From 604cd60dbe7f8c1572c1b29ff86e775a68957c13 Mon Sep 17 00:00:00 2001
From: Paul Van de Vreede <pvdvreede@gmail.com>
Date: Fri, 28 Apr 2017 02:14:20 +1000
Subject: [PATCH] Return correct intermediate certificate on digicert creation.
 (#762)

This commit also removes the unused DIGICERT_INTERMEDIATE env
var as it is not used.
---
 docs/administration.rst                       |  6 ----
 lemur/plugins/lemur_digicert/plugin.py        |  6 ++--
 .../lemur_digicert/tests/test_digicert.py     | 30 +++++++++++++++++++
 lemur/tests/conf.py                           |  3 +-
 setup.py                                      |  3 +-
 5 files changed, 35 insertions(+), 13 deletions(-)

diff --git a/docs/administration.rst b/docs/administration.rst
index 3ba44c99..e9f71beb 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -450,12 +450,6 @@ The following configuration properties are required to use the Digicert issuer p
             This is the Digicert organization ID tied to your API key
 
 
-.. data:: DIGICERT_INTERMEDIATE
-    :noindex:
-
-            This is the intermediate to be used for your CA chain
-
-
 .. data:: DIGICERT_ROOT
     :noindex:
 
diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index 5664fb45..0c81e76f 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -241,7 +241,6 @@ class DigiCertSourcePlugin(SourcePlugin):
             'DIGICERT_URL',
             'DIGICERT_ORG_ID',
             'DIGICERT_ROOT',
-            'DIGICERT_INTERMEDIATE'
         ]
         validate_conf(current_app, required_vars)
 
@@ -279,7 +278,6 @@ class DigiCertIssuerPlugin(IssuerPlugin):
             'DIGICERT_URL',
             'DIGICERT_ORG_ID',
             'DIGICERT_ROOT',
-            'DIGICERT_INTERMEDIATE'
         ]
 
         validate_conf(current_app, required_vars)
@@ -317,10 +315,10 @@ class DigiCertIssuerPlugin(IssuerPlugin):
 
         certificate_id = get_certificate_id(self.session, base_url, order_id)
 
-        # retrieve ceqrtificate
+        # retrieve certificate
         certificate_url = "{0}/services/v2/certificate/{1}/download/format/pem_all".format(base_url, certificate_id)
         end_entity, intermediate, root = pem.parse(self.session.get(certificate_url).content)
-        return "\n".join(str(end_entity).splitlines()), "\n".join(str(end_entity).splitlines())
+        return "\n".join(str(end_entity).splitlines()), "\n".join(str(intermediate).splitlines())
 
     @staticmethod
     def create_authority(options):
diff --git a/lemur/plugins/lemur_digicert/tests/test_digicert.py b/lemur/plugins/lemur_digicert/tests/test_digicert.py
index 66fba07a..39c87c05 100644
--- a/lemur/plugins/lemur_digicert/tests/test_digicert.py
+++ b/lemur/plugins/lemur_digicert/tests/test_digicert.py
@@ -1,5 +1,6 @@
 import pytest
 import arrow
+import json
 from freezegun import freeze_time
 
 from lemur.tests.vectors import CSR_STR
@@ -146,3 +147,32 @@ def test_signature_hash(app):
 
     with pytest.raises(Exception):
         signature_hash('sdfdsf')
+
+
+def test_issuer_plugin_create_certificate():
+    import requests_mock
+    from lemur.plugins.lemur_digicert.plugin import DigiCertIssuerPlugin
+
+    pem_fixture = """\
+-----BEGIN CERTIFICATE-----
+abc
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+def
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+ghi
+-----END CERTIFICATE-----
+"""
+
+    subject = DigiCertIssuerPlugin()
+    adapter = requests_mock.Adapter()
+    adapter.register_uri('POST', 'mock://www.digicert.com/services/v2/order/certificate/ssl', text=json.dumps({'id': 'id123'}))
+    adapter.register_uri('GET', 'mock://www.digicert.com/services/v2/order/certificate/id123', text=json.dumps({'status': 'issued', 'certificate': {'id': 'cert123'}}))
+    adapter.register_uri('GET', 'mock://www.digicert.com/services/v2/certificate/cert123/download/format/pem_all', text=pem_fixture)
+    subject.session.mount('mock', adapter)
+
+    cert, intermediate = subject.create_certificate("", {'common_name': 'test.com'})
+
+    assert cert == "-----BEGIN CERTIFICATE-----\nabc\n-----END CERTIFICATE-----"
+    assert intermediate == "-----BEGIN CERTIFICATE-----\ndef\n-----END CERTIFICATE-----"
diff --git a/lemur/tests/conf.py b/lemur/tests/conf.py
index 6661c040..d29265f4 100644
--- a/lemur/tests/conf.py
+++ b/lemur/tests/conf.py
@@ -68,11 +68,10 @@ LEMUR_INSTANCE_PROFILE = 'Lemur'
 # CLOUDCA_DEFAULT_VALIDITY = 2
 
 
-DIGICERT_URL = 'https://www.digicert.com'
+DIGICERT_URL = 'mock://www.digicert.com'
 DIGICERT_API_KEY = 'api-key'
 DIGICERT_ORG_ID = 111111
 DIGICERT_ROOT = "ROOT"
-DIGICERT_INTERMEDIATE = "INTERMEDIATE"
 
 
 VERISIGN_URL = 'http://example.com'
diff --git a/setup.py b/setup.py
index 0c375240..0b2f3694 100644
--- a/setup.py
+++ b/setup.py
@@ -73,7 +73,8 @@ tests_require = [
     'factory-boy==2.8.1',
     'fake-factory==0.7.2',
     'pytest-flask==0.10.0',
-    'freezegun==0.3.8'
+    'freezegun==0.3.8',
+    'requests-mock==1.3.0'
 ]
 
 docs_require = [