Ensuring that acme and cryptography respect different key types (#554)

2016-12-02 10:54:18 -08:00
parent 0f5e925a1a
commit 7f823a04cd
8 changed files with 89 additions and 55 deletions
--- a/lemur/plugins/lemur_acme/plugin.py
+++ b/lemur/plugins/lemur_acme/plugin.py
@ -16,9 +16,10 @@ from acme.client import Client
 from acme import jose
 from acme import messages

+from lemur.common.utils import generate_private_key
+
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives.asymmetric import rsa

 import OpenSSL.crypto

@ -101,12 +102,6 @@ def request_certificate(acme_client, authorizations, csr):
    return pem_certificate, pem_certificate_chain


-def generate_rsa_private_key():
-    return rsa.generate_private_key(
-        public_exponent=65537, key_size=2048, backend=default_backend()
-    )
-
-
 def setup_acme_client():
    key = current_app.config.get('ACME_PRIVATE_KEY').strip()
    acme_email = current_app.config.get('ACME_EMAIL')
@ -127,7 +122,7 @@ def acme_client_for_private_key(acme_directory_url, private_key):


 def register(email):
-    private_key = generate_rsa_private_key()
+    private_key = generate_private_key('RSA2048')
    acme_client = acme_client_for_private_key(current_app.config('ACME_DIRECTORY_URL'), private_key)

    registration = acme_client.register(
--- a/lemur/plugins/lemur_cryptography/plugin.py
+++ b/lemur/plugins/lemur_cryptography/plugin.py
@ -13,19 +13,15 @@ from flask import current_app
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, serialization
-from cryptography.hazmat.primitives.asymmetric import rsa
-

 from lemur.plugins.bases import IssuerPlugin
 from lemur.plugins import lemur_cryptography as cryptography_issuer

+from lemur.common.utils import generate_private_key
+

 def build_root_certificate(options):
-    private_key = rsa.generate_private_key(
-        public_exponent=65537,
-        key_size=2048,
-        backend=default_backend()
-    )
+    private_key = generate_private_key(options.get('key_type'))

    subject = issuer = x509.Name([
        x509.NameAttribute(x509.OID_COUNTRY_NAME, options['country']),
--- a/lemur/plugins/lemur_cryptography/tests/test_cryptography.py
+++ b/lemur/plugins/lemur_cryptography/tests/test_cryptography.py
@ -0,0 +1,36 @@
+import arrow
+
+
+def test_build_root_certificate():
+    from lemur.plugins.lemur_cryptography.plugin import build_root_certificate
+
+    options = {
+        'key_type': 'RSA2048',
+        'country': 'US',
+        'state': 'CA',
+        'location': 'Example place',
+        'organization': 'Example, Inc.',
+        'organizational_unit': 'Example Unit',
+        'common_name': 'Example ROOT',
+        'validity_start': arrow.get('2016-12-01').datetime,
+        'validity_end': arrow.get('2016-12-02').datetime,
+        'first_serial': 1
+
+    }
+    cert_pem, private_key_pem = build_root_certificate(options)
+
+    assert cert_pem
+    assert private_key_pem
+
+
+def test_issue_certificate(authority):
+    from lemur.tests.vectors import CSR_STR
+    from lemur.plugins.lemur_cryptography.plugin import issue_certificate
+
+    options = {
+        'authority': authority,
+        'validity_start': arrow.get('2016-12-01').datetime,
+        'validity_end': arrow.get('2016-12-02').datetime
+    }
+    cert = issue_certificate(CSR_STR, options)
+    assert cert