Do not re-use CSR during certificate reissuance; Update requirement; Add more logging to celery handler

2018-11-12 09:52:11 -08:00
parent 6f0005c78e
commit a7a05e26bc
8 changed files with 38 additions and 22 deletions
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@ -367,7 +367,7 @@ def update_destinations(target, value, initiator):
    destination_plugin = plugins.get(value.plugin_name)
    status = FAILURE_METRIC_STATUS
    try:
-        if target.private_key:
+        if target.private_key or not destination_plugin.requires_key:
            destination_plugin.upload(target.name, target.body, target.private_key, target.chain, value.options)
            status = SUCCESS_METRIC_STATUS
    except Exception as e:
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -539,6 +539,9 @@ def reissue_certificate(certificate, replace=None, user=None):
    """
    primitives = get_certificate_primitives(certificate)

+    if primitives.get("csr"):
+        #  We do not want to re-use the CSR when creating a certificate because this defeats the purpose of rotation.
+        del primitives["csr"]
    if not user:
        primitives['creator'] = certificate.user