifications
+
+
 class NotificationsList(AuthenticatedResource):
     """ Defines the 'notifications' endpoint """
     def __init__(self):

From df9b3455414bc0370f94ee71ba2e3de1deef726d Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Sat, 29 Aug 2015 13:20:17 -0700
Subject: [PATCH 04/21] Adding a better error message for really long common
 names Fixes #38

---
 lemur/plugins/lemur_cloudca/plugin.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_cloudca/plugin.py b/lemur/plugins/lemur_cloudca/plugin.py
index 2d26666a..14a4cb8f 100644
--- a/lemur/plugins/lemur_cloudca/plugin.py
+++ b/lemur/plugins/lemur_cloudca/plugin.py
@@ -7,6 +7,7 @@
 .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
 
 """
+import re
 import ssl
 import base64
 from json import dumps
@@ -297,7 +298,7 @@ class CloudCAIssuerPlugin(IssuerPlugin, CloudCA):
             'ownerEmail': options['owner'],
             'caName': options['authority'].name,
             'csr': csr,
-            'comment': options['description']
+            'comment': re.sub(r'^[\w\-\s]+$', '', options['description'])
         }
 
         response = self.post(endpoint, remove_none(cloudca_options))

From 7471984ecfd4a25387f096f0cbd5fc687da86a74 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Sat, 29 Aug 2015 13:49:08 -0700
Subject: [PATCH 05/21] removing silly description validation from lemur and
 enforcing it on the cloudca plugin (who actually cares)

---
 lemur/plugins/lemur_cloudca/plugin.py                     | 3 ++-
 .../app/angular/authorities/authority/tracking.tpl.html   | 8 ++++----
 .../angular/certificates/certificate/tracking.tpl.html    | 8 ++++----
 .../app/angular/certificates/certificate/upload.tpl.html  | 4 ++--
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/lemur/plugins/lemur_cloudca/plugin.py b/lemur/plugins/lemur_cloudca/plugin.py
index 14a4cb8f..2cf35b75 100644
--- a/lemur/plugins/lemur_cloudca/plugin.py
+++ b/lemur/plugins/lemur_cloudca/plugin.py
@@ -246,6 +246,7 @@ class CloudCAIssuerPlugin(IssuerPlugin, CloudCA):
 
         options['validityStart'] = convert_date_to_utc_time(options['validityStart']).isoformat()
         options['validityEnd'] = convert_date_to_utc_time(options['validityEnd']).isoformat()
+        options['description'] = re.sub(r'[^a-zA-Z0-9]', '', options['caDescription'])
 
         try:
             response = self.session.post(self.url + endpoint, data=dumps(remove_none(options)), timeout=10,
@@ -298,7 +299,7 @@ class CloudCAIssuerPlugin(IssuerPlugin, CloudCA):
             'ownerEmail': options['owner'],
             'caName': options['authority'].name,
             'csr': csr,
-            'comment': re.sub(r'^[\w\-\s]+$', '', options['description'])
+            'comment': re.sub(r'[^a-zA-Z0-9]', '', options['description'])
         }
 
         response = self.post(endpoint, remove_none(cloudca_options))
diff --git a/lemur/static/app/angular/authorities/authority/tracking.tpl.html b/lemur/static/app/angular/authorities/authority/tracking.tpl.html
index 5d9e9b58..a2d0def6 100644
--- a/lemur/static/app/angular/authorities/authority/tracking.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/tracking.tpl.html
@@ -26,8 +26,8 @@
         Description
       </label>
       <div class="col-sm-10">
-        <textarea name="caDescription" ng-model="authority.caDescription" placeholder="Something elegant" class="form-control" ng-maxlength="250" ng-pattern="/^[\w\-\s]+$/" required></textarea>
-        <p ng-show="trackingForm.caDescription.$invalid && !trackingForm.caDescription.$pristine" class="help-block">You must give a short description about this authority will be used for, it should contain only alphanumeric characters</p>
+        <textarea name="caDescription" ng-model="authority.caDescription" placeholder="Something elegant" class="form-control" ng-maxlength="250" required></textarea>
+        <p ng-show="trackingForm.caDescription.$invalid && !trackingForm.caDescription.$pristine" class="help-block">You must give a short description about this authority will be used for</p>
       </div>
     </div>
     <div class="form-group"
@@ -36,8 +36,8 @@
         Common Name
       </label>
       <div class="col-sm-10">
-        <input name="commonName" ng-model="authority.caDN.commonName" placeholder="Common Name" class="form-control" required/>
-        <p ng-show="trackingForm.commonName.$invalid && !trackingForm.commonName.$pristine" class="help-block">You must enter a common name</p>
+        <input name="commonName" ng-model="authority.caDN.commonName" placeholder="Common Name" class="form-control" ng-maxlength="64" required/>
+        <p ng-show="trackingForm.commonName.$invalid && !trackingForm.commonName.$pristine" class="help-block">You must enter a common name and it must be less than 64 characters in length</p>
       </div>
     </div>
     <div class="form-group"
diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
index e28a17e7..94fe81d9 100644
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@@ -16,8 +16,8 @@
                 Description
             </label>
             <div class="col-sm-10">
-                <textarea name="description" ng-model="certificate.description" placeholder="Something elegant" class="form-control" ng-pattern="/^[\w\-\s]+$/" required></textarea>
-                <p ng-show="trackingForm.description.$invalid && !trackingForm.description.$pristine" class="help-block">You must give a short description about this authority will be used for, this description should only include alphanumeric characters</p>
+                <textarea name="description" ng-model="certificate.description" placeholder="Something elegant" class="form-control" required></textarea>
+                <p ng-show="trackingForm.description.$invalid && !trackingForm.description.$pristine" class="help-block">You must give a short description about this authority will be used for.</p>
             </div>
         </div>
         <div class="form-group"
@@ -47,8 +47,8 @@
                 Common Name
             </label>
             <div class="col-sm-10">
-                <input name="commonName" tooltip="If you need a certificate with multiple domains enter your primary domain here and the rest under 'Subject Alternate Names' in the next few panels" ng-model="certificate.commonName" placeholder="Common Name" class="form-control" required/>
-                <p ng-show="trackingForm.commonName.$invalid && !trackingForm.commonName.$pristine" class="help-block">You must enter a common name</p>
+                <input name="commonName" tooltip="If you need a certificate with multiple domains enter your primary domain here and the rest under 'Subject Alternate Names' in the next few panels" ng-model="certificate.commonName" placeholder="Common Name" class="form-control" ng-maxlength="64" required/>
+                <p ng-show="trackingForm.commonName.$invalid && !trackingForm.commonName.$pristine" class="help-block">You must enter a common name and it must be less than 64 characters</p>
             </div>
         </div>
         <div class="form-group">
diff --git a/lemur/static/app/angular/certificates/certificate/upload.tpl.html b/lemur/static/app/angular/certificates/certificate/upload.tpl.html
index 928e923e..55dc850f 100644
--- a/lemur/static/app/angular/certificates/certificate/upload.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/upload.tpl.html
@@ -33,8 +33,8 @@
                     Description
                 </label>
                 <div class="col-sm-10">
-                    <textarea name="description" ng-model="certificate.description" placeholder="Something elegant" class="form-control" ng-pattern="/^[\w\-\s]+$/" required></textarea>
-                    <p ng-show="uploadForm.description.$invalid && !uploadForm.description.$pristine" class="help-block">You must give a short description about this authority will be used for, this description should only include alphanumeric characters</p>
+                    <textarea name="description" ng-model="certificate.description" placeholder="Something elegant" class="form-control" required></textarea>
+                    <p ng-show="uploadForm.description.$invalid && !uploadForm.description.$pristine" class="help-block">You must give a short description about this authority will be used for.</p>
                 </div>
             </div>
             <div class="form-group"

