Fixing the re-issuance process. Ensuring that certificates that are r… (#686)
* Fixing the re-issuance process. Ensuring that certificates that are re-issued go through the normal schema validation. * Fixing tests.
This commit is contained in:
parent
0326e1031f
commit
8afcb50a39
@ -124,6 +124,7 @@ def request_reissue(certificate, commit):
|
||||
:return:
|
||||
"""
|
||||
details = get_certificate_primitives(certificate)
|
||||
|
||||
print_certificate_details(details)
|
||||
if commit:
|
||||
try:
|
||||
|
@ -27,6 +27,8 @@ from lemur.destinations.models import Destination
|
||||
from lemur.certificates.models import Certificate
|
||||
from lemur.notifications.models import Notification
|
||||
|
||||
from lemur.certificates.schemas import CertificateOutputSchema, CertificateInputSchema
|
||||
|
||||
from lemur.roles import service as role_service
|
||||
|
||||
|
||||
@ -461,26 +463,10 @@ def get_certificate_primitives(certificate):
|
||||
certificate via `create`.
|
||||
"""
|
||||
start, end = calculate_reissue_range(certificate.not_before, certificate.not_after)
|
||||
|
||||
return dict(
|
||||
authority=certificate.authority,
|
||||
common_name=certificate.cn,
|
||||
description=certificate.description,
|
||||
validity_start=start,
|
||||
validity_end=end,
|
||||
destinations=certificate.destinations,
|
||||
roles=certificate.roles,
|
||||
extensions=certificate.extensions,
|
||||
owner=certificate.owner,
|
||||
organization=certificate.organization,
|
||||
organizational_unit=certificate.organizational_unit,
|
||||
country=certificate.country,
|
||||
state=certificate.state,
|
||||
location=certificate.location,
|
||||
key_type=certificate.key_type,
|
||||
notifications=certificate.notifications,
|
||||
rotation=certificate.rotation
|
||||
)
|
||||
data = CertificateInputSchema().load(CertificateOutputSchema().dump(certificate).data).data
|
||||
data['validity_start'] = start
|
||||
data['validity_end'] = end
|
||||
return data
|
||||
|
||||
|
||||
def reissue_certificate(certificate, replace=None, user=None):
|
||||
@ -492,9 +478,11 @@ def reissue_certificate(certificate, replace=None, user=None):
|
||||
:return:
|
||||
"""
|
||||
primitives = get_certificate_primitives(certificate)
|
||||
|
||||
from pprint import pprint
|
||||
pprint(primitives)
|
||||
if not user:
|
||||
primitives['creator'] = certificate.user
|
||||
|
||||
else:
|
||||
primitives['creator'] = user
|
||||
|
||||
|
@ -9,6 +9,8 @@ def rotate_certificate(endpoint, new_cert):
|
||||
:param new_cert:
|
||||
:return:
|
||||
"""
|
||||
# ensure that certificate is available for rotation
|
||||
|
||||
endpoint.source.plugin.update_endpoint(endpoint, new_cert)
|
||||
endpoint.certificate = new_cert
|
||||
database.update(endpoint)
|
||||
|
@ -200,7 +200,7 @@ class NamesSchema(BaseExtensionSchema):
|
||||
|
||||
|
||||
class ExtensionSchema(BaseExtensionSchema):
|
||||
basic_constraints = BasicConstraintsExtension()
|
||||
basic_constraints = BasicConstraintsExtension(missing={'ca': False})
|
||||
key_usage = KeyUsageExtension()
|
||||
extended_key_usage = ExtendedKeyUsageExtension()
|
||||
subject_key_identifier = fields.Nested(SubjectKeyIdentifierSchema)
|
||||
|
@ -53,7 +53,7 @@ def test_get_certificate_primitives(certificate):
|
||||
|
||||
with freeze_time(datetime.date(year=2016, month=10, day=30)):
|
||||
primitives = get_certificate_primitives(certificate)
|
||||
assert len(primitives) == 17
|
||||
assert len(primitives) == 21
|
||||
|
||||
|
||||
def test_certificate_edit_schema(session):
|
||||
@ -321,7 +321,7 @@ def test_import(user):
|
||||
assert str(cert.not_after) == '2040-01-01T20:30:52+00:00'
|
||||
assert str(cert.not_before) == '2015-06-26T20:30:52+00:00'
|
||||
assert cert.issuer == 'Example'
|
||||
assert cert.name == 'long.lived.com-Example-20150626-20400101-2'
|
||||
assert cert.name == 'long.lived.com-Example-20150626-20400101-1'
|
||||
|
||||
cert = import_certificate(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='joe@example.com', name='ACustomName2', creator=user['user'])
|
||||
assert cert.name == 'ACustomName2'
|
||||
@ -333,7 +333,7 @@ def test_upload(user):
|
||||
assert str(cert.not_after) == '2040-01-01T20:30:52+00:00'
|
||||
assert str(cert.not_before) == '2015-06-26T20:30:52+00:00'
|
||||
assert cert.issuer == 'Example'
|
||||
assert cert.name == 'long.lived.com-Example-20150626-20400101-3'
|
||||
assert cert.name == 'long.lived.com-Example-20150626-20400101-2'
|
||||
|
||||
cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='joe@example.com', name='ACustomName', creator=user['user'])
|
||||
assert 'ACustomName' in cert.name
|
||||
|
@ -41,7 +41,7 @@ def test_get_certificates(app, certificate, notification):
|
||||
delta = certificate.not_after + timedelta(days=2)
|
||||
with freeze_time(delta.datetime):
|
||||
certificate.notifications.append(notification)
|
||||
assert len(get_certificates()) == 0
|
||||
assert len(get_certificates()) == 1
|
||||
|
||||
|
||||
def test_get_eligible_certificates(app, certificate, notification):
|
||||
|
Loading…
Reference in New Issue
Block a user