Merge branch 'master' into master

2019-01-29 16:30:15 -08:00
parent 48ad20faca 0a392b7bac
commit 7f4f4ffded
11 changed files with 98 additions and 60 deletions
--- a/lemur/plugins/lemur_acme/dyn.py
+++ b/lemur/plugins/lemur_acme/dyn.py
@ -5,7 +5,7 @@ import dns.exception
 import dns.name
 import dns.query
 import dns.resolver
-from dyn.tm.errors import DynectCreateError
+from dyn.tm.errors import DynectCreateError, DynectGetError
 from dyn.tm.session import DynectSession
 from dyn.tm.zones import Node, Zone, get_all_zones
 from flask import current_app
@ -119,7 +119,11 @@ def delete_txt_record(change_id, account_number, domain, token):
    zone = Zone(zone_name)
    node = Node(zone_name, fqdn)

-    all_txt_records = node.get_all_records_by_type('TXT')
+    try:
+        all_txt_records = node.get_all_records_by_type('TXT')
+    except DynectGetError:
+        # No Text Records remain or host is not in the zone anymore because all records have been deleted.
+        return
    for txt_record in all_txt_records:
        if txt_record.txtdata == ("{}".format(token)):
            current_app.logger.debug("Deleting TXT record name: {0}".format(fqdn))
--- a/lemur/plugins/lemur_cfssl/plugin.py
+++ b/lemur/plugins/lemur_cfssl/plugin.py
@ -10,6 +10,9 @@

 import json
 import requests
+import base64
+import hmac
+import hashlib

 from flask import current_app

@ -48,6 +51,21 @@ class CfsslIssuerPlugin(IssuerPlugin):
        data = {'certificate_request': csr}
        data = json.dumps(data)

+        try:
+            hex_key = current_app.config.get('CFSSL_KEY')
+            key = bytes.fromhex(hex_key)
+        except (ValueError, NameError):
+            # unable to find CFSSL_KEY in config, continue using normal sign method
+            pass
+        else:
+            data = data.encode()
+
+            token = base64.b64encode(hmac.new(key, data, digestmod=hashlib.sha256).digest())
+            data = base64.b64encode(data)
+
+            data = json.dumps({'token': token.decode('utf-8'), 'request': data.decode('utf-8')})
+
+            url = "{0}{1}".format(current_app.config.get('CFSSL_URL'), '/api/v1/cfssl/authsign')
        response = self.session.post(url, data=data.encode(encoding='utf_8', errors='strict'))
        if response.status_code > 399:
            metrics.send('cfssl_create_certificate_failure', 'counter', 1)