From 46a5355377dd3069de46b58ca22598cffd58d53c Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Tue, 1 Sep 2015 14:05:32 -0700
Subject: [PATCH 06/21] Allows authorities to have editable owners and
 descriptions

---
 lemur/authorities/service.py                  |  5 +++-
 lemur/authorities/views.py                    | 25 +++++++++++++------
 .../{authorityEdit.tpl.html => edit.tpl.html} | 25 ++++++++++++++++++-
 .../app/angular/authorities/view/view.js      | 21 +++++++++++++++-
 .../angular/authorities/view/view.tpl.html    |  2 +-
 lemur/static/app/angular/roles/services.js    |  2 --
 6 files changed, 67 insertions(+), 13 deletions(-)
 rename lemur/static/app/angular/authorities/authority/{authorityEdit.tpl.html => edit.tpl.html} (59%)

diff --git a/lemur/authorities/service.py b/lemur/authorities/service.py
index 23961ede..5a1f4341 100644
--- a/lemur/authorities/service.py
+++ b/lemur/authorities/service.py
@@ -22,7 +22,7 @@ from lemur.certificates.models import Certificate
 from lemur.plugins.base import plugins
 
 
-def update(authority_id, active=None, roles=None):
+def update(authority_id, description=None, owner=None, active=None, roles=None):
     """
     Update a an authority with new values.
 
@@ -37,6 +37,9 @@ def update(authority_id, active=None, roles=None):
 
     if active:
         authority.active = active
+
+    authority.description = description
+    authority.owner = owner
     return database.update(authority)
 
 
diff --git a/lemur/authorities/views.py b/lemur/authorities/views.py
index f449a837..43a65fe5 100644
--- a/lemur/authorities/views.py
+++ b/lemur/authorities/views.py
@@ -20,6 +20,7 @@ from lemur.common.utils import paginated_parser, marshal_items
 
 FIELDS = {
     'name': fields.String,
+    'owner': fields.String,
     'description': fields.String,
     'options': fields.Raw,
     'pluginName': fields.String,
@@ -264,7 +265,9 @@ class Authorities(AuthenticatedResource):
 
               {
                  "roles": [],
-                 "active": false
+                 "active": false,
+                 "owner": "bob@example.com",
+                 "description": "this is authority1"
               }
 
            **Example response**:
@@ -279,12 +282,12 @@ class Authorities(AuthenticatedResource):
                 "id": 1,
                 "name": "authority1",
                 "description": "this is authority1",
-                "pluginname": null,
+                "pluginName": null,
                 "chain": "-----begin ...",
                 "body": "-----begin ...",
                 "active": false,
-                "notbefore": "2015-06-05t17:09:39",
-                "notafter": "2015-06-10t17:09:39"
+                "notBefore": "2015-06-05t17:09:39",
+                "notAfter": "2015-06-10t17:09:39"
                 "options": null
               }
 
@@ -292,8 +295,10 @@ class Authorities(AuthenticatedResource):
            :statuscode 200: no error
            :statuscode 403: unauthenticated
         """
-        self.reqparse.add_argument('roles', type=list, location='json')
-        self.reqparse.add_argument('active', type=str, location='json')
+        self.reqparse.add_argument('roles', type=list, default=[], location='json')
+        self.reqparse.add_argument('active', type=str, location='json', required=True)
+        self.reqparse.add_argument('owner', type=str, location='json', required=True)
+        self.reqparse.add_argument('description', type=str, location='json', required=True)
         args = self.reqparse.parse_args()
 
         authority = service.get(authority_id)
@@ -315,7 +320,13 @@ class Authorities(AuthenticatedResource):
                 return dict(message="You are not allowed to associate a role which you are not a member of"), 400
 
         if permission.can():
-            return service.update(authority_id, active=args['active'], roles=args['roles'])
+            return service.update(
+                authority_id,
+                owner=args['owner'],
+                description=args['description'],
+                active=args['active'],
+                roles=args['roles']
+            )
 
         return dict(message="You are not authorized to update this authority"), 403
 
diff --git a/lemur/static/app/angular/authorities/authority/authorityEdit.tpl.html b/lemur/static/app/angular/authorities/authority/edit.tpl.html
similarity index 59%
rename from lemur/static/app/angular/authorities/authority/authorityEdit.tpl.html
rename to lemur/static/app/angular/authorities/authority/edit.tpl.html
index f100ba1b..fe3d3eac 100644
--- a/lemur/static/app/angular/authorities/authority/authorityEdit.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/edit.tpl.html
@@ -1,9 +1,32 @@
 <div class="modal-header">
     <div class="modal-title">
-        <div class="modal-header">Edit Authority <span class="text-muted"><small>chain of command!</small></span></div>
+        <h3 class="modal-header">Edit <span class="text-muted"><small>{{ authority.name }}</small></span></h3>
     </div>
     <div class="modal-body">
         <form name="createForm" class="form-horizontal" role="form" novalidate>
+            <div class="form-group"
+                 ng-class="{'has-error': editForm.owner.$invalid, 'has-success': !editForm.owner.$invalid&&editForm.owner.$dirty}">
+                <label class="control-label col-sm-2">
+                    Owner
+                </label>
+                <div class="col-sm-10">
+                    <input type="email" name="owner" ng-model="authority.owner" placeholder="owner@netflix.com"
+                           class="form-control" required/>
+
+                    <p ng-show="editForm.owner.$invalid && !editForm.owner.$pristine" class="help-block">Enter a valid
+                        email.</p>
+                </div>
+            </div>
+            <div class="form-group"
+                 ng-class="{'has-error': editForm.description.$invalid, 'has-success': !editForm.$invalid&&editForm.description.$dirty}">
+                <label class="control-label col-sm-2">
+                    Description
+                </label>
+                <div class="col-sm-10">
+                    <textarea name="description" ng-model="authority.description" placeholder="Something elegant" class="form-control" required></textarea>
+                    <p ng-show="editForm.description.$invalid && !editForm.description.$pristine" class="help-block">You must give a short description about this authority will be used for, this description should only include alphanumeric characters</p>
+                </div>
+            </div>
             <div class="form-group">
                 <label class="control-label col-sm-2">
                     Roles
diff --git a/lemur/static/app/angular/authorities/view/view.js b/lemur/static/app/angular/authorities/view/view.js
index 970b7a7e..71cdbb9a 100644
--- a/lemur/static/app/angular/authorities/view/view.js
+++ b/lemur/static/app/angular/authorities/view/view.js
@@ -46,7 +46,7 @@ angular.module('lemur')
     $scope.edit = function (authorityId) {
       var modalInstance = $modal.open({
         animation: true,
-        templateUrl: '/angular/authorities/authority/authorityEdit.tpl.html',
+        templateUrl: '/angular/authorities/authority/edit.tpl.html',
         controller: 'AuthorityEditController',
         size: 'lg',
         resolve: {
@@ -62,6 +62,25 @@ angular.module('lemur')
 
