From 6fd47edbe300e7a30852aec0b1737b5975efde31 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Thu, 17 Nov 2016 16:19:52 -0800
Subject: [PATCH] Adds the ability to clone existing certificates. (#513)

---
 lemur/certificates/models.py                  |  13 ++
 lemur/certificates/schemas.py                 |  26 +++-
 .../certificates/certificate/certificate.js   | 127 ++++++++++++++++++
 .../certificate/certificateWizard.tpl.html    |   2 +-
 .../certificates/certificate/edit.tpl.html    |   2 +-
 .../certificates/certificate/export.tpl.html  |  74 +++++-----
 .../app/angular/certificates/services.js      |  24 +++-
 .../app/angular/certificates/view/view.js     |  21 ++-
 .../angular/certificates/view/view.tpl.html   |  29 ++--
 9 files changed, 264 insertions(+), 54 deletions(-)

diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py
index 39eafd56..4729afa9 100644
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@@ -148,6 +148,19 @@ class Certificate(db.Model):
             else_=False
         )
 
+    @property
+    def extensions(self):
+        # TODO pull the OU, O, CN, etc + other extensions.
+        names = [{'name_type': 'DNSName', 'value': x.name} for x in self.domains]
+
+        extensions = {
+            'sub_alt_names': {
+                'names': names
+            }
+        }
+
+        return extensions
+
     def get_arn(self, account_number):
         """
         Generate a valid AWS IAM arn
diff --git a/lemur/certificates/schemas.py b/lemur/certificates/schemas.py
index 036def3b..523400de 100644
--- a/lemur/certificates/schemas.py
+++ b/lemur/certificates/schemas.py
@@ -110,9 +110,17 @@ class CertificateNestedOutputSchema(LemurOutputSchema):
     chain = fields.String()
     description = fields.String()
     name = fields.String()
+
+    # Note aliasing  is the first step in deprecating these fields.
     cn = fields.String()
+    common_name = fields.String(attribute='cn')
+
     not_after = fields.DateTime()
+    validity_end = ArrowDateTime(attribute='not_after')
+
     not_before = fields.DateTime()
+    validity_start = ArrowDateTime(attribute='not_before')
+
     owner = fields.Email()
     status = fields.Boolean()
     creator = fields.Nested(UserNestedOutputSchema)
@@ -127,8 +135,6 @@ class CertificateCloneSchema(LemurOutputSchema):
 
 class CertificateOutputSchema(LemurOutputSchema):
     id = fields.Integer()
-    active = fields.Boolean()
-    notify = fields.Boolean()
     bits = fields.Integer()
     body = fields.String()
     chain = fields.String()
@@ -136,15 +142,31 @@ class CertificateOutputSchema(LemurOutputSchema):
     description = fields.String()
     issuer = fields.String()
     name = fields.String()
+
+    # Note aliasing  is the first step in deprecating these fields.
+    notify = fields.Boolean()
+    active = fields.Boolean(attribute='notify')
+
     cn = fields.String()
+    common_name = fields.String(attribute='cn')
+
     not_after = fields.DateTime()
+    validity_end = ArrowDateTime(attribute='not_after')
+
     not_before = fields.DateTime()
+    validity_start = ArrowDateTime(attribute='not_before')
+
     owner = fields.Email()
     san = fields.Boolean()
     serial = fields.String()
     signing_algorithm = fields.String()
+
     status = fields.Boolean()
     user = fields.Nested(UserNestedOutputSchema)
+
+    extensions = fields.Nested(ExtensionSchema)
+
+    # associated objects
     domains = fields.Nested(DomainNestedOutputSchema, many=True)
     destinations = fields.Nested(DestinationNestedOutputSchema, many=True)
     notifications = fields.Nested(NotificationNestedOutputSchema, many=True)
diff --git a/lemur/static/app/angular/certificates/certificate/certificate.js b/lemur/static/app/angular/certificates/certificate/certificate.js
index d7832115..104259a0 100644
--- a/lemur/static/app/angular/certificates/certificate/certificate.js
+++ b/lemur/static/app/angular/certificates/certificate/certificate.js
@@ -208,4 +208,131 @@ angular.module('lemur')
     $scope.authorityService = AuthorityService;
     $scope.destinationService = DestinationService;
     $scope.notificationService = NotificationService;
+  })
+
+.controller('CertificateCloneController', function ($scope, $uibModalInstance, CertificateApi, CertificateService, DestinationService, AuthorityService, AuthorityApi, PluginService, MomentService, WizardHandler, LemurRestangular, NotificationService, toaster, editId) {
+  CertificateApi.get(editId).then(function (certificate) {
+    $scope.certificate = certificate;
+    $scope.certificate.name = ''; // we should prefer the generated name.
