From 8afcb50a391330842679ad8b45a733a7366176d9 Mon Sep 17 00:00:00 2001 From: kevgliss Date: Fri, 3 Feb 2017 11:21:53 -0800 Subject: [PATCH] =?UTF-8?q?Fixing=20the=20re-issuance=20process.=20Ensurin?= =?UTF-8?q?g=20that=20certificates=20that=20are=20r=E2=80=A6=20(#686)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fixing the re-issuance process. Ensuring that certificates that are re-issued go through the normal schema validation. * Fixing tests. --- lemur/certificates/cli.py | 1 + lemur/certificates/service.py | 30 +++++++++--------------------- lemur/deployment/service.py | 2 ++ lemur/schemas.py | 2 +- lemur/tests/test_certificates.py | 6 +++--- lemur/tests/test_messaging.py | 2 +- 6 files changed, 17 insertions(+), 26 deletions(-) diff --git a/lemur/certificates/cli.py b/lemur/certificates/cli.py index f17ed8ba..b8d35adc 100644 --- a/lemur/certificates/cli.py +++ b/lemur/certificates/cli.py @@ -124,6 +124,7 @@ def request_reissue(certificate, commit): :return: """ details = get_certificate_primitives(certificate) + print_certificate_details(details) if commit: try: diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py index c1be4b43..b696ca0c 100644 --- a/lemur/certificates/service.py +++ b/lemur/certificates/service.py @@ -27,6 +27,8 @@ from lemur.destinations.models import Destination from lemur.certificates.models import Certificate from lemur.notifications.models import Notification +from lemur.certificates.schemas import CertificateOutputSchema, CertificateInputSchema + from lemur.roles import service as role_service @@ -461,26 +463,10 @@ def get_certificate_primitives(certificate): certificate via `create`. """ start, end = calculate_reissue_range(certificate.not_before, certificate.not_after) - - return dict( - authority=certificate.authority, - common_name=certificate.cn, - description=certificate.description, - validity_start=start, - validity_end=end, - destinations=certificate.destinations, - roles=certificate.roles, - extensions=certificate.extensions, - owner=certificate.owner, - organization=certificate.organization, - organizational_unit=certificate.organizational_unit, - country=certificate.country, - state=certificate.state, - location=certificate.location, - key_type=certificate.key_type, - notifications=certificate.notifications, - rotation=certificate.rotation - ) + data = CertificateInputSchema().load(CertificateOutputSchema().dump(certificate).data).data + data['validity_start'] = start + data['validity_end'] = end + return data def reissue_certificate(certificate, replace=None, user=None): @@ -492,9 +478,11 @@ def reissue_certificate(certificate, replace=None, user=None): :return: """ primitives = get_certificate_primitives(certificate) - + from pprint import pprint + pprint(primitives) if not user: primitives['creator'] = certificate.user + else: primitives['creator'] = user diff --git a/lemur/deployment/service.py b/lemur/deployment/service.py index 764347c5..9c2a0a12 100644 --- a/lemur/deployment/service.py +++ b/lemur/deployment/service.py @@ -9,6 +9,8 @@ def rotate_certificate(endpoint, new_cert): :param new_cert: :return: """ + # ensure that certificate is available for rotation + endpoint.source.plugin.update_endpoint(endpoint, new_cert) endpoint.certificate = new_cert database.update(endpoint) diff --git a/lemur/schemas.py b/lemur/schemas.py index 5ca674b6..082f4172 100644 --- a/lemur/schemas.py +++ b/lemur/schemas.py @@ -200,7 +200,7 @@ class NamesSchema(BaseExtensionSchema): class ExtensionSchema(BaseExtensionSchema): - basic_constraints = BasicConstraintsExtension() + basic_constraints = BasicConstraintsExtension(missing={'ca': False}) key_usage = KeyUsageExtension() extended_key_usage = ExtendedKeyUsageExtension() subject_key_identifier = fields.Nested(SubjectKeyIdentifierSchema) diff --git a/lemur/tests/test_certificates.py b/lemur/tests/test_certificates.py index 5b20879f..c3c4b05e 100644 --- a/lemur/tests/test_certificates.py +++ b/lemur/tests/test_certificates.py @@ -53,7 +53,7 @@ def test_get_certificate_primitives(certificate): with freeze_time(datetime.date(year=2016, month=10, day=30)): primitives = get_certificate_primitives(certificate) - assert len(primitives) == 17 + assert len(primitives) == 21 def test_certificate_edit_schema(session): @@ -321,7 +321,7 @@ def test_import(user): assert str(cert.not_after) == '2040-01-01T20:30:52+00:00' assert str(cert.not_before) == '2015-06-26T20:30:52+00:00' assert cert.issuer == 'Example' - assert cert.name == 'long.lived.com-Example-20150626-20400101-2' + assert cert.name == 'long.lived.com-Example-20150626-20400101-1' cert = import_certificate(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='joe@example.com', name='ACustomName2', creator=user['user']) assert cert.name == 'ACustomName2' @@ -333,7 +333,7 @@ def test_upload(user): assert str(cert.not_after) == '2040-01-01T20:30:52+00:00' assert str(cert.not_before) == '2015-06-26T20:30:52+00:00' assert cert.issuer == 'Example' - assert cert.name == 'long.lived.com-Example-20150626-20400101-3' + assert cert.name == 'long.lived.com-Example-20150626-20400101-2' cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='joe@example.com', name='ACustomName', creator=user['user']) assert 'ACustomName' in cert.name diff --git a/lemur/tests/test_messaging.py b/lemur/tests/test_messaging.py index 11ea848b..f45ebbfd 100644 --- a/lemur/tests/test_messaging.py +++ b/lemur/tests/test_messaging.py @@ -41,7 +41,7 @@ def test_get_certificates(app, certificate, notification): delta = certificate.not_after + timedelta(days=2) with freeze_time(delta.datetime): certificate.notifications.append(notification) - assert len(get_certificates()) == 0 + assert len(get_certificates()) == 1 def test_get_eligible_certificates(app, certificate, notification):