     };
 
+    $scope.editRole = function (roleId) {
+      var modalInstance = $modal.open({
+        animation: true,
+        templateUrl: '/angular/roles/role/role.tpl.html',
+        controller: 'RolesEditController',
+        size: 'lg',
+        resolve: {
+          editId: function () {
+            return roleId;
+          }
+        }
+      });
+
+      modalInstance.result.then(function () {
+        $scope.authoritiesTable.reload();
+      });
+
+    };
+
     $scope.create = function () {
       var modalInstance = $modal.open({
         animation: true,
diff --git a/lemur/static/app/angular/authorities/view/view.tpl.html b/lemur/static/app/angular/authorities/view/view.tpl.html
index f6a60c3a..d04bc750 100644
--- a/lemur/static/app/angular/authorities/view/view.tpl.html
+++ b/lemur/static/app/angular/authorities/view/view.tpl.html
@@ -29,7 +29,7 @@
             </td>
             <td data-title="'Roles'"> <!--filter="{ 'select': 'role' }" filter-data="roleService.getRoleDropDown()">-->
               <div class="btn-group">
-                <a href="#/roles/{{ role.id }}/edit" ng-repeat="role in authority.roles" class="btn btn-sm btn-danger">
+                <a ng-click="editRole(role.id)" ng-repeat="role in authority.roles" class="btn btn-sm btn-danger">
                     {{ role.name }}
                 </a>
               </div>
diff --git a/lemur/static/app/angular/roles/services.js b/lemur/static/app/angular/roles/services.js
index af409b3e..4c68c95d 100644
--- a/lemur/static/app/angular/roles/services.js
+++ b/lemur/static/app/angular/roles/services.js
@@ -55,7 +55,6 @@ angular.module('lemur')
             title: role.name,
             body: 'Has been successfully created!'
           });
-          $location.path('roles');
         },
         function (response) {
           toaster.pop({
@@ -74,7 +73,6 @@ angular.module('lemur')
             title: role.name,
             body: 'Successfully updated!'
           });
-          $location.path('roles');
         },
         function (response) {
           toaster.pop({

From 480078da4206a75be97bb113e03b7d83720d16c0 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Tue, 1 Sep 2015 14:11:31 -0700
Subject: [PATCH 07/21] Removing str casting for role permission

---
 lemur/auth/permissions.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/auth/permissions.py b/lemur/auth/permissions.py
index 13d8f6e1..6cc04cac 100644
--- a/lemur/auth/permissions.py
+++ b/lemur/auth/permissions.py
@@ -37,7 +37,7 @@ ViewRoleCredentialsNeed = partial(RoleUser, 'roleView')
 
 class ViewRoleCredentialsPermission(Permission):
     def __init__(self, role_id):
-        need = ViewRoleCredentialsNeed(str(role_id))
+        need = ViewRoleCredentialsNeed(role_id)
         super(ViewRoleCredentialsPermission, self).__init__(need, RoleNeed('admin'))
 
 

From a350940cd1567d9289a437c4248fc9d7431dc083 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Wed, 2 Sep 2015 09:19:06 -0700
Subject: [PATCH 08/21] Adding command to fetch and publish verisign units

---
 lemur/manage.py | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/lemur/manage.py b/lemur/manage.py
index 4b7ff6fb..b21e60a7 100755
--- a/lemur/manage.py
+++ b/lemur/manage.py
@@ -4,6 +4,8 @@ import os
 import sys
 import base64
 import time
+import requests
+import json
 from gunicorn.config import make_settings
 
 from cryptography.fernet import Fernet
@@ -680,6 +682,38 @@ class ProvisionELB(Command):
                 done = True
 
 
+@manager.command
+def publish_verisign_units():
+    """
+    Simple function that queries verisign for API units and posts the mertics to
+    Atlas API for other teams to consume.
+    :return:
+    """
+    from lemur.plugins import plugins
+    v = plugins.get('verisign-issuer')
+    units = v.get_available_units()
+
+    metrics = {}
+    for item in units:
+        if item['@type'] in metrics.keys():
+            metrics[item['@type']] += int(item['@remaining'])
+        else:
+            metrics.update({item['@type']: int(item['@remaining'])})
+
+    for name, value in metrics.items():
+        metric = [
+            {
+                "timestamp": 1321351651,
+                "type": "GAUGE",
+                "name": "Symantec {0} Unit Count".format(name),
+                "tags": {},
+                "value": value
+            }
+        ]
+
+        requests.post('http://localhost:8078/metrics', data=json.dumps(metric))
+
+
 def main():
     manager.add_command("start", LemurServer())
     manager.add_command("runserver", Server(host='127.0.0.1'))

From fe7b075f7bf7a734f6e7bef1ae025864aa9b8880 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Wed, 26 Aug 2015 14:16:34 -0700
Subject: [PATCH 09/21] rely on stable version of cryptography instead of dev

---
 Makefile | 2 --
 setup.py | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index dd2c2695..03369342 100644
--- a/Makefile
+++ b/Makefile
@@ -6,8 +6,6 @@ develop: update-submodules setup-git
 	npm install
 	pip install "setuptools>=0.9.8"
 	# order matters here, base package must install first
-	# this is temporary until the version we need is released
-	pip install -e 'git+https://git@github.com/pyca/cryptography.git#egg=cryptography-1.0.dev1'
 	pip install -e .
 	pip install "file://`pwd`#egg=lemur[dev]"
 	pip install "file://`pwd`#egg=lemur[tests]"
diff --git a/setup.py b/setup.py
index ea7ef326..0e15ea76 100644
--- a/setup.py
+++ b/setup.py
@@ -39,7 +39,7 @@ install_requires = [
     'six==1.9.0',
     'gunicorn==19.3.0',
     'pycrypto==2.6.1',
-    'cryptography>=1.0dev',
+    'cryptography==1.0',
     'pyopenssl==0.15.1',
     'pyjwt==1.0.1',
     'xmltodict==0.9.2',

From 45158c64a2b6b9f6a97edb63c8205c262f059149 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Thu, 27 Aug 2015 11:53:37 -0700
Subject: [PATCH 10/21] cleaning up temporary file creation