+    CertificateService.getDefaults($scope.certificate);
   });
+
+  $scope.cancel = function () {
+    $uibModalInstance.dismiss('cancel');
+  };
+
+  $scope.getAuthoritiesByName = function (value) {
+    return AuthorityService.findAuthorityByName(value).then(function (authorities) {
+      $scope.authorities = authorities;
+    });
+  };
+
+  $scope.dateOptions = {
+    formatYear: 'yy',
+    maxDate: new Date(2020, 5, 22),
+    minDate: new Date(),
+    startingDay: 1
+  };
+
+
+  $scope.open1 = function() {
+    $scope.popup1.opened = true;
+  };
+
+  $scope.open2 = function() {
+    $scope.popup2.opened = true;
+  };
+
+  $scope.formats = ['dd-MMMM-yyyy', 'yyyy/MM/dd', 'dd.MM.yyyy', 'shortDate'];
+  $scope.format = $scope.formats[0];
+  $scope.altInputFormats = ['M!/d!/yyyy'];
+
+  $scope.popup1 = {
+    opened: false
+  };
+
+  $scope.popup2 = {
+    opened: false
+  };
+
+  $scope.clearDates = function () {
+    $scope.certificate.validityStart = null;
+    $scope.certificate.validityEnd = null;
+    $scope.certificate.validityYears = null;
+  };
+
+  $scope.create = function (certificate) {
+    WizardHandler.wizard().context.loading = true;
+    CertificateService.create(certificate).then(
+      function () {
+        toaster.pop({
+          type: 'success',
+          title: certificate.name,
+          body: 'Successfully created!'
+        });
+        $uibModalInstance.close();
+      },
+      function (response) {
+        toaster.pop({
+          type: 'error',
+          title: certificate.name,
+          body: 'lemur-bad-request',
+          bodyOutputType: 'directive',
+          directiveData: response.data,
+          timeout: 100000
+        });
+
+        WizardHandler.wizard().context.loading = false;
+      });
+  };
+
+  $scope.templates = [
+    {
+      'name': 'Client Certificate',
+      'description': '',
+      'extensions': {
+        'basicConstraints': {},
+        'keyUsage': {
+          'isCritical': true,
+          'useDigitalSignature': true
+        },
+        'extendedKeyUsage': {
+          'isCritical': true,
+          'useClientAuthentication': true
+        },
+        'subjectKeyIdentifier': {
+          'includeSKI': true
+        }
+      }
+    },
+    {
+      'name': 'Server Certificate',
+      'description': '',
+      'extensions' : {
+        'basicConstraints': {},
+        'keyUsage': {
+          'isCritical': true,
+          'useKeyEncipherment': true,
+          'useDigitalSignature': true
+        },
+        'extendedKeyUsage': {
+          'isCritical': true,
+          'useServerAuthentication': true
+        },
+        'subjectKeyIdentifier': {
+          'includeSKI': true
+        }
+      }
+    }
+  ];
+
+
+  PluginService.getByType('destination').then(function (plugins) {
+    $scope.plugins = plugins;
+  });
+
+  $scope.certificateService = CertificateService;
+  $scope.authorityService = AuthorityService;
+  $scope.destinationService = DestinationService;
+  $scope.notificationService = NotificationService;
+});
diff --git a/lemur/static/app/angular/certificates/certificate/certificateWizard.tpl.html b/lemur/static/app/angular/certificates/certificate/certificateWizard.tpl.html
index db69afd4..89bfa137 100644
--- a/lemur/static/app/angular/certificates/certificate/certificateWizard.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/certificateWizard.tpl.html
@@ -1,6 +1,6 @@
 <div class="modal-header">
     <button type="button" class="close" ng-click="cancel()" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-    <h3 class="modal-title"><span ng-show="!certificate.id">Create</span><span ng-show="certificate.id">Edit</span> Certificate <span class="text-muted"><small>encrypt all the things</small></span></h3>
