Fixing several small issues. (#341)

* Fixing several small issues. * Fixing tests.
2016-06-01 11:18:00 -07:00 · 2016-06-01 11:18:00 -07:00 · 72e3fb5bfe
parent b2539b843b
commit 72e3fb5bfe
6 changed files with 40 additions and 32 deletions
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@ -23,8 +23,8 @@ class AuthorityInputSchema(LemurInputSchema):
    description = fields.String()
    common_name = fields.String(required=True, validate=validators.sensitive_domain)

-    validity_start = fields.DateTime()
-    validity_end = fields.DateTime()
+    validity_start = fields.Date()
+    validity_end = fields.Date()
    validity_years = fields.Integer()

    # certificate body fields
--- a/lemur/authorities/service.py
+++ b/lemur/authorities/service.py
@ -45,23 +45,25 @@ def mint(**kwargs):
    """
    issuer = kwargs['plugin']['plugin_object']
    body, chain, roles = issuer.create_authority(kwargs)
+    roles = create_authority_roles(roles, kwargs['owner'], kwargs['plugin']['plugin_object'].title)
    return body, chain, roles


-def create_authority_roles(**kwargs):
+def create_authority_roles(roles, owner, plugin_title):
    """
    Creates all of the necessary authority roles.
    :param roles:
-    :param kwargs:
    :return:
    """
    role_objs = []
-    for r in kwargs['roles']:
-        role = role_service.create(
-            r['name'],
-            password=r['password'],
-            description="Auto generated role for {0}".format(kwargs['plugin']['plugin_object'].title),
-            username=r['username'])
+    for r in roles:
+        role = role_service.get_by_name(r['name'])
+        if not role:
+            role = role_service.create(
+                r['name'],
+                password=r['password'],
+                description="Auto generated role for {0}".format(plugin_title),
+                username=r['username'])

        # the user creating the authority should be able to administer it
        if role.username == 'admin':
@ -70,11 +72,11 @@ def create_authority_roles(**kwargs):
        role_objs.append(role)

    # create an role for the owner and assign it
-    owner_role = role_service.get_by_name(kwargs['owner'])
+    owner_role = role_service.get_by_name(owner)
    if not owner_role:
        owner_role = role_service.create(
-            kwargs['owner'],
-            description="Auto generated role based on owner: {0}".format(kwargs['owner'])
+            owner,
+            description="Auto generated role based on owner: {0}".format(owner)
        )

    role_objs.append(owner_role)
@ -96,8 +98,6 @@ def create(**kwargs):
    else:
        kwargs['roles'] = roles

-    kwargs['roles'] = create_authority_roles(**kwargs)
-
    if kwargs['type'] == 'subca':
        description = "This is the ROOT certificate for the {0} sub certificate authority the parent \
                                authority is {1}.".format(kwargs.get('name'), kwargs.get('parent'))
@ -162,11 +162,8 @@ def get_authority_role(ca_name):
        # TODO we should pick admin ca roles for admin
        return authority.roles[0]
    else:
-        for role in g.current_user.roles:
-            if role.authority:
-                for authority in role.authorities:
-                    if authority.name == ca_name:
-                        return role
+        authority = get_by_name(ca_name)
+        return authority.roles[1]


 def render(args):
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -125,10 +125,7 @@ def create_certificate_roles(**kwargs):
            description="Auto generated role based on owner: {0}".format(kwargs['owner'])
        )

-    if kwargs.get('roles'):
-        kwargs['roles'].append(owner_role)
-
-    return kwargs
+    return [owner_role]


 def mint(**kwargs):
@ -180,7 +177,12 @@ def upload(**kwargs):
    """
    Allows for pre-made certificates to be imported into Lemur.
    """
-    kwargs = create_certificate_roles(**kwargs)
+    roles = create_certificate_roles(**kwargs)
+
+    if kwargs.get('roles'):
+        kwargs['roles'] += roles
+    else:
+        kwargs['roles'] = roles

    cert = Certificate(**kwargs)

@ -205,7 +207,12 @@ def create(**kwargs):
    kwargs['private_key'] = private_key
    kwargs['chain'] = cert_chain

-    kwargs = create_certificate_roles(**kwargs)
+    roles = create_certificate_roles(**kwargs)
+
+    if kwargs.get('roles'):
+        kwargs['roles'] += roles
+    else:
+        kwargs['roles'] = roles

    cert = Certificate(**kwargs)

@ -214,6 +221,7 @@ def create(**kwargs):
        cert.name = kwargs['name']

    g.user.certificates.append(cert)
+    cert.authority = kwargs['authority']
    database.commit()

    metrics.send('certificate_issued', 'counter', 1, metric_tags=dict(owner=cert.owner, issuer=cert.issuer))
--- a/lemur/common/defaults.py
+++ b/lemur/common/defaults.py
@ -1,4 +1,4 @@
-
+import sys
 from flask import current_app
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
@ -6,7 +6,10 @@ from lemur.constants import SAN_NAMING_TEMPLATE, DEFAULT_NAMING_TEMPLATE


 def parse_certificate(body):
-    return x509.load_pem_x509_certificate(bytes(body), default_backend())
+    if sys.version_info >= (3, 0):
+        return x509.load_pem_x509_certificate(body, default_backend())
+    else:
+        return x509.load_pem_x509_certificate(bytes(body), default_backend())


 def certificate_name(common_name, issuer, not_before, not_after, san):
--- a/lemur/common/validators.py
+++ b/lemur/common/validators.py
@ -102,10 +102,10 @@ def dates(data):
            raise ValidationError('Validity start must be before validity end.')

        if data.get('authority'):
-            if data.get('validity_start').replace(tzinfo=None) < data['authority'].authority_certificate.not_before:
+            if data.get('validity_start').replace(hour=0, minute=0, second=0, tzinfo=None) < data['authority'].authority_certificate.not_before.replace(hour=0, minute=0, second=0):
                raise ValidationError('Validity start must not be before {0}'.format(data['authority'].authority_certificate.not_before))

-            if data.get('validity_end').replace(tzinfo=None) > data['authority'].authority_certificate.not_after:
+            if data.get('validity_end').replace(hour=0, minute=0, second=0, tzinfo=None) > data['authority'].authority_certificate.not_after.replace(hour=0, minute=0, second=0):
                raise ValidationError('Validity end must not be after {0}'.format(data['authority'].authority_certificate.not_after))

    if data.get('validity_years'):
--- a/lemur/tests/test_certificates.py
+++ b/lemur/tests/test_certificates.py
@ -187,8 +187,8 @@ def test_certificate_valid_dates(client, authority):
        'owner': 'jim@example.com',
        'authority': {'id': authority.id},
        'description': 'testtestest',
-        'validityStart': '2020-01-01T00:21:34.513631',
-        'validityEnd': '2020-01-01T00:22:34.513631'
+        'validityStart': '2020-01-01T00:00:00',
+        'validityEnd': '2020-01-01T00:00:01'
    }

    data, errors = CertificateInputSchema().load(input_data)