---
 lemur/certificates/verify.py | 79 +++++++++++++++---------------------
 1 file changed, 32 insertions(+), 47 deletions(-)

diff --git a/lemur/certificates/verify.py b/lemur/certificates/verify.py
index 1e0febec..432c487c 100644
--- a/lemur/certificates/verify.py
+++ b/lemur/certificates/verify.py
@@ -6,14 +6,28 @@
 .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
 """
 import os
-import re
-import hashlib
 import requests
 import subprocess
 from OpenSSL import crypto
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
 
 from flask import current_app
 
+from contextlib import contextmanager
+from tempfile import NamedTemporaryFile
+
+
+@contextmanager
+def mktempfile():
+    with NamedTemporaryFile(delete=False) as f:
+        fi = f
+
+    try:
+        yield fi
+    finally:
+        os.unlink(fi.name)
+
 
 def ocsp_verify(cert_path, issuer_chain_path):
     """
@@ -53,27 +67,18 @@ def crl_verify(cert_path):
     :return: True if certificate is valid, False otherwise
     :raise Exception: If certificate does not have CRL
     """
-    s = "(http(s)?\://[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}/\S*?$)"
-    regex = re.compile(s, re.MULTILINE)
+    with open(cert_path, 'rt') as c:
+        cert = x509.load_pem_x509_certificate(c.read(), default_backend())
 
-    x509 = crypto.load_certificate(crypto.FILETYPE_PEM, open(cert_path, 'rt').read())
-    for x in range(x509.get_extension_count()):
-        ext = x509.get_extension(x)
-        if ext.get_short_name() == 'crlDistributionPoints':
-            r = regex.search(ext.get_data())
-            points = r.groups()
-            break
-    else:
-        raise Exception("Certificate does not have a CRL distribution point")
-
-    for point in points:
-        if point:
-            response = requests.get(point)
-            crl = crypto.load_crl(crypto.FILETYPE_ASN1, response.content)
-            revoked = crl.get_revoked()
-            for r in revoked:
-                if x509.get_serial_number() == r.get_serial():
-                    return
+    distribution_points = cert.extensions.get_extension_for_oid(x509.OID_CRL_DISTRIBUTION_POINTS).value
+    for p in distribution_points:
+        point = p.full_name[0].value
+        response = requests.get(point)
+        crl = crypto.load_crl(crypto.FILETYPE_ASN1, response.content)  # TODO this should be switched to cryptography when support exists
+        revoked = crl.get_revoked()
+        for r in revoked:
+            if cert.serial == r.get_serial():
+                return
     return True
 
 
@@ -99,22 +104,6 @@ def verify(cert_path, issuer_chain_path):
         raise Exception("Failed to verify")
 
 
-def make_tmp_file(string):
-    """
-    Creates a temporary file for a given string
-
-    :param string:
-    :return: Full file path to created file
-    """
-    m = hashlib.md5()
-    m.update(string)
-    hexdigest = m.hexdigest()
-    path = os.path.join(os.path.dirname(os.path.abspath(__file__)), hexdigest)
-    with open(path, 'w') as f:
-        f.write(string)
-    return path
-
-
 def verify_string(cert_string, issuer_string):
     """
     Verify a certificate given only it's string value
@@ -123,13 +112,9 @@ def verify_string(cert_string, issuer_string):
     :param issuer_string:
     :return: True if valid, False otherwise
     """
-    cert_path = make_tmp_file(cert_string)
-    issuer_path = make_tmp_file(issuer_string)
-    status = verify(cert_path, issuer_path)
-    remove_tmp_file(cert_path)
-    remove_tmp_file(issuer_path)
+    with mktempfile() as cert_tmp:
+        cert_tmp.write(cert_string)
+        with mktempfile() as issuer_tmp:
+            issuer_tmp.write(issuer_string)
+            status = verify(cert_tmp.path, issuer_tmp.path)
     return status
-
-
-def remove_tmp_file(file_path):
-    os.remove(file_path)

From 3b109ec578e2f979ae7dabdf538ca9047a4a68ce Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Wed, 2 Sep 2015 09:12:05 -0700
Subject: [PATCH 11/21] Cleaning up temporary file creation, and revocation
 checking

---
 lemur/certificates/verify.py | 14 ++++++++------
 lemur/manage.py              | 28 ++++++++++++++++------------
 2 files changed, 24 insertions(+), 18 deletions(-)

diff --git a/lemur/certificates/verify.py b/lemur/certificates/verify.py
index 432c487c..79afdf50 100644
--- a/lemur/certificates/verify.py
+++ b/lemur/certificates/verify.py
@@ -21,12 +21,12 @@ from tempfile import NamedTemporaryFile
 @contextmanager
 def mktempfile():
     with NamedTemporaryFile(delete=False) as f:
-        fi = f
+        name = f.name
 
     try:
-        yield fi
+        yield name
     finally:
-        os.unlink(fi.name)
+        os.unlink(name)
 
 
 def ocsp_verify(cert_path, issuer_chain_path):
@@ -113,8 +113,10 @@ def verify_string(cert_string, issuer_string):
     :return: True if valid, False otherwise
     """
     with mktempfile() as cert_tmp:
-        cert_tmp.write(cert_string)
+        with open(cert_tmp, 'w') as f:
+            f.write(cert_string)
         with mktempfile() as issuer_tmp:
-            issuer_tmp.write(issuer_string)
-            status = verify(cert_tmp.path, issuer_tmp.path)
+            with open(issuer_tmp, 'w') as f:
+                f.write(issuer_string)
+            status = verify(cert_tmp, issuer_tmp)
     return status
diff --git a/lemur/manage.py b/lemur/manage.py
index b21e60a7..42137576 100755
--- a/lemur/manage.py
+++ b/lemur/manage.py
@@ -148,12 +148,15 @@ def check_revoked():
     as `unknown`.
     """
     for cert in cert_service.get_all_certs():
-        if cert.chain:
-            status = verify_string(cert.body, cert.chain)
-        else:
-            status = verify_string(cert.body, "")
+        try:
+            if cert.chain:
+                status = verify_string(cert.body, cert.chain)
+            else:
+                status = verify_string(cert.body, "")
 
-        cert.status = 'valid' if status else "invalid"
+            cert.status = 'valid' if status else 'invalid'
+        except Exception as e:
+            cert.status = 'unknown'
         database.update(cert)
 
 
@@ -183,7 +186,7 @@ def generate_settings():
     return output
 
 
-@manager.option('-s', '--sources', dest='labels', default='', required=False)
+@manager.option('-s', '--sources', dest='labels')
 def sync_sources(labels):
     """
     Attempts to run several methods Certificate discovery. This is
@@ -209,13 +212,14 @@ def sync_sources(labels):
             try:
                 sync_lock.acquire(timeout=10)    # wait up to 10 seconds
 