+    <h3 class="modal-title">Create Certificate <span class="text-muted"><small>encrypt all the things</small></span></h3>
 </div>
 <div class="modal-body">
     <div>
diff --git a/lemur/static/app/angular/certificates/certificate/edit.tpl.html b/lemur/static/app/angular/certificates/certificate/edit.tpl.html
index cf76bbd7..549f0c28 100644
--- a/lemur/static/app/angular/certificates/certificate/edit.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/edit.tpl.html
@@ -1,6 +1,6 @@
 <div class="modal-header">
     <button type="button" class="close" ng-click="cancel()" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-    <h3>Edit <span class="text-muted"><small>{{ certificate.name }}</small></span></h3>
+    <h3 class="modal-title">Edit <span class="text-muted"><small>{{ certificate.name }}</small></span></h3>
 </div>
 <div class="modal-body">
     <form name="editForm" class="form-horizontal" role="form" novalidate>
diff --git a/lemur/static/app/angular/certificates/certificate/export.tpl.html b/lemur/static/app/angular/certificates/certificate/export.tpl.html
index c2a1f637..620c6585 100644
--- a/lemur/static/app/angular/certificates/certificate/export.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/export.tpl.html
@@ -1,43 +1,51 @@
 <div class="modal-header">
-  <div class="modal-title">
-    <button type="button" class="close" ng-click="cancel()" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-    <h3 class="modal-header">Export <span class="text-muted"><small>{{ certificate.name }}</small></span></h3>
-  </div>
-  <div class="modal-body">
+    <button type="button" class="close" ng-click="cancel()" aria-label="Close"><span aria-hidden="true">&times;</span>
+    </button>
+    <h3 class="modal-title">Export <span class="text-muted"><small>{{ certificate.name }}</small></span></h3>
+</div>
+<div class="modal-body">
     <form ng-show="!passphrase" name="exportForm" class="form-horizontal" role="form" novalidate>
-      <div class="form-group">
-        <label class="control-label col-sm-2">
-          Plugin
-        </label>
-        <div class="col-sm-10">
-          <select class="form-control" ng-model="certificate.plugin" ng-options="plugin.title for plugin in plugins" required></select>
-        </div>
-      </div>
-      <div class="form-group" ng-repeat="item in certificate.plugin.pluginOptions">
-        <ng-form name="subForm" class="form-horizontal" role="form" novalidate>
-          <div ng-class="{'has-error': subForm.sub.$invalid, 'has-success': !subForm.sub.$invalid&&subForm.sub.$dirty}">
+        <div class="form-group">
             <label class="control-label col-sm-2">
-              {{ item.name | titleCase }}
+                Plugin
             </label>
             <div class="col-sm-10">
-              <input name="sub" ng-if="item.type == 'int'" type="number" ng-pattern="/^[0-9]{12,12}$/" class="form-control" ng-model="item.value"/>
-              <select name="sub" ng-if="item.type == 'select'" class="form-control" ng-options="i for i in item.available" ng-model="item.value"></select>
-              <input name="sub" ng-if="item.type == 'bool'" class="form-control" type="checkbox" ng-model="item.value">
-              <input name="sub" ng-if="item.type == 'str'" type="text" class="form-control" ng-model="item.value" ng-pattern="item.validation"/>
-              <p ng-show="subForm.sub.$invalid && !subForm.sub.$pristine" class="help-block">{{ item.helpMessage }}</p>
+                <select class="form-control" ng-model="certificate.plugin"
+                        ng-options="plugin.title for plugin in plugins" required></select>
             </div>
-          </div>
-        </ng-form>
-      </div>
