Add CSR to certificiates

Add csr column to certificates field, as pending certificates have exposed the CSR already. This is required as generating CSR from existing certificate is will not include SANs due to OpenSSL bug: https://github.com/openssl/openssl/issues/6481 Change-Id: I9ea86c4f87067ee6d791d77dc1cce8f469cb2a22
2018-10-11 16:29:35 -07:00
parent 9d7ad28ca1
commit 75069cd52a
7 changed files with 41 additions and 2 deletions
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@ -87,6 +87,7 @@ class Certificate(db.Model):

    body = Column(Text(), nullable=False)
    chain = Column(Text())
+    csr = Column(Text())
    private_key = Column(Vault)

    issuer = Column(String(128))
@ -158,6 +159,9 @@ class Certificate(db.Model):
        if kwargs.get('chain'):
            self.chain = kwargs['chain'].strip()

+        if kwargs.get('csr'):
+            self.csr = kwargs['csr'].strip()
+
        self.notify = kwargs.get('notify', True)
        self.destinations = kwargs.get('destinations', [])
        self.notifications = kwargs.get('notifications', [])
--- a/lemur/certificates/schemas.py
+++ b/lemur/certificates/schemas.py
@ -74,7 +74,7 @@ class CertificateInputSchema(CertificateCreationSchema):
    roles = fields.Nested(AssociatedRoleSchema, missing=[], many=True)
    dns_provider = fields.Nested(AssociatedDnsProviderSchema, missing=None, allow_none=True, required=False)

-    csr = fields.String(validate=validators.csr)
+    csr = fields.String(allow_none=True, validate=validators.csr)

    key_type = fields.String(
        validate=validate.OneOf(CERTIFICATE_KEY_TYPES),
@ -156,6 +156,7 @@ class CertificateNestedOutputSchema(LemurOutputSchema):
    bits = fields.Integer()
    body = fields.String()
    chain = fields.String()
+    csr = fields.String()
    active = fields.Boolean()

    rotation = fields.Boolean()
@ -187,6 +188,7 @@ class CertificateOutputSchema(LemurOutputSchema):
    bits = fields.Integer()
    body = fields.String()
    chain = fields.String()
+    csr = fields.String()
    deleted = fields.Boolean(default=False)
    description = fields.String()
    issuer = fields.String()
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@ -72,6 +72,7 @@ class CertificatesList(AuthenticatedResource):
                    "status": null,
                    "cn": "*.test.example.net",
                    "chain": "",
+                    "csr": "-----BEGIN CERTIFICATE REQUEST-----"
                    "authority": {
                        "active": true,
                        "owner": "secure@example.com",
@ -490,6 +491,7 @@ class Certificates(AuthenticatedResource):
                "status": null,
                "cn": "*.test.example.net",
                "chain": "",
+                "csr": "-----BEGIN CERTIFICATE REQUEST-----"
                "authority": {
                    "active": true,
                    "owner": "secure@example.com",
@ -694,6 +696,7 @@ class NotificationCertificatesList(AuthenticatedResource):
                    "status": null,
                    "cn": "*.test.example.net",
                    "chain": "",
+                    "csr": "-----BEGIN CERTIFICATE REQUEST-----"
                    "authority": {
                        "active": true,
                        "owner": "secure@example.com",
@ -802,6 +805,7 @@ class CertificatesReplacementsList(AuthenticatedResource):
                    "status": null,
                    "cn": "*.test.example.net",
                    "chain": "",
+                    "csr": "-----BEGIN CERTIFICATE REQUEST-----",
                    "authority": {
                        "active": true,
                        "owner": "secure@example.com",