-                if labels:
-                    sys.stdout.write("[+] Staring to sync sources: {labels}!\n".format(labels=labels))
-                    labels = labels.split(",")
-                else:
-                    sys.stdout.write("[+] Starting to sync ALL sources!\n")
+                sys.stdout.write("[+] Staring to sync sources: {labels}!\n".format(labels=labels))
+                labels = labels.split(",")
+
+                if labels[0] == 'all':
+                    sync()
+                else:
+                    sync(labels=labels)
 
-                sync(labels=labels)
                 sys.stdout.write(
                     "[+] Finished syncing sources. Run Time: {time}\n".format(
                         time=(time.time() - start_time)

From 97a289f02a46b401613aef0f6c30b2208e9352e9 Mon Sep 17 00:00:00 2001
From: Jeremy Heffner <jheffner@netflix.com>
Date: Wed, 2 Sep 2015 09:48:28 -0700
Subject: [PATCH 12/21] Adding me to authors

---
 AUTHORS | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/AUTHORS b/AUTHORS
index f186b025..d15393b1 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1 +1,2 @@
-- Kevin Glisson (kglisson@netflix.com)
\ No newline at end of file
+- Kevin Glisson (kglisson@netflix.com)
+- Jeremy Heffner <jheffner@netflix.com>

From 160eaa69013928341ec577886bbd7a48d1ad1c98 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Fri, 4 Sep 2015 09:24:55 -0700
Subject: [PATCH 13/21] Fixing issue with expiration emails not being sent

---
 lemur/notifications/service.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lemur/notifications/service.py b/lemur/notifications/service.py
index 3c944580..df34254d 100644
--- a/lemur/notifications/service.py
+++ b/lemur/notifications/service.py
@@ -9,7 +9,6 @@
 
 """
 import ssl
-import socket
 
 import arrow
 
@@ -114,8 +113,9 @@ def _get_domain_certificate(name):
     try:
         pub_key = ssl.get_server_certificate((name, 443))
         return cert_service.find_duplicates(pub_key.strip())
-    except socket.gaierror as e:
+    except Exception as e:
         current_app.logger.info(str(e))
+        return []
 
 
 def _find_superseded(cert):

From 9da713ab063000f97f6d8dab7ea23ca51b971fd1 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Fri, 4 Sep 2015 15:29:57 -0700
Subject: [PATCH 14/21] cleaning up references to netflix

---
 lemur/manage.py                                        | 10 +++++-----
 lemur/plugins/lemur_email/templates/expiration.html    |  2 +-
 .../app/angular/authorities/authority/edit.tpl.html    |  2 +-
 .../angular/authorities/authority/tracking.tpl.html    |  2 +-
 .../angular/certificates/certificate/upload.tpl.html   |  4 ++--
 lemur/static/app/angular/welcome/welcome.html          |  7 -------
 lemur/status/views.py                                  |  6 ++++--
 7 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/lemur/manage.py b/lemur/manage.py
index 42137576..5f9418ad 100755
--- a/lemur/manage.py
+++ b/lemur/manage.py
@@ -569,11 +569,11 @@ class ProvisionELB(Command):
             'authority': authority,
             'owner': owner,
             # defaults:
-            'organization': u'Netflix, Inc.',
-            'organizationalUnit': u'Operations',
-            'country': u'US',
-            'state': u'California',
-            'location': u'Los Gatos'
+            'organization': current_app.config.get('LEMUR_DEFAULT_ORGANIZATION'),
+            'organizationalUnit': current_app.config.get('LEMUR_DEFAULT_ORGANIZATIONAL_UNIT'),
+            'country': current_app.config.get('LEMUR_DEFAULT_COUNTRY'),
+            'state': current_app.config.get('LEMUR_DEFAULT_STATE'),
+            'location': current_app.config.get('LEMUR_DEFAULT_LOCATION')
         }
 
         return options
diff --git a/lemur/plugins/lemur_email/templates/expiration.html b/lemur/plugins/lemur_email/templates/expiration.html
index f3584bd2..32d6883a 100644
--- a/lemur/plugins/lemur_email/templates/expiration.html
+++ b/lemur/plugins/lemur_email/templates/expiration.html
@@ -53,7 +53,7 @@
                             <hr />
                        </div>
                         <p>
-                            Lemur, Netflix's SSL management portal has noticed that the following certificates are expiring soon, if you rely on these certificates
+                            Lemur, has noticed that the following certificates are expiring soon, if you rely on these certificates
                             you should create new certificates to replace the certificates that are expiring.
                         </p>
                         <p>
diff --git a/lemur/static/app/angular/authorities/authority/edit.tpl.html b/lemur/static/app/angular/authorities/authority/edit.tpl.html
index fe3d3eac..a11e9177 100644
--- a/lemur/static/app/angular/authorities/authority/edit.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/edit.tpl.html
@@ -10,7 +10,7 @@
                     Owner
                 </label>
                 <div class="col-sm-10">
-                    <input type="email" name="owner" ng-model="authority.owner" placeholder="owner@netflix.com"
+                    <input type="email" name="owner" ng-model="authority.owner" placeholder="owner@example.com"
                            class="form-control" required/>
 
                     <p ng-show="editForm.owner.$invalid && !editForm.owner.$pristine" class="help-block">Enter a valid
diff --git a/lemur/static/app/angular/authorities/authority/tracking.tpl.html b/lemur/static/app/angular/authorities/authority/tracking.tpl.html
index a2d0def6..b019bcf9 100644
--- a/lemur/static/app/angular/authorities/authority/tracking.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/tracking.tpl.html
@@ -16,7 +16,7 @@
         Owner
       </label>
       <div class="col-sm-10">
-        <input type="email" name="ownerEmail" ng-model="authority.ownerEmail" placeholder="TeamDL@netflix.com" tooltip="This is the authorities team distribution list or the main point of contact for this authority" class="form-control" required/>
+        <input type="email" name="ownerEmail" ng-model="authority.ownerEmail" placeholder="TeamDL@example.com" tooltip="This is the authorities team distribution list or the main point of contact for this authority" class="form-control" required/>
         <p ng-show="trackingForm.ownerEmail.$invalid && !trackingForm.ownerEmail.$pristine" class="help-block">You must enter an Certificate Authority owner</p>
       </div>
     </div>
diff --git a/lemur/static/app/angular/certificates/certificate/upload.tpl.html b/lemur/static/app/angular/certificates/certificate/upload.tpl.html
index 55dc850f..f97d8d67 100644
--- a/lemur/static/app/angular/certificates/certificate/upload.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/upload.tpl.html
@@ -11,7 +11,7 @@
                 </label>
 
                 <div class="col-sm-10">
-                    <input type="email" name="owner" ng-model="certificate.owner" placeholder="owner@netflix.com"
+                    <input type="email" name="owner" ng-model="certificate.owner" placeholder="owner@example.com"
                            class="form-control" required/>
 
