Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Refactoring 'create_name' out of our certificate class, fixed an issuer were key size was being calculated and removing unused functions

This commit is contained in:
Kevin Glisson 2015-06-26 16:18:31 -07:00
parent 1f9d943a4c
commit 964d1c1c52
1 changed files with 43 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
lemur/certificates/models.py
View File

@ -26,6 +26,36 @@ from lemur.constants import SAN_NAMING_TEMPLATE, DEFAULT_NAMING_TEMPLATE, NONSTA
from lemur.models import certificate_associations, certificate_account_associations from lemur.models import certificate_associations, certificate_account_associations
def create_name(issuer, not_before, not_after, common_name, san):
"""
Create a name for our certificate. A naming standard
is based on a series of templates. The name includes
useful information such as Common Name, Validation dates,
and Issuer.
:rtype : str
:return:
"""
delchars = ''.join(c for c in map(chr, range(256)) if not c.isalnum())
# aws doesn't allow special chars
subject = common_name.replace('*', "WILDCARD")
issuer = issuer.translate(None, delchars)
if san:
t = SAN_NAMING_TEMPLATE
else:
t = DEFAULT_NAMING_TEMPLATE
temp = t.format(
subject=subject,
issuer=issuer,
not_before=not_before.strftime('%Y%m%d'),
not_after=not_after.strftime('%Y%m%d')
)
return temp
def cert_get_cn(cert): def cert_get_cn(cert):
""" """
Attempts to get a sane common name from a given certificate. Attempts to get a sane common name from a given certificate.
@ -33,12 +63,9 @@ def cert_get_cn(cert):
:param cert: :param cert:
:return: Common name or None :return: Common name or None
""" """
try: return cert.subject.get_attributes_for_oid(
return cert.subject.get_attributes_for_oid( x509.OID_COMMON_NAME
x509.OID_COMMON_NAME )[0].value.strip()
)[0].value.strip()
except Exception as e:
current_app.logger.error("Unable to get CN! {0}".format(e))
def cert_get_domains(cert): def cert_get_domains(cert):
@ -48,17 +75,21 @@ def cert_get_domains(cert):
return the common name. return the common name.
:param cert: :param cert:
:return: List of domains :return: List of domainss
""" """
domains = [] domains = []
try: try:
ext = cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_ALTERNATIVE_NAME) ext = cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_ALTERNATIVE_NAME)
entries = ext.get_values_for(x509.DNSName) entries = ext.value.get_values_for_type(x509.DNSName)
for entry in entries: for entry in entries:
domains.append(entry.split(":")[1].strip(", ")) domains.append(entry)
except Exception as e: except Exception as e:
current_app.logger.warning("Failed to get SubjectAltName: {0}".format(e)) current_app.logger.warning("Failed to get SubjectAltName: {0}".format(e))
domains.append(cert_get_cn(cert))
# do a simple check to make sure it's a real domain
common_name = cert_get_cn(cert)
if '.' in common_name:
domains.append(common_name)
return domains return domains
@ -106,7 +137,7 @@ def cert_get_bitstrength(cert):
:param cert: :param cert:
:return: Integer :return: Integer
""" """
return cert.public_key().key_size * 8 return cert.public_key().key_size
def cert_get_issuer(cert): def cert_get_issuer(cert):
@ -122,20 +153,6 @@ def cert_get_issuer(cert):
current_app.logger.error("Unable to get issuer! {0}".format(e)) current_app.logger.error("Unable to get issuer! {0}".format(e))
def cert_is_internal(cert):
"""
Uses an internal resource in order to determine if
a given certificate was issued by an 'internal' certificate
authority.
:param cert:
:return: Bool
"""
if cert_get_issuer(cert) in current_app.config.get('INTERNAL_CA', []):
return True
return False
def cert_get_not_before(cert): def cert_get_not_before(cert):
""" """
Gets the naive datetime of the certificates 'not_before' field. Gets the naive datetime of the certificates 'not_before' field.
@ -223,49 +240,11 @@ class Certificate(db.Model):
self.san = cert_is_san(cert) self.san = cert_is_san(cert)
self.not_before = cert_get_not_before(cert) self.not_before = cert_get_not_before(cert)
self.not_after = cert_get_not_after(cert) self.not_after = cert_get_not_after(cert)
self.name = self.create_name self.name = create_name(self.issuer, self.not_before, self.not_after, self.cn, self.san)
for domain in cert_get_domains(cert): for domain in cert_get_domains(cert):
self.domains.append(Domain(name=domain)) self.domains.append(Domain(name=domain))
@property
def create_name(self):
"""
Create a name for our certificate. A naming standard
is based on a series of templates. The name includes
useful information such as Common Name, Validation dates,
and Issuer.
:rtype : str
:return:
"""
# aws doesn't allow special chars
if self.cn:
subject = self.cn.replace('*', "WILDCARD")
if self.san:
t = SAN_NAMING_TEMPLATE
else:
t = DEFAULT_NAMING_TEMPLATE
temp = t.format(
subject=subject,
issuer=self.issuer,
not_before=self.not_before.strftime('%Y%m%d'),
not_after=self.not_after.strftime('%Y%m%d')
)
else:
t = NONSTANDARD_NAMING_TEMPLATE
temp = t.format(
issuer=self.issuer,
not_before=self.not_before.strftime('%Y%m%d'),
not_after=self.not_after.strftime('%Y%m%d')
)
return temp
@property @property
def is_expired(self): def is_expired(self):
if self.not_after < datetime.datetime.now(): if self.not_after < datetime.datetime.now():
@ -296,12 +275,3 @@ class Certificate(db.Model):
def as_dict(self): def as_dict(self):
return {c.name: getattr(self, c.name) for c in self.__table__.columns} return {c.name: getattr(self, c.name) for c in self.__table__.columns}
def serialize(self):
blob = self.as_dict()
# TODO this should be done with relationships
user = user_service.get(self.user_id)
if user:
blob['creator'] = user.username
return blob