Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Underscores should not be in hostnames (#728)

This commit is contained in:
kevgliss 2017-03-15 08:41:06 -07:00 committed by GitHub
parent d9f2faa462
commit b0ea027769
1 changed files with 37 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
lemur/certificates/models.py
View File

@ -12,6 +12,8 @@ from flask import current_app
from cryptography import x509 from cryptography import x509
from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.asymmetric import rsa
from idna.core import InvalidCodepoint
from sqlalchemy.orm import relationship from sqlalchemy.orm import relationship
from sqlalchemy.sql.expression import case from sqlalchemy.sql.expression import case
from sqlalchemy.ext.hybrid import hybrid_property from sqlalchemy.ext.hybrid import hybrid_property
@ -244,48 +246,52 @@ class Certificate(db.Model):
return_extensions = { return_extensions = {
'sub_alt_names': {'names': []} 'sub_alt_names': {'names': []}
} }
cert = lemur.common.utils.parse_certificate(self.body)
for extension in cert.extensions:
value = extension.value
if isinstance(value, x509.BasicConstraints):
return_extensions['basic_constraints'] = value
elif isinstance(value, x509.SubjectAlternativeName): try:
return_extensions['sub_alt_names']['names'] = value cert = lemur.common.utils.parse_certificate(self.body)
for extension in cert.extensions:
value = extension.value
if isinstance(value, x509.BasicConstraints):
return_extensions['basic_constraints'] = value
elif isinstance(value, x509.ExtendedKeyUsage): elif isinstance(value, x509.SubjectAlternativeName):
return_extensions['extended_key_usage'] = value return_extensions['sub_alt_names']['names'] = value
elif isinstance(value, x509.KeyUsage): elif isinstance(value, x509.ExtendedKeyUsage):
return_extensions['key_usage'] = value return_extensions['extended_key_usage'] = value
elif isinstance(value, x509.SubjectKeyIdentifier): elif isinstance(value, x509.KeyUsage):
return_extensions['subject_key_identifier'] = {'include_ski': True} return_extensions['key_usage'] = value
elif isinstance(value, x509.AuthorityInformationAccess): elif isinstance(value, x509.SubjectKeyIdentifier):
return_extensions['certificate_info_access'] = {'include_aia': True} return_extensions['subject_key_identifier'] = {'include_ski': True}
elif isinstance(value, x509.AuthorityKeyIdentifier): elif isinstance(value, x509.AuthorityInformationAccess):
aki = { return_extensions['certificate_info_access'] = {'include_aia': True}
'use_key_identifier': False,
'use_authority_cert': False
}
if value.key_identifier: elif isinstance(value, x509.AuthorityKeyIdentifier):
aki['use_key_identifier'] = True aki = {
'use_key_identifier': False,
'use_authority_cert': False
}
if value.authority_cert_issuer: if value.key_identifier:
aki['use_authority_cert'] = True aki['use_key_identifier'] = True
return_extensions['authority_key_identifier'] = aki if value.authority_cert_issuer:
aki['use_authority_cert'] = True
# TODO: Don't support CRLDistributionPoints yet https://github.com/Netflix/lemur/issues/662 return_extensions['authority_key_identifier'] = aki
elif isinstance(value, x509.CRLDistributionPoints):
current_app.logger.warning('CRLDistributionPoints not yet supported for clone operation.')
# TODO: Not supporting custom OIDs yet. https://github.com/Netflix/lemur/issues/665 # TODO: Don't support CRLDistributionPoints yet https://github.com/Netflix/lemur/issues/662
else: elif isinstance(value, x509.CRLDistributionPoints):
current_app.logger.warning('Custom OIDs not yet supported for clone operation.') current_app.logger.warning('CRLDistributionPoints not yet supported for clone operation.')
# TODO: Not supporting custom OIDs yet. https://github.com/Netflix/lemur/issues/665
else:
current_app.logger.warning('Custom OIDs not yet supported for clone operation.')
except InvalidCodepoint as e:
current_app.logger.warning('Unable to parse extensions due to underscore in dns name')
return return_extensions return return_extensions