Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #48 from kevgliss/fixes 

Fixes
This commit is contained in:
kevgliss 2015-08-22 13:04:02 -07:00
parent 3df50f15f7 45c442000e
commit 3476d3bcf3
2 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lemur/auth/permissions.py
View File

@ -21,13 +21,13 @@ CertificateCreatorNeed = partial(CertificateCreator, 'key')
class ViewKeyPermission(Permission): class ViewKeyPermission(Permission):
def __init__(self, certificate_id, owner): def __init__(self, certificate_id, owner):
c_need = CertificateCreatorNeed(str(certificate_id)) c_need = CertificateCreatorNeed(certificate_id)
super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin')) super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
class UpdateCertificatePermission(Permission): class UpdateCertificatePermission(Permission):
def __init__(self, certificate_id, owner): def __init__(self, certificate_id, owner):
c_need = CertificateCreatorNeed(str(certificate_id)) c_need = CertificateCreatorNeed(certificate_id)
super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin')) super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))

21
lemur/certificates/service.py
View File

@ -320,17 +320,18 @@ def create_csr(csr_config):
x509.BasicConstraints(ca=False, path_length=None), critical=True, x509.BasicConstraints(ca=False, path_length=None), critical=True,
) )
for k, v in csr_config.get('extensions', {}).items(): if csr_config.get('extensions'):
if k == 'subAltNames': for k, v in csr_config.get('extensions', {}).items():
# map types to their x509 objects if k == 'subAltNames':
general_names = [] # map types to their x509 objects
for name in v['names']: general_names = []
if name['nameType'] == 'DNSName': for name in v['names']:
general_names.append(x509.DNSName(name['value'])) if name['nameType'] == 'DNSName':
general_names.append(x509.DNSName(name['value']))
builder = builder.add_extension( builder = builder.add_extension(
x509.SubjectAlternativeName(general_names), critical=True x509.SubjectAlternativeName(general_names), critical=True
) )
# TODO support more CSR options, none of the authority plugins currently support these options # TODO support more CSR options, none of the authority plugins currently support these options
# builder.add_extension( # builder.add_extension(