From b677e6e3253b81fc8467803f2697ac99b35fe3e2 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 13 Oct 2020 19:40:01 -0700
Subject: [PATCH] Copy subject details for non-CAB-compliant authorities

---
 lemur/authorities/models.py   | 17 +++++++++++++++++
 lemur/authorities/schemas.py  |  1 +
 lemur/certificates/schemas.py | 23 ++++++++++++++++++++++-
 3 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/lemur/authorities/models.py b/lemur/authorities/models.py
index ccd1fab8..e8c0e03a 100644
--- a/lemur/authorities/models.py
+++ b/lemur/authorities/models.py
@@ -6,6 +6,8 @@
     :license: Apache, see LICENSE for more details.
 .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
 """
+import json
+
 from sqlalchemy.orm import relationship
 from sqlalchemy import (
     Column,
@@ -80,5 +82,20 @@ class Authority(db.Model):
     def plugin(self):
         return plugins.get(self.plugin_name)
 
+    @property
+    def is_cab_compliant(self):
+        """
+        Parse the options to find whether authority is CAB Compliant. Returns None if
+        option is not available
+        """
+        if not self.options:
+            return None
+
+        for option in json.loads(self.options):
+            if option["name"] == 'cab_compliant':
+                return option["value"]
+
+        return None
+
     def __repr__(self):
         return "Authority(name={name})".format(name=self.name)
diff --git a/lemur/authorities/schemas.py b/lemur/authorities/schemas.py
index f80d1581..6c48a183 100644
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@@ -139,6 +139,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema):
     plugin = fields.Nested(PluginOutputSchema)
     active = fields.Boolean()
     authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_days", "default_validity_days"])
+    is_cab_compliant = fields.Boolean()
 
 
 authority_update_schema = AuthorityUpdateSchema()
diff --git a/lemur/certificates/schemas.py b/lemur/certificates/schemas.py
index 688d6ba4..21abd214 100644
--- a/lemur/certificates/schemas.py
+++ b/lemur/certificates/schemas.py
@@ -8,7 +8,7 @@
 from flask import current_app
 from flask_restful import inputs
 from flask_restful.reqparse import RequestParser
-from marshmallow import fields, validate, validates_schema, post_load, pre_load
+from marshmallow import fields, validate, validates_schema, post_load, pre_load, post_dump
 from marshmallow.exceptions import ValidationError
 
 from lemur.authorities.schemas import AuthorityNestedOutputSchema
@@ -332,6 +332,27 @@ class CertificateOutputSchema(LemurOutputSchema):
     )
     rotation_policy = fields.Nested(RotationPolicyNestedOutputSchema)
 
+    country = fields.String()
+    location = fields.String()
+    state = fields.String()
+    organization = fields.String()
+    organizational_unit = fields.String()
+
+    @post_dump
+    def handle_subject_details(self, data):
+        # Remove subject details if authority is CAB compliant. The code will use default set of values in that case.
+        # If CAB compliance of an authority is unknown (None), it is safe to fallback to default values. Thus below
+        # condition checks for 'not False' ==> 'True or None'
+        if data.get("authority"):
+            is_cab_compliant = data.get("authority").get("isCabCompliant")
+
+            if is_cab_compliant is not False:
+                data.pop("country", None)
+                data.pop("state", None)
+                data.pop("location", None)
+                data.pop("organization", None)
+                data.pop("organizational_unit", None)
+
 
 class CertificateShortOutputSchema(LemurOutputSchema):
     id = fields.Integer()