Merge branch 'master' into url_context_path

2020-10-22 12:04:11 -07:00 · 2020-10-22 12:04:11 -07:00 · 3e1e17998e
parent 63ace016f9 55f219e97a
commit 3e1e17998e
4 changed files with 35 additions and 24 deletions
--- a/lemur/certificates/schemas.py
+++ b/lemur/certificates/schemas.py
@ -340,6 +340,8 @@ class CertificateOutputSchema(LemurOutputSchema):

    @post_dump
    def handle_subject_details(self, data):
+        subject_details = ["country", "state", "location", "organization", "organizational_unit"]
+
        # Remove subject details if authority is CA/Browser Forum compliant. The code will use default set of values in that case.
        # If CA/Browser Forum compliance of an authority is unknown (None), it is safe to fallback to default values. Thus below
        # condition checks for 'not False' ==> 'True or None'
@ -347,11 +349,13 @@ class CertificateOutputSchema(LemurOutputSchema):
            is_cab_compliant = data.get("authority").get("isCabCompliant")

            if is_cab_compliant is not False:
-                data.pop("country", None)
-                data.pop("state", None)
-                data.pop("location", None)
-                data.pop("organization", None)
-                data.pop("organizational_unit", None)
+                for field in subject_details:
+                    data.pop(field, None)
+
+        # Removing subject fields if None, else it complains in de-serialization
+        for field in subject_details:
+            if field in data and data[field] is None:
+                data.pop(field)


 class CertificateShortOutputSchema(LemurOutputSchema):
--- a/lemur/common/defaults.py
+++ b/lemur/common/defaults.py
@ -95,9 +95,11 @@ def organization(cert):
    :return:
    """
    try:
-        return cert.subject.get_attributes_for_oid(x509.OID_ORGANIZATION_NAME)[
-            0
-        ].value.strip()
+        o = cert.subject.get_attributes_for_oid(x509.OID_ORGANIZATION_NAME)
+        if not o:
+            return None
+
+        return o[0].value.strip()
    except Exception as e:
        sentry.captureException()
        current_app.logger.error("Unable to get organization! {0}".format(e))
@ -110,9 +112,11 @@ def organizational_unit(cert):
    :return:
    """
    try:
-        return cert.subject.get_attributes_for_oid(x509.OID_ORGANIZATIONAL_UNIT_NAME)[
-            0
-        ].value.strip()
+        ou = cert.subject.get_attributes_for_oid(x509.OID_ORGANIZATIONAL_UNIT_NAME)
+        if not ou:
+            return None
+
+        return ou[0].value.strip()
    except Exception as e:
        sentry.captureException()
        current_app.logger.error("Unable to get organizational unit! {0}".format(e))
@ -125,9 +129,11 @@ def country(cert):
    :return:
    """
    try:
-        return cert.subject.get_attributes_for_oid(x509.OID_COUNTRY_NAME)[
-            0
-        ].value.strip()
+        c = cert.subject.get_attributes_for_oid(x509.OID_COUNTRY_NAME)
+        if not c:
+            return None
+
+        return c[0].value.strip()
    except Exception as e:
        sentry.captureException()
        current_app.logger.error("Unable to get country! {0}".format(e))
@ -140,9 +146,11 @@ def state(cert):
    :return:
    """
    try:
-        return cert.subject.get_attributes_for_oid(x509.OID_STATE_OR_PROVINCE_NAME)[
-            0
-        ].value.strip()
+        s = cert.subject.get_attributes_for_oid(x509.OID_STATE_OR_PROVINCE_NAME)
+        if not s:
+            return None
+
+        return s[0].value.strip()
    except Exception as e:
        sentry.captureException()
        current_app.logger.error("Unable to get state! {0}".format(e))
@ -155,9 +163,11 @@ def location(cert):
    :return:
    """
    try:
-        return cert.subject.get_attributes_for_oid(x509.OID_LOCALITY_NAME)[
-            0
-        ].value.strip()
+        loc = cert.subject.get_attributes_for_oid(x509.OID_LOCALITY_NAME)
+        if not loc:
+            return None
+
+        return loc[0].value.strip()
    except Exception as e:
        sentry.captureException()
        current_app.logger.error("Unable to get location! {0}".format(e))
--- a/lemur/static/app/angular/authorities/authority/options.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/options.tpl.html
@ -24,7 +24,6 @@
              ng-options="option.value as option.name for option in [
                      {'name': 'RSA-2048', 'value': 'RSA2048'},
                      {'name': 'RSA-4096', 'value': 'RSA4096'},
-                      {'name': 'ECC-PRIME192V1', 'value': 'ECCPRIME192V1'},
                      {'name': 'ECC-PRIME256V1', 'value': 'ECCPRIME256V1'},
                      {'name': 'ECC-SECP384R1', 'value': 'ECCSECP384R1'},
                      {'name': 'ECC-SECP521R1', 'value': 'ECCSECP521R1'}]"
--- a/lemur/static/app/angular/certificates/certificate/options.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/options.tpl.html
@ -35,10 +35,8 @@
                  ng-options="option.value as option.name for option in [
                      {'name': 'RSA-2048', 'value': 'RSA2048'},
                      {'name': 'RSA-4096', 'value': 'RSA4096'},
-                      {'name': 'ECC-PRIME192V1', 'value': 'ECCPRIME192V1'},
                      {'name': 'ECC-PRIME256V1', 'value': 'ECCPRIME256V1'},
-                      {'name': 'ECC-SECP384R1', 'value': 'ECCSECP384R1'},
-                      {'name': 'ECC-SECP521R1', 'value': 'ECCSECP521R1'}]"
+                      {'name': 'ECC-SECP384R1', 'value': 'ECCSECP384R1'}]"

                  ng-init="certificate.keyType = 'RSA2048'"></select>
        </div>