                     <p ng-show="uploadForm.owner.$invalid && !uploadForm.owner.$pristine" class="help-block">Enter a valid
@@ -24,7 +24,7 @@
                     Custom Name <span class="glyphicon glyphicon-question-sign"></span>
                 </label>
                 <div class="col-sm-10">
-                    <input name="name" ng-model="certificate.name" placeholder="example.netflix.net-SymantecCorporation-20150828-20160830" class="form-control"/>
+                    <input name="name" ng-model="certificate.name" placeholder="the.example.net-SymantecCorporation-20150828-20160830" class="form-control"/>
                 </div>
             </div>
             <div class="form-group"
diff --git a/lemur/static/app/angular/welcome/welcome.html b/lemur/static/app/angular/welcome/welcome.html
index a3c44176..f80e8645 100644
--- a/lemur/static/app/angular/welcome/welcome.html
+++ b/lemur/static/app/angular/welcome/welcome.html
@@ -8,12 +8,5 @@
 <div class="row featurette">
   <div class="col-md-10">
     <h2 class="featurette-heading">SSL In The Cloud <span class="text-muted">Encrypt it all </span></h2>
-
-    <p class="lead">The Security Operations team manages all of the SSL certificate generation at Netflix. This
-      portal was created to serve as both a self service application so that application owners can provision
-      their own certificates and to help enforce some key naming and security conventions, in order provide
-      Netflix with scalable and manageable SSL security.</p>
-
-    <p>See <a href="http://go/ssl">go/ssl</a> for more info.</p>
   </div>
 </div>
diff --git a/lemur/status/views.py b/lemur/status/views.py
index 65d3af7a..fddfdb69 100644
--- a/lemur/status/views.py
+++ b/lemur/status/views.py
@@ -5,7 +5,7 @@
 """
 import os
 
-from flask import app, Blueprint, jsonify
+from flask import app, current_app, Blueprint, jsonify
 from flask.ext.restful import Api
 
 from lemur.auth.service import AuthenticatedResource
@@ -25,7 +25,9 @@ class Status(AuthenticatedResource):
             return jsonify({
                 'environment': app.config.get('ENVIRONMENT'),
                 'status': 'degraded',
-                'message': "This Lemur instance is in a degraded state and is unable to issue certificates, please alert secops@netflix.com"})
+                'message': "This Lemur instance is in a degraded state and is unable to issue certificates, please alert {0}".format(
+                    current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')
+                )})
         else:
             return jsonify({
                 'environment': app.config.get('ENVIRONMENT'),

From aaae4d5a1f8c4591ff74b11e0f93faed34376696 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Fri, 4 Sep 2015 15:52:56 -0700
Subject: [PATCH 15/21] unifying lemur defaults

---
 lemur/__init__.py                             |  4 +-
 lemur/certificates/views.py                   | 51 +--------------
 lemur/{status => defaults}/__init__.py        |  0
 lemur/defaults/views.py                       | 63 +++++++++++++++++++
 lemur/static/app/angular/app.js               |  9 +++
 .../authorities/authority/authority.js        |  3 +
 .../app/angular/authorities/services.js       | 12 +++-
 .../app/angular/certificates/services.js      |  4 +-
 lemur/status/views.py                         | 35 -----------
 9 files changed, 91 insertions(+), 90 deletions(-)
 rename lemur/{status => defaults}/__init__.py (100%)
 create mode 100644 lemur/defaults/views.py
 delete mode 100644 lemur/status/views.py

diff --git a/lemur/__init__.py b/lemur/__init__.py
index 24cb6ef1..79b45241 100644
--- a/lemur/__init__.py
+++ b/lemur/__init__.py
@@ -17,7 +17,7 @@ from lemur.domains.views import mod as domains_bp
 from lemur.destinations.views import mod as destinations_bp
 from lemur.authorities.views import mod as authorities_bp
 from lemur.certificates.views import mod as certificates_bp
-from lemur.status.views import mod as status_bp
+from lemur.defaults.views import mod as defaults_bp
 from lemur.plugins.views import mod as plugins_bp
 from lemur.notifications.views import mod as notifications_bp
 from lemur.sources.views import mod as sources_bp
@@ -31,7 +31,7 @@ LEMUR_BLUEPRINTS = (
     destinations_bp,
     authorities_bp,
     certificates_bp,
-    status_bp,
+    defaults_bp,
     plugins_bp,
     notifications_bp,
     sources_bp
diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py
index 834fdff7..112c86ad 100644
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@@ -7,7 +7,7 @@
 """
 from builtins import str
 
-from flask import Blueprint, current_app, make_response, jsonify
+from flask import Blueprint, make_response, jsonify
 from flask.ext.restful import reqparse, Api, fields
 
 from cryptography import x509
@@ -668,58 +668,9 @@ class NotificationCertificatesList(AuthenticatedResource):
         return service.render(args)
 
