Adding the ability to