Merge branch 'master' into master

lemur/certificates/models.py

@@ -227,6 +227,10 @@ class Certificate(db.Model):
     def location(self):
         return defaults.location(self.parsed_cert)
 
+    @property
+    def distinguished_name(self):
+        return self.parsed_cert.subject.rfc4514_string()
+
     @property
     def key_type(self):
         if isinstance(self.parsed_cert.public_key(), rsa.RSAPublicKey):

lemur/certificates/schemas.py

@@ -206,6 +206,7 @@ class CertificateOutputSchema(LemurOutputSchema):
 
     cn = fields.String()
     common_name = fields.String(attribute='cn')
+    distinguished_name = fields.String()
 
     not_after = fields.DateTime()
     validity_end = ArrowDateTime(attribute='not_after')

lemur/manage.py

@@ -273,10 +273,11 @@ class CreateUser(Command):
         Option('-u', '--username', dest='username', required=True),
         Option('-e', '--email', dest='email', required=True),
         Option('-a', '--active', dest='active', default=True),
-        Option('-r', '--roles', dest='roles', action='append', default=[])
+        Option('-r', '--roles', dest='roles', action='append', default=[]),
+        Option('-p', '--password', dest='password', default=None)
     )
 
-    def run(self, username, email, active, roles):
+    def run(self, username, email, active, roles, password):
         role_objs = []
         for r in roles:
             role_obj = role_service.get_by_name(r)
@@ -286,14 +287,16 @@ class CreateUser(Command):
                 sys.stderr.write("[!] Cannot find role {0}\n".format(r))
                 sys.exit(1)
 
-        password1 = prompt_pass("Password")
-        password2 = prompt_pass("Confirm Password")
+        if not password:
+            password1 = prompt_pass("Password")
+            password2 = prompt_pass("Confirm Password")
+            password = password1
 
-        if password1 != password2:
-            sys.stderr.write("[!] Passwords do not match!\n")
-            sys.exit(1)
+            if password1 != password2:
+                sys.stderr.write("[!] Passwords do not match!\n")
+                sys.exit(1)
 
-        user_service.create(username, password1, email, active, None, role_objs)
+        user_service.create(username, password, email, active, None, role_objs)
         sys.stdout.write("[+] Created new user: {0}\n".format(username))
 
 

lemur/plugins/lemur_acme/dyn.py

@@ -5,7 +5,7 @@ import dns.exception
 import dns.name
 import dns.query
 import dns.resolver
-from dyn.tm.errors import DynectCreateError
+from dyn.tm.errors import DynectCreateError, DynectGetError
 from dyn.tm.session import DynectSession
 from dyn.tm.zones import Node, Zone, get_all_zones
 from flask import current_app
@@ -119,7 +119,11 @@ def delete_txt_record(change_id, account_number, domain, token):
     zone = Zone(zone_name)
     node = Node(zone_name, fqdn)
 
-    all_txt_records = node.get_all_records_by_type('TXT')
+    try:
+        all_txt_records = node.get_all_records_by_type('TXT')
+    except DynectGetError:
+        # No Text Records remain or host is not in the zone anymore because all records have been deleted.
+        return
     for txt_record in all_txt_records:
         if txt_record.txtdata == ("{}".format(token)):
             current_app.logger.debug("Deleting TXT record name: {0}".format(fqdn))

lemur/plugins/lemur_cfssl/plugin.py

@@ -10,6 +10,9 @@
 
 import json
 import requests
+import base64
+import hmac
+import hashlib
 
 from flask import current_app
 
@@ -48,6 +51,21 @@ class CfsslIssuerPlugin(IssuerPlugin):
         data = {'certificate_request': csr}
         data = json.dumps(data)
 
+        try:
+            hex_key = current_app.config.get('CFSSL_KEY')
+            key = bytes.fromhex(hex_key)
+        except (ValueError, NameError):
+            # unable to find CFSSL_KEY in config, continue using normal sign method
+            pass
+        else:
+            data = data.encode()
+
+            token = base64.b64encode(hmac.new(key, data, digestmod=hashlib.sha256).digest())
+            data = base64.b64encode(data)
+
+            data = json.dumps({'token': token.decode('utf-8'), 'request': data.decode('utf-8')})
+
+            url = "{0}{1}".format(current_app.config.get('CFSSL_URL'), '/api/v1/cfssl/authsign')
         response = self.session.post(url, data=data.encode(encoding='utf_8', errors='strict'))
         if response.status_code > 399:
             metrics.send('cfssl_create_certificate_failure', 'counter', 1)

lemur/static/app/angular/certificates/view/view.tpl.html

@@ -83,6 +83,8 @@
                     </div>
                     <!-- Certificate fields -->
                     <div class="list-group-item">
+                      <dt>Distinguished Name</dt>
+                      <dd>{{ certificate.distinguishedName }}</dd>
                       <dt>Certificate Authority</dt>
                       <dd>{{ certificate.authority ? certificate.authority.name : "Imported" }} <span class="text-muted">({{ certificate.issuer }})</span></dd>
                       <dt>Serial</dt>

lemur/tests/test_certificates.py

@@ -619,6 +619,12 @@ def test_certificate_get_body(client):
     response_body = client.get(api.url_for(Certificates, certificate_id=1), headers=VALID_USER_HEADER_TOKEN).json
     assert response_body['serial'] == '211983098819107449768450703123665283596'
     assert response_body['serialHex'] == '9F7A75B39DAE4C3F9524C68B06DA6A0C'
+    assert response_body['distinguishedName'] == ('CN=LemurTrust Unittests Class 1 CA 2018,'
+                                                  'O=LemurTrust Enterprises Ltd,'
+                                                  'OU=Unittesting Operations Center,'
+                                                  'C=EE,'
+                                                  'ST=N/A,'
+                                                  'L=Earth')
 
 
 @pytest.mark.parametrize("token,status", [