From db746f12962d64a7eb65a20b905e95ebdb62465b Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Fri, 23 Mar 2018 08:51:18 -0700
Subject: [PATCH 1/3] Adds support for CDLDistributionPoints. (#1130)

---
 lemur/certificates/models.py                             | 3 +--
 lemur/schemas.py                                         | 9 +++++++++
 .../angular/authorities/authority/extensions.tpl.html    | 4 ++--
 .../angular/certificates/certificate/options.tpl.html    | 2 +-
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py
index 81dfa8d3..a9bb60cc 100644
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@@ -332,9 +332,8 @@ class Certificate(db.Model):
 
                     return_extensions['authority_key_identifier'] = aki
 
-                # TODO: Don't support CRLDistributionPoints yet https://github.com/Netflix/lemur/issues/662
                 elif isinstance(value, x509.CRLDistributionPoints):
-                    current_app.logger.warning('CRLDistributionPoints not yet supported for clone operation.')
+                    return_extensions['crl_distribution_points'] = {'include_crl_dp': value}
 
                 # TODO: Not supporting custom OIDs yet. https://github.com/Netflix/lemur/issues/665
                 else:
diff --git a/lemur/schemas.py b/lemur/schemas.py
index b897f378..94710d17 100644
--- a/lemur/schemas.py
+++ b/lemur/schemas.py
@@ -220,6 +220,14 @@ class CertificateInfoAccessSchema(BaseExtensionSchema):
         return {'includeAIA': data['include_aia']}
 
 
+class CRLDistributionPointsSchema(BaseExtensionSchema):
+    include_crl_dp = fields.String()
+
+    @post_dump
+    def handle_keys(self, data):
+        return {'includeCRLDP': data['include_crl_dp']}
+
+
 class SubjectKeyIdentifierSchema(BaseExtensionSchema):
     include_ski = fields.Boolean()
 
@@ -247,6 +255,7 @@ class ExtensionSchema(BaseExtensionSchema):
     sub_alt_names = fields.Nested(NamesSchema)
     authority_key_identifier = fields.Nested(AuthorityKeyIdentifierSchema)
     certificate_info_access = fields.Nested(CertificateInfoAccessSchema)
+    crl_distribution_points = fields.Nested(CRLDistributionPointsSchema, dump_to='cRL_distribution_points')
     # FIXME: Convert custom OIDs to a custom field in fields.py like other Extensions
     # FIXME: Remove support in UI for Critical custom extensions https://github.com/Netflix/lemur/issues/665
     custom = fields.List(fields.Nested(CustomOIDSchema))
diff --git a/lemur/static/app/angular/authorities/authority/extensions.tpl.html b/lemur/static/app/angular/authorities/authority/extensions.tpl.html
index ac815b07..321d2ad8 100644
--- a/lemur/static/app/angular/authorities/authority/extensions.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/extensions.tpl.html
@@ -160,7 +160,7 @@
     <div class="col-sm-10">
       <div class="checkbox">
         <label tooltip-trigger="mouseenter" tooltip-placement="top" uib-tooltip="Ask CA to include/not include AIA extension" >
-          <input type="checkbox" ng-model="authority.extensions.certificateInfoAccess.includeAIA">Include AIA 
+          <input type="checkbox" ng-model="authority.extensions.certificateInfoAccess.includeAIA">Include AIA
         </label>
       </div>
     </div>
@@ -182,7 +182,7 @@
       cRL Distribution Points
     </label>
     <div class="col-sm-8">
-      <select class="form-control" ng-model="authority.extensions.cRLDistributionPoints.includeCRLDP" ng-options="item for item in ['yes', 'no', 'default']"></select>
+      <select class="form-control" ng-model="authority.extensions.crlDistributionPoints.includeCrlDp" ng-options="item for item in ['yes', 'no', 'default']"></select>
     </div>
   </div>
   <div class="form-group">
diff --git a/lemur/static/app/angular/certificates/certificate/options.tpl.html b/lemur/static/app/angular/certificates/certificate/options.tpl.html
index 31c31f96..a52ee387 100644
--- a/lemur/static/app/angular/certificates/certificate/options.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/options.tpl.html
@@ -196,7 +196,7 @@
           cRL Distribution Points
         </label>
         <div class="col-sm-10">
-          <select class="form-control" ng-model="certificate.extensions.cRLDistributionPoints.includeCRLDP"
+          <select class="form-control" ng-model="certificate.extensions.crlDistributionPoints.includeCrlDp"
                   ng-options="item for item in ['yes', 'no', 'default']"></select>
         </div>
       </div>

From c51fed5307cfc5295debd1d35b82a507c0b820c2 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Fri, 23 Mar 2018 11:38:47 -0700
Subject: [PATCH 2/3] allowing null basic contraints (#1131)

---
 lemur/schemas.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/schemas.py b/lemur/schemas.py
index 94710d17..9d1836cd 100644
--- a/lemur/schemas.py
+++ b/lemur/schemas.py
@@ -248,7 +248,7 @@ class NamesSchema(BaseExtensionSchema):
 
 
 class ExtensionSchema(BaseExtensionSchema):
-    basic_constraints = BasicConstraintsExtension(missing={'ca': False})
+    basic_constraints = BasicConstraintsExtension()  # some devices balk on default basic constraints
     key_usage = KeyUsageExtension()
     extended_key_usage = ExtendedKeyUsageExtension()
     subject_key_identifier = fields.Nested(SubjectKeyIdentifierSchema)

From adb91494135c156812f7c335803f8fbe0916a094 Mon Sep 17 00:00:00 2001
From: Doppins <contact@doppins.com>
Date: Sat, 24 Mar 2018 19:23:33 +0000
Subject: [PATCH 3/3] Upgrade dependency python-dateutil to ==2.7.1

---
 requirements-tests.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-tests.txt b/requirements-tests.txt
index 97819b07..76ce984f 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -43,7 +43,7 @@ pyflakes==1.6.0
 pytest-flask==0.10.0
 pytest-mock==1.7.1
 pytest==3.4.2
-python-dateutil==2.6.1    # via botocore, faker, freezegun, moto
+python-dateutil==2.7.1    # via botocore, faker, freezegun, moto
 pytz==2018.3              # via moto
 pyyaml==3.12              # via pyaml
 requests-mock==1.4.0