Merge pull request #2982 from thousandeyes/fix-cryptography-intermediate-ca

Fix intermediate CA creation on cryptography plugin
This commit is contained in:
Hossein Shafagh 2020-07-23 14:31:34 -07:00 committed by GitHub
commit 91c0432cc2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 1 deletions

View File

@ -24,6 +24,11 @@ from lemur.certificates.service import create_csr
def build_certificate_authority(options): def build_certificate_authority(options):
options["certificate_authority"] = True options["certificate_authority"] = True
csr, private_key = create_csr(**options) csr, private_key = create_csr(**options)
if options.get("parent"):
# Intermediate Cert Issuance
cert_pem, chain_cert_pem = issue_certificate(csr, options, None)
else:
cert_pem, chain_cert_pem = issue_certificate(csr, options, private_key) cert_pem, chain_cert_pem = issue_certificate(csr, options, private_key)
return cert_pem, private_key, chain_cert_pem return cert_pem, private_key, chain_cert_pem

View File

@ -25,6 +25,31 @@ def test_build_certificate_authority():
assert chain_cert_pem == "" assert chain_cert_pem == ""
def test_build_intermediate_certificate_authority(authority):
from lemur.plugins.lemur_cryptography.plugin import build_certificate_authority
options = {
"key_type": "RSA2048",
"country": "US",
"state": "CA",
"location": "Example place",
"organization": "Example, Inc.",
"organizational_unit": "Example Unit",
"common_name": "Example INTERMEDIATE",
"validity_start": arrow.get("2016-12-01").datetime,
"validity_end": arrow.get("2016-12-02").datetime,
"first_serial": 1,
"serial_number": 1,
"owner": "owner@example.com",
"parent": authority
}
cert_pem, private_key_pem, chain_cert_pem = build_certificate_authority(options)
assert cert_pem
assert private_key_pem
assert chain_cert_pem == authority.authority_certificate.body
def test_issue_certificate(authority): def test_issue_certificate(authority):
from lemur.tests.vectors import CSR_STR from lemur.tests.vectors import CSR_STR
from lemur.plugins.lemur_cryptography.plugin import issue_certificate from lemur.plugins.lemur_cryptography.plugin import issue_certificate