+        </div>
+        <div class="form-group" ng-repeat="item in certificate.plugin.pluginOptions">
+            <ng-form name="subForm" class="form-horizontal" role="form" novalidate>
+                <div
+                  ng-class="{'has-error': subForm.sub.$invalid, 'has-success': !subForm.sub.$invalid&&subForm.sub.$dirty}">
+                    <label class="control-label col-sm-2">
+                        {{ item.name | titleCase }}
+                    </label>
+                    <div class="col-sm-10">
+                        <input name="sub" ng-if="item.type == 'int'" type="number" ng-pattern="/^[0-9]{12,12}$/"
+                               class="form-control" ng-model="item.value"/>
+                        <select name="sub" ng-if="item.type == 'select'" class="form-control"
+                                ng-options="i for i in item.available" ng-model="item.value"></select>
+                        <input name="sub" ng-if="item.type == 'bool'" class="form-control" type="checkbox"
+                               ng-model="item.value">
+                        <input name="sub" ng-if="item.type == 'str'" type="text" class="form-control"
+                               ng-model="item.value" ng-pattern="item.validation"/>
+                        <p ng-show="subForm.sub.$invalid && !subForm.sub.$pristine"
+                           class="help-block">{{ item.helpMessage }}</p>
+                    </div>
+                </div>
+            </ng-form>
+        </div>
     </form>
     <div ng-show="passphrase">
-      <h3>Successfully exported!</h3>
-      <h4>Your passphrase is: <strong>{{ passphrase }}</strong></h4>
-      <p ng-show="additional">{{ additional }}</p>
+        <h3>Successfully exported!</h3>
+        <h4>Your passphrase is: <strong>{{ passphrase }}</strong></h4>
+        <p ng-show="additional">{{ additional }}</p>
     </div>
-  </div>
-  <div class="modal-footer">
-    <button type="submit" ng-show="!passphrase" ng-click="save(certificate)" ng-disabled="exportForm.$invalid" class="btn btn-success">Export</button>
-    <button ng-click="cancel()" class="btn btn-danger">{{ passphrase ? "Close" : "Cancel" }}</button>
-  </div>
+</div>
+<div class="modal-footer">
+    <button type="submit" ng-show="!passphrase" ng-click="save(certificate)" ng-disabled="exportForm.$invalid"
+            class="btn btn-success">Export
+    </button>
+    <button ng-click="cancel()" class="btn btn-danger">{{ passphrase ? "Close" : "Cancel" }}</button>
 </div>
diff --git a/lemur/static/app/angular/certificates/services.js b/lemur/static/app/angular/certificates/services.js
index 2d1faf9c..a5938c0a 100644
--- a/lemur/static/app/angular/certificates/services.js
+++ b/lemur/static/app/angular/certificates/services.js
@@ -177,11 +177,25 @@ angular.module('lemur')
 
     CertificateService.getDefaults = function (certificate) {
       return DefaultService.get().then(function (defaults) {
-        certificate.country = defaults.country;
-        certificate.state = defaults.state;
-        certificate.location = defaults.location;
-        certificate.organization = defaults.organization;
-        certificate.organizationalUnit = defaults.organizationalUnit;
+        if (!certificate.country) {
+          certificate.country = defaults.country;
+        }
+
+        if (!certificate.state) {
+          certificate.state = defaults.state;
+        }
+
+        if (!certificate.location) {
+          certificate.location = defaults.location;
+        }
+
+        if (!certificate.organization) {
+          certificate.organization = defaults.organization;
+        }
+
+        if (!certificate.organizationalUnit) {
+          certificate.organizationalUnit = defaults.organizationalUnit;