 
-class CertificatesDefaults(AuthenticatedResource):
-    """ Defineds the 'certificates' defaults endpoint """
-    def __init__(self):
-        super(CertificatesDefaults)
-
-    def get(self):
-        """
-        .. http:get:: /certificates/defaults
-
-            Returns defaults needed to generate CSRs
-
-           **Example request**:
-
-           .. sourcecode:: http
-
-              GET /certificates/defaults HTTP/1.1
-              Host: example.com
-              Accept: application/json, text/javascript
-
-           **Example response**:
-
-           .. sourcecode:: http
-
-              HTTP/1.1 200 OK
-              Vary: Accept
-              Content-Type: text/javascript
-
-              {
-                 "country": "US",
-                 "state": "CA",
-                 "location": "Los Gatos",
-                 "organization": "Netflix",
-                 "organizationalUnit": "Operations"
-              }
-
-           :reqheader Authorization: OAuth token to authenticate
-           :statuscode 200: no error
-           :statuscode 403: unauthenticated
-        """
-        return dict(
-            country=current_app.config.get('LEMUR_DEFAULT_COUNTRY'),
-            state=current_app.config.get('LEMUR_DEFAULT_STATE'),
-            location=current_app.config.get('LEMUR_DEFAULT_LOCATION'),
-            organization=current_app.config.get('LEMUR_DEFAULT_ORGANIZATION'),
-            organizationalUnit=current_app.config.get('LEMUR_DEFAULT_ORGANIZATIONAL_UNIT')
-        )
-
-
 api.add_resource(CertificatesList, '/certificates', endpoint='certificates')
 api.add_resource(Certificates, '/certificates/<int:certificate_id>', endpoint='certificate')
 api.add_resource(CertificatesStats, '/certificates/stats', endpoint='certificateStats')
 api.add_resource(CertificatesUpload, '/certificates/upload', endpoint='certificateUpload')
 api.add_resource(CertificatePrivateKey, '/certificates/<int:certificate_id>/key', endpoint='privateKeyCertificates')
 api.add_resource(NotificationCertificatesList, '/notifications/<int:notification_id>/certificates', endpoint='notificationCertificates')
-api.add_resource(CertificatesDefaults, '/certificates/defaults', endpoint='certificatesDefault')
diff --git a/lemur/status/__init__.py b/lemur/defaults/__init__.py
similarity index 100%
rename from lemur/status/__init__.py
rename to lemur/defaults/__init__.py
diff --git a/lemur/defaults/views.py b/lemur/defaults/views.py
new file mode 100644
index 00000000..d053aef7
--- /dev/null
+++ b/lemur/defaults/views.py
@@ -0,0 +1,63 @@
+"""
+.. module: lemur.status.views
+    :copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
+    :license: Apache, see LICENSE for more details.
+"""
+from flask import current_app, Blueprint
+from flask.ext.restful import Api
+
+from lemur.auth.service import AuthenticatedResource
+
+
+mod = Blueprint('default', __name__)
+api = Api(mod)
+
+
+class LemurDefaults(AuthenticatedResource):
+    """ Defines the 'defaults' endpoint """
+    def __init__(self):
+        super(LemurDefaults)
+
+    def get(self):
+        """
+        .. http:get:: /defaults
+
+            Returns defaults needed to generate CSRs
+
+           **Example request**:
+
+           .. sourcecode:: http
+
+              GET /defaults HTTP/1.1
+              Host: example.com
+              Accept: application/json, text/javascript
+
+           **Example response**:
+
+           .. sourcecode:: http
+
+              HTTP/1.1 200 OK
+              Vary: Accept
+              Content-Type: text/javascript
+
+              {
+                 "country": "US",
+                 "state": "CA",
+                 "location": "Los Gatos",
+                 "organization": "Netflix",
+                 "organizationalUnit": "Operations"
+              }
+
+           :reqheader Authorization: OAuth token to authenticate
+           :statuscode 200: no error
+           :statuscode 403: unauthenticated
+        """
+        return dict(
+            country=current_app.config.get('LEMUR_DEFAULT_COUNTRY'),
+            state=current_app.config.get('LEMUR_DEFAULT_STATE'),
+            location=current_app.config.get('LEMUR_DEFAULT_LOCATION'),
+            organization=current_app.config.get('LEMUR_DEFAULT_ORGANIZATION'),
+            organizationalUnit=current_app.config.get('LEMUR_DEFAULT_ORGANIZATIONAL_UNIT')
+        )
+
+api.add_resource(LemurDefaults, '/defaults', endpoint='default')
diff --git a/lemur/static/app/angular/app.js b/lemur/static/app/angular/app.js
index fd620ffe..da9ce330 100644
--- a/lemur/static/app/angular/app.js
+++ b/lemur/static/app/angular/app.js
@@ -60,6 +60,15 @@ lemur.controller('datePickerController', function ($scope, $timeout){
   };
 });
 
+lemur.service('DefaultService', function (LemurRestangular) {
+  var DefaultService = this;
+  DefaultService.get = function () {
+    return LemurRestangular.all('defaults').customGET().then(function (defaults) {
+      return defaults;
+    });
+  };
+});
+
 lemur.factory('LemurRestangular', function (Restangular, $location, $auth) {
   return Restangular.withConfig(function (RestangularConfigurer) {
     RestangularConfigurer.setBaseUrl('http://localhost:5000/api/1');
diff --git a/lemur/static/app/angular/authorities/authority/authority.js b/lemur/static/app/angular/authorities/authority/authority.js
index 0fcd54b3..be8c4066 100644
--- a/lemur/static/app/angular/authorities/authority/authority.js
+++ b/lemur/static/app/angular/authorities/authority/authority.js
@@ -30,6 +30,9 @@ angular.module('lemur')
   .controller('AuthorityCreateController', function ($scope, $modalInstance, AuthorityService, LemurRestangular, RoleService, PluginService, WizardHandler)  {
     $scope.authority = LemurRestangular.restangularizeElement(null, {}, 'authorities');
 
+    // set the defaults
+    AuthorityService.getDefaults($scope.authority);
+
     $scope.loading = false;
     $scope.create = function (authority) {
       WizardHandler.wizard().context.loading = true;
diff --git a/lemur/static/app/angular/authorities/services.js b/lemur/static/app/angular/authorities/services.js
index eefdbc8c..235b7ee7 100644
--- a/lemur/static/app/angular/authorities/services.js
+++ b/lemur/static/app/angular/authorities/services.js
@@ -56,7 +56,7 @@ angular.module('lemur')
     });
     return LemurRestangular.all('authorities');
   })
-  .service('AuthorityService', function ($location, AuthorityApi, toaster) {
+  .service('AuthorityService', function ($location, AuthorityApi, DefaultService, toaster) {
     var AuthorityService = this;
     AuthorityService.findAuthorityByName = function (filterValue) {
       return AuthorityApi.getList({'filter[name]': filterValue})
@@ -117,6 +117,16 @@ angular.module('lemur')
       });
     };
 
+    AuthorityService.getDefaults = function (authority) {
+      return DefaultService.get().then(function (defaults) {
+        authority.caDN.country = defaults.country;
+        authority.caDN.state = defaults.state;
+        authority.caDN.location = defaults.location;
+        authority.caDN.organization = defaults.organization;
+        authority.caDN.organizationalUnit = defaults.organizationalUnit;
+      });
+    };
+
     AuthorityService.getRoles = function (authority) {
       return authority.getList('roles').then(function (roles) {
         authority.roles = roles;
diff --git a/lemur/static/app/angular/certificates/services.js b/lemur/static/app/angular/certificates/services.js
index b421537c..fff61221 100644
--- a/lemur/static/app/angular/certificates/services.js
+++ b/lemur/static/app/angular/certificates/services.js
@@ -89,7 +89,7 @@ angular.module('lemur')
     });
     return LemurRestangular.all('certificates');
   })
-  .service('CertificateService', function ($location, CertificateApi, LemurRestangular, toaster) {
+  .service('CertificateService', function ($location, CertificateApi, LemurRestangular, DefaultService, toaster) {
     var CertificateService = this;
     CertificateService.findCertificatesByName = function (filterValue) {
       return CertificateApi.getList({'filter[name]': filterValue})
@@ -207,7 +207,7 @@ angular.module('lemur')
     };
 
     CertificateService.getDefaults = function (certificate) {
-      return certificate.customGET('defaults').then(function (defaults) {
+      return DefaultService.get().then(function (defaults) {
         certificate.country = defaults.country;
         certificate.state = defaults.state;
         certificate.location = defaults.location;
diff --git a/lemur/status/views.py b/lemur/status/views.py
deleted file mode 100644
index fddfdb69..00000000
--- a/lemur/status/views.py
+++ /dev/null
@@ -1,35 +0,0 @@
-"""
-.. module: lemur.status.views
-    :copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
-    :license: Apache, see LICENSE for more details.
-"""
-import os
-
-from flask import app, current_app, Blueprint, jsonify
-from flask.ext.restful import Api
-
-from lemur.auth.service import AuthenticatedResource
-
-
-mod = Blueprint('status', __name__)
-api = Api(mod)
-
-
-class Status(AuthenticatedResource):
-    """ Defines the 'accounts' endpoint """
-    def __init__(self):
-        super(Status, self).__init__()
-
-    def get(self):
-        if not os.path.isdir(os.path.join(app.config.get("KEY_PATH"), "decrypted")):
-            return jsonify({
-                'environment': app.config.get('ENVIRONMENT'),
-                'status': 'degraded',
-                'message': "This Lemur instance is in a degraded state and is unable to issue certificates, please alert {0}".format(
-                    current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')
-                )})
-        else:
-            return jsonify({
-                'environment': app.config.get('ENVIRONMENT'),
-                'status': 'healthy',
-                'message': "This Lemur instance is healthy"})

