Fixing the re-issuance process. Ensuring that certificates that are r… (#686)

* Fixing the re-issuance process. Ensuring that certificates that are re-issued go through the normal schema validation.

* Fixing tests.
This commit is contained in:
kevgliss 2017-02-03 11:21:53 -08:00 committed by GitHub
parent 0326e1031f
commit 8afcb50a39
6 changed files with 17 additions and 26 deletions

View File

@ -124,6 +124,7 @@ def request_reissue(certificate, commit):
:return:
"""
details = get_certificate_primitives(certificate)
print_certificate_details(details)
if commit:
try:

View File

@ -27,6 +27,8 @@ from lemur.destinations.models import Destination
from lemur.certificates.models import Certificate
from lemur.notifications.models import Notification
from lemur.certificates.schemas import CertificateOutputSchema, CertificateInputSchema
from lemur.roles import service as role_service
@ -461,26 +463,10 @@ def get_certificate_primitives(certificate):
certificate via `create`.
"""
start, end = calculate_reissue_range(certificate.not_before, certificate.not_after)
return dict(
authority=certificate.authority,
common_name=certificate.cn,
description=certificate.description,
validity_start=start,
validity_end=end,
destinations=certificate.destinations,
roles=certificate.roles,
extensions=certificate.extensions,
owner=certificate.owner,
organization=certificate.organization,
organizational_unit=certificate.organizational_unit,
country=certificate.country,
state=certificate.state,
location=certificate.location,
key_type=certificate.key_type,
notifications=certificate.notifications,
rotation=certificate.rotation
)
data = CertificateInputSchema().load(CertificateOutputSchema().dump(certificate).data).data
data['validity_start'] = start
data['validity_end'] = end
return data
def reissue_certificate(certificate, replace=None, user=None):
@ -492,9 +478,11 @@ def reissue_certificate(certificate, replace=None, user=None):
:return:
"""
primitives = get_certificate_primitives(certificate)
from pprint import pprint
pprint(primitives)
if not user:
primitives['creator'] = certificate.user
else:
primitives['creator'] = user

View File

@ -9,6 +9,8 @@ def rotate_certificate(endpoint, new_cert):
:param new_cert:
:return:
"""
# ensure that certificate is available for rotation
endpoint.source.plugin.update_endpoint(endpoint, new_cert)
endpoint.certificate = new_cert
database.update(endpoint)

View File

@ -200,7 +200,7 @@ class NamesSchema(BaseExtensionSchema):
class ExtensionSchema(BaseExtensionSchema):
basic_constraints = BasicConstraintsExtension()
basic_constraints = BasicConstraintsExtension(missing={'ca': False})
key_usage = KeyUsageExtension()
extended_key_usage = ExtendedKeyUsageExtension()
subject_key_identifier = fields.Nested(SubjectKeyIdentifierSchema)

View File

@ -53,7 +53,7 @@ def test_get_certificate_primitives(certificate):
with freeze_time(datetime.date(year=2016, month=10, day=30)):
primitives = get_certificate_primitives(certificate)
assert len(primitives) == 17
assert len(primitives) == 21
def test_certificate_edit_schema(session):
@ -321,7 +321,7 @@ def test_import(user):
assert str(cert.not_after) == '2040-01-01T20:30:52+00:00'
assert str(cert.not_before) == '2015-06-26T20:30:52+00:00'
assert cert.issuer == 'Example'
assert cert.name == 'long.lived.com-Example-20150626-20400101-2'
assert cert.name == 'long.lived.com-Example-20150626-20400101-1'
cert = import_certificate(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='joe@example.com', name='ACustomName2', creator=user['user'])
assert cert.name == 'ACustomName2'
@ -333,7 +333,7 @@ def test_upload(user):
assert str(cert.not_after) == '2040-01-01T20:30:52+00:00'
assert str(cert.not_before) == '2015-06-26T20:30:52+00:00'
assert cert.issuer == 'Example'
assert cert.name == 'long.lived.com-Example-20150626-20400101-3'
assert cert.name == 'long.lived.com-Example-20150626-20400101-2'
cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='joe@example.com', name='ACustomName', creator=user['user'])
assert 'ACustomName' in cert.name

View File

@ -41,7 +41,7 @@ def test_get_certificates(app, certificate, notification):
delta = certificate.not_after + timedelta(days=2)
with freeze_time(delta.datetime):
certificate.notifications.append(notification)
assert len(get_certificates()) == 0
assert len(get_certificates()) == 1
def test_get_eligible_certificates(app, certificate, notification):