+        }
       });
     };
 
diff --git a/lemur/static/app/angular/certificates/view/view.js b/lemur/static/app/angular/certificates/view/view.js
index f18138a9..95c17316 100644
--- a/lemur/static/app/angular/certificates/view/view.js
+++ b/lemur/static/app/angular/certificates/view/view.js
@@ -93,7 +93,7 @@ angular.module('lemur')
             body: 'Unable to update! ' + response.data.message,
             timeout: 100000
           });
-          certificate.active = false;
+          certificate.notify = false;
         });
     };
     $scope.getCertificateStatus = function () {
@@ -120,6 +120,25 @@ angular.module('lemur')
       });
     };
 
+    $scope.clone = function (certificateId) {
+      var uibModalInstance = $uibModal.open({
+        animation: true,
+        controller: 'CertificateCloneController',
+        templateUrl: '/angular/certificates/certificate/certificateWizard.tpl.html',
+        size: 'lg',
+        backdrop: 'static',
+        resolve: {
+          editId: function () {
+            return certificateId;
+          }
+        }
+      });
+
+      uibModalInstance.result.then(function () {
+        $scope.certificateTable.reload();
+      });
+    };
+
     $scope.edit = function (certificateId) {
       var uibModalInstance = $uibModal.open({
         animation: true,
diff --git a/lemur/static/app/angular/certificates/view/view.tpl.html b/lemur/static/app/angular/certificates/view/view.tpl.html
index 8100e1f3..7387741e 100644
--- a/lemur/static/app/angular/certificates/view/view.tpl.html
+++ b/lemur/static/app/angular/certificates/view/view.tpl.html
@@ -42,17 +42,24 @@
             <td data-title="'Common Name'" filter="{ 'cn': 'text'}">
               {{ certificate.cn }}
             </td>
-            <td class="col-md-2" data-title="''">
-              <div class="btn-group pull-right">
-                <a class="btn btn-sm btn-default" ui-sref="certificate({name: certificate.name})">Permalink</a>
-                <button ng-model="certificate.toggle" class="btn btn-sm btn-info" uib-btn-checkbox btn-checkbox-true="1"
-                        btn-checkbox-false="0">More
-                </button>
-                <button ng-click="export(certificate.id)" class="btn btn-sm btn-success">
-                  Export
-                </button>
-                <button class="btn btn-sm btn-warning" ng-click="edit(certificate.id)">Edit</button>
-              </div>
+            <td data-title="''" style="text-align: center; vertical-align: middle;">
+                <div class="btn-group pull-right" role="group" aria-label="...">
+                  <a class="btn btn-sm btn-primary" ui-sref="certificate({name: certificate.name})">Permalink</a>
+                  <button ng-model="certificate.toggle" class="btn btn-sm btn-info" uib-btn-checkbox btn-checkbox-true="1"
+                            btn-checkbox-false="0">More
+                  </button>
+                  <div class="btn-group" role="group">
+                    <button type="button" class="btn btn-sm btn-default dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                      Action
+                      <span class="caret"></span>
+                    </button>
+                    <ul class="dropdown-menu">
+                      <li><a href ng-click="edit(certificate.id)">Edit</a></li>
+                      <li><a href ng-click="clone(certificate.id)">Clone</a></li>
+                      <li><a href ng-click="export(certificate.id)">Export</a></li>
+                    </ul>
+                  </div>
+                </div>
             </td>
           </tr>
           <tr class="warning" ng-if="certificate.toggle" ng-repeat-end>