From 0afd4c94b45942ecbd92d5a2992ad45b459075aa Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Fri, 4 Sep 2015 15:54:02 -0700
Subject: [PATCH 16/21] removing more netflix

---
 .../app/angular/certificates/certificate/tracking.tpl.html      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
index 94fe81d9..11553ffe 100644
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@@ -6,7 +6,7 @@
                 Owner
             </label>
             <div class="col-sm-10">
-                <input type="email" name="ownerEmail" ng-model="certificate.owner" placeholder="TeamDL@netflix.com" tooltip="This is the certificates team distribution list or main point of contact" class="form-control" required/>
+                <input type="email" name="ownerEmail" ng-model="certificate.owner" placeholder="TeamDL@example.com" tooltip="This is the certificates team distribution list or main point of contact" class="form-control" required/>
                 <p ng-show="trackingForm.ownerEmail.$invalid && !trackingForm.ownerEmail.$pristine" class="help-block">You must enter an Certificate owner</p>
             </div>
         </div>

From 8ab9c06778408bf569a0e743bae8200893e695d2 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Fri, 4 Sep 2015 15:54:52 -0700
Subject: [PATCH 17/21] removing more netflix

---
 .../app/angular/certificates/certificate/destinations.tpl.html  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/static/app/angular/certificates/certificate/destinations.tpl.html b/lemur/static/app/angular/certificates/certificate/destinations.tpl.html
index 9961a6f2..59cbe0b1 100644
--- a/lemur/static/app/angular/certificates/certificate/destinations.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/destinations.tpl.html
@@ -4,7 +4,7 @@
     </label>
     <div class="col-sm-10">
         <div class="input-group">
-            <input type="text" ng-model="certificate.selectedDestination" placeholder="AWS, TheSecret..."
+            <input type="text" ng-model="certificate.selectedDestination" placeholder="AWS..."
                    typeahead="destination.label for destination in destinationService.findDestinationsByName($viewValue)" typeahead-loading="loadingDestinations"
                    class="form-control input-md" typeahead-on-select="certificate.attachDestination($item)" typeahead-min-wait="50"
                    tooltip="Lemur can upload certificates to any pre-defined destination"

From 084604cf3ce10bc282a221172b3d9b8d782ed8ae Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Mon, 7 Sep 2015 21:54:23 -0700
Subject: [PATCH 18/21] fixing setup.py

---
 setup.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/setup.py b/setup.py
index 0e15ea76..fa1a844a 100644
--- a/setup.py
+++ b/setup.py
@@ -16,7 +16,7 @@ from distutils.core import Command
 from setuptools.command.develop import develop
 from setuptools.command.install import install
 from setuptools.command.sdist import sdist
-from setuptools import setup
+from setuptools import setup, find_packages
 from subprocess import check_output
 
 ROOT = os.path.realpath(os.path.join(os.path.dirname(__file__)))
@@ -110,11 +110,11 @@ class BuildStatic(Command):
 
 setup(
     name='lemur',
-    version='0.1',
+    version='0.1.3',
     author='Kevin Glisson',
     author_email='kglisson@netflix.com',
     long_description=open(os.path.join(ROOT, 'README.rst')).read(),
-    packages=['lemur'],
+    packages=find_packages(),
     include_package_data=True,
     zip_safe=False,
     install_requires=install_requires,
@@ -127,7 +127,6 @@ setup(
         'build_static': BuildStatic,
         'sdist': SdistWithBuildStatic,
         'install': SmartInstall
-
     },
     entry_points={
         'console_scripts': [

From 0383e2a1e104e8b7d6a8b2c803aab327fd45813f Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Mon, 7 Sep 2015 22:14:18 -0700
Subject: [PATCH 19/21] adding manifest

---
 MANIFEST.in | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 MANIFEST.in

diff --git a/MANIFEST.in b/MANIFEST.in
new file mode 100644
index 00000000..ec344cc4
--- /dev/null
+++ b/MANIFEST.in
@@ -0,0 +1,4 @@
+include setup.py package.json bower.json gulpfile.js README.rst MANIFEST.in LICENSE AUTHORS
+recursive-include lemur/plugins/lemur_email/templates *
+recursive-include lemur/static *
+global-exclude *~

From bf957d2509137011275cd5179787d68745b0d692 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Fri, 11 Sep 2015 08:19:35 -0700
Subject: [PATCH 20/21] moving to hotfix version of cryptography

---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index fa1a844a..a72ba7da 100644
--- a/setup.py
+++ b/setup.py
@@ -39,7 +39,7 @@ install_requires = [
     'six==1.9.0',
     'gunicorn==19.3.0',
     'pycrypto==2.6.1',
-    'cryptography==1.0',
+    'cryptography==1.0.1',
     'pyopenssl==0.15.1',
     'pyjwt==1.0.1',
     'xmltodict==0.9.2',

From 7f119e95e1998080dd97e42f46b36553bc41adf7 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Fri, 11 Sep 2015 08:27:34 -0700
Subject: [PATCH 21/21] making the verisign urls more generic

---
 lemur/plugins/lemur_verisign/plugin.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lemur/plugins/lemur_verisign/plugin.py b/lemur/plugins/lemur_verisign/plugin.py
index 930b2574..6f4cd8b4 100644
--- a/lemur/plugins/lemur_verisign/plugin.py
+++ b/lemur/plugins/lemur_verisign/plugin.py
@@ -147,7 +147,7 @@ class VerisignIssuerPlugin(IssuerPlugin):
         :param issuer_options:
         :return: :raise Exception:
         """
-        url = current_app.config.get("VERISIGN_URL") + '/enroll'
+        url = current_app.config.get("VERISIGN_URL") + '/rest/services/enroll'
 
         data = process_options(issuer_options)
         data['csr'] = csr
@@ -177,6 +177,6 @@ class VerisignIssuerPlugin(IssuerPlugin):
 
         :return:
         """
-        url = current_app.config.get("VERISIGN_URL") + '/getTokens'
+        url = current_app.config.get("VERISIGN_URL") + '/rest/services/getTokens'
         response = self.session.post(url, headers={'content-type': 'application/x-www-form-urlencoded'})
         return handle_response(response.content)['Response']['Order']