From a07db5625ba76c64d69e09e1190af21e251bd1f2 Mon Sep 17 00:00:00 2001 From: kevgliss Date: Sat, 22 Aug 2015 10:22:36 -0700 Subject: [PATCH 1/2] Fixing an issue were extensions were implicitly required --- lemur/certificates/service.py | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py index 8dbc7597..8a1e20fa 100644 --- a/lemur/certificates/service.py +++ b/lemur/certificates/service.py @@ -320,17 +320,18 @@ def create_csr(csr_config): x509.BasicConstraints(ca=False, path_length=None), critical=True, ) - for k, v in csr_config.get('extensions', {}).items(): - if k == 'subAltNames': - # map types to their x509 objects - general_names = [] - for name in v['names']: - if name['nameType'] == 'DNSName': - general_names.append(x509.DNSName(name['value'])) + if csr_config.get('extensions'): + for k, v in csr_config.get('extensions', {}).items(): + if k == 'subAltNames': + # map types to their x509 objects + general_names = [] + for name in v['names']: + if name['nameType'] == 'DNSName': + general_names.append(x509.DNSName(name['value'])) - builder = builder.add_extension( - x509.SubjectAlternativeName(general_names), critical=True - ) + builder = builder.add_extension( + x509.SubjectAlternativeName(general_names), critical=True + ) # TODO support more CSR options, none of the authority plugins currently support these options # builder.add_extension( From 45c442000e3511edd48c1763ddf7561823628abe Mon Sep 17 00:00:00 2001 From: kevgliss Date: Sat, 22 Aug 2015 10:56:15 -0700 Subject: [PATCH 2/2] Fixing some unfortunate casting that prevent creators from viewing/updating their certs --- lemur/auth/permissions.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lemur/auth/permissions.py b/lemur/auth/permissions.py index c07119d4..13d8f6e1 100644 --- a/lemur/auth/permissions.py +++ b/lemur/auth/permissions.py @@ -21,13 +21,13 @@ CertificateCreatorNeed = partial(CertificateCreator, 'key') class ViewKeyPermission(Permission): def __init__(self, certificate_id, owner): - c_need = CertificateCreatorNeed(str(certificate_id)) + c_need = CertificateCreatorNeed(certificate_id) super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin')) class UpdateCertificatePermission(Permission): def __init__(self, certificate_id, owner): - c_need = CertificateCreatorNeed(str(certificate_id)) + c_need = CertificateCreatorNeed(certificate_id) super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))