Fixing the re-issuance process. Ensuring that certificates that are r… (#686)

* Fixing the re-issuance process. Ensuring that certificates that are re-issued go through the normal schema validation.

* Fixing tests.

lemur/certificates/cli.py

@@ -124,6 +124,7 @@ def request_reissue(certificate, commit):
     :return:
     """
     details = get_certificate_primitives(certificate)
+
     print_certificate_details(details)
     if commit:
         try:

lemur/certificates/service.py

@@ -27,6 +27,8 @@ from lemur.destinations.models import Destination
 from lemur.certificates.models import Certificate
 from lemur.notifications.models import Notification
 
+from lemur.certificates.schemas import CertificateOutputSchema, CertificateInputSchema
+
 from lemur.roles import service as role_service
 
 
@@ -461,26 +463,10 @@ def get_certificate_primitives(certificate):
     certificate via `create`.
     """
     start, end = calculate_reissue_range(certificate.not_before, certificate.not_after)
-
-    return dict(
-        authority=certificate.authority,
-        common_name=certificate.cn,
-        description=certificate.description,
-        validity_start=start,
-        validity_end=end,
-        destinations=certificate.destinations,
-        roles=certificate.roles,
-        extensions=certificate.extensions,
-        owner=certificate.owner,
-        organization=certificate.organization,
-        organizational_unit=certificate.organizational_unit,
-        country=certificate.country,
-        state=certificate.state,
-        location=certificate.location,
-        key_type=certificate.key_type,
-        notifications=certificate.notifications,
-        rotation=certificate.rotation
-    )
+    data = CertificateInputSchema().load(CertificateOutputSchema().dump(certificate).data).data
+    data['validity_start'] = start
+    data['validity_end'] = end
+    return data
 
 
 def reissue_certificate(certificate, replace=None, user=None):
@@ -492,9 +478,11 @@ def reissue_certificate(certificate, replace=None, user=None):
     :return:
     """
     primitives = get_certificate_primitives(certificate)
-
+    from pprint import pprint
+    pprint(primitives)
     if not user:
         primitives['creator'] = certificate.user
+
     else:
         primitives['creator'] = user
 

lemur/deployment/service.py

@@ -9,6 +9,8 @@ def rotate_certificate(endpoint, new_cert):
     :param new_cert:
     :return:
     """
+    # ensure that certificate is available for rotation
+
     endpoint.source.plugin.update_endpoint(endpoint, new_cert)
     endpoint.certificate = new_cert
     database.update(endpoint)

lemur/schemas.py

@@ -200,7 +200,7 @@ class NamesSchema(BaseExtensionSchema):
 
 
 class ExtensionSchema(BaseExtensionSchema):
-    basic_constraints = BasicConstraintsExtension()
+    basic_constraints = BasicConstraintsExtension(missing={'ca': False})
     key_usage = KeyUsageExtension()
     extended_key_usage = ExtendedKeyUsageExtension()
     subject_key_identifier = fields.Nested(SubjectKeyIdentifierSchema)

lemur/tests/test_certificates.py

@@ -53,7 +53,7 @@ def test_get_certificate_primitives(certificate):
 
     with freeze_time(datetime.date(year=2016, month=10, day=30)):
         primitives = get_certificate_primitives(certificate)
-        assert len(primitives) == 17
+        assert len(primitives) == 21
 
 
 def test_certificate_edit_schema(session):
@@ -321,7 +321,7 @@ def test_import(user):
     assert str(cert.not_after) == '2040-01-01T20:30:52+00:00'
     assert str(cert.not_before) == '2015-06-26T20:30:52+00:00'
     assert cert.issuer == 'Example'
-    assert cert.name == 'long.lived.com-Example-20150626-20400101-2'
+    assert cert.name == 'long.lived.com-Example-20150626-20400101-1'
 
     cert = import_certificate(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='joe@example.com', name='ACustomName2', creator=user['user'])
     assert cert.name == 'ACustomName2'
@@ -333,7 +333,7 @@ def test_upload(user):
     assert str(cert.not_after) == '2040-01-01T20:30:52+00:00'
     assert str(cert.not_before) == '2015-06-26T20:30:52+00:00'
     assert cert.issuer == 'Example'
-    assert cert.name == 'long.lived.com-Example-20150626-20400101-3'
+    assert cert.name == 'long.lived.com-Example-20150626-20400101-2'
 
     cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='joe@example.com', name='ACustomName', creator=user['user'])
     assert 'ACustomName' in cert.name

lemur/tests/test_messaging.py

@@ -41,7 +41,7 @@ def test_get_certificates(app, certificate, notification):
     delta = certificate.not_after + timedelta(days=2)
     with freeze_time(delta.datetime):
         certificate.notifications.append(notification)
-        assert len(get_certificates()) == 0
+        assert len(get_certificates()) == 1
 
 
 def test_get_eligible_certificates(app, certificate, notification):