Merge branch 'master' into validity

lemur/certificates/models.py

@@ -9,9 +9,10 @@ from datetime import timedelta
 
 import arrow
 from cryptography import x509
-from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives.asymmetric import rsa, ec
 from flask import current_app
 from idna.core import InvalidCodepoint
+from lemur.common.utils import get_key_type_from_ec_curve
 from sqlalchemy import (
     event,
     Integer,
@@ -302,6 +303,8 @@ class Certificate(db.Model):
             return "RSA{key_size}".format(
                 key_size=self.parsed_cert.public_key().key_size
             )
+        elif isinstance(self.parsed_cert.public_key(), ec.EllipticCurvePublicKey):
+            return get_key_type_from_ec_curve(self.parsed_cert.public_key().curve.name)
 
     @property
     def validity_remaining(self):

lemur/certificates/schemas.py

@@ -148,6 +148,13 @@ class CertificateInputSchema(CertificateCreationSchema):
                 data["extensions"]["subAltNames"]["names"] = []
 
             data["extensions"]["subAltNames"]["names"] = csr_sans
+
+            common_name = cert_utils.get_cn_from_csr(data["csr"])
+            if common_name:
+                data["common_name"] = common_name
+            key_type = cert_utils.get_key_type_from_csr(data["csr"])
+            if key_type:
+                data["key_type"] = key_type
         return missing.convert_validity_years(data)
 
 

lemur/certificates/utils.py

@@ -12,6 +12,8 @@ Utils to parse certificate data.
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from marshmallow.exceptions import ValidationError
+from cryptography.hazmat.primitives.asymmetric import rsa, ec
+from lemur.common.utils import get_key_type_from_ec_curve
 
 
 def get_sans_from_csr(data):
@@ -39,3 +41,45 @@ def get_sans_from_csr(data):
         pass
 
     return sub_alt_names
+
+
+def get_cn_from_csr(data):
+    """
+    Fetches common name (CN) from CSR.
+    Works with any kind of SubjectAlternativeName
+    :param data: PEM-encoded string with CSR
+    :return: the common name
+    """
+    try:
+        request = x509.load_pem_x509_csr(data.encode("utf-8"), default_backend())
+    except Exception:
+        raise ValidationError("CSR presented is not valid.")
+
+    common_name = request.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)
+    return common_name[0].value
+
+
+def get_key_type_from_csr(data):
+    """
+    Fetches key_type from CSR.
+    Works with any kind of SubjectAlternativeName
+    :param data: PEM-encoded string with CSR
+    :return: key_type
+    """
+    try:
+        request = x509.load_pem_x509_csr(data.encode("utf-8"), default_backend())
+    except Exception:
+        raise ValidationError("CSR presented is not valid.")
+
+    try:
+        if isinstance(request.public_key(), rsa.RSAPublicKey):
+            return "RSA{key_size}".format(
+                key_size=request.public_key().key_size
+            )
+        elif isinstance(request.public_key(), ec.EllipticCurvePublicKey):
+            return get_key_type_from_ec_curve(request.public_key().curve.name)
+        else:
+            raise Exception("Unsupported key type")
+
+    except NotImplemented:
+        raise NotImplemented()