Adding a toy certificate authority. (#378)

2016-06-29 09:05:39 -07:00
parent eefff8497a
commit 54b888bb08
10 changed files with 180 additions and 11 deletions
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@ -7,14 +7,14 @@
 """
 from flask import current_app

-from marshmallow import fields, validates_schema
+from marshmallow import fields, validates_schema, pre_load
 from marshmallow import validate
 from marshmallow.exceptions import ValidationError

 from lemur.schemas import PluginInputSchema, PluginOutputSchema, ExtensionSchema, AssociatedAuthoritySchema, AssociatedRoleSchema
 from lemur.users.schemas import UserNestedOutputSchema
 from lemur.common.schema import LemurInputSchema, LemurOutputSchema
-from lemur.common import validators
+from lemur.common import validators, missing


 class AuthorityInputSchema(LemurInputSchema):
@ -60,6 +60,10 @@ class AuthorityInputSchema(LemurInputSchema):
            if not data.get('parent'):
                raise ValidationError("If generating a subca parent 'authority' must be specified.")

+    @pre_load
+    def ensure_dates(self, data):
+        return missing.dates(data)
+

 class AuthorityUpdateSchema(LemurInputSchema):
    owner = fields.Email(required=True)
--- a/lemur/authorities/service.py
+++ b/lemur/authorities/service.py
@ -44,9 +44,17 @@ def mint(**kwargs):
    Creates the authority based on the plugin provided.
    """
    issuer = kwargs['plugin']['plugin_object']
-    body, chain, roles = issuer.create_authority(kwargs)
+    values = issuer.create_authority(kwargs)
+
+    # support older plugins
+    if len(values) == 3:
+        body, chain, roles = values
+        private_key = None
+    elif len(values) == 4:
+        body, private_key, chain, roles = values
+
    roles = create_authority_roles(roles, kwargs['owner'], kwargs['plugin']['plugin_object'].title)
-    return body, chain, roles
+    return body, private_key, chain, roles


 def create_authority_roles(roles, owner, plugin_title):
@ -88,9 +96,10 @@ def create(**kwargs):
    Creates a new authority.
    """
    kwargs['creator'] = g.user.email
-    body, chain, roles = mint(**kwargs)
+    body, private_key, chain, roles = mint(**kwargs)

    kwargs['body'] = body
+    kwargs['private_key'] = private_key
    kwargs['chain'] = chain

    if kwargs.get('roles'):
@ -172,6 +181,9 @@ def render(args):
    # we make sure that a user can only use an authority they either own are are a member of - admins can see all
    if not g.current_user.is_admin:
        authority_ids = []
+        for authority in g.current_user.authorities:
+            authority_ids.append(authority.id)
+
        for role in g.current_user.roles:
            for authority in role.authorities:
                authority_ids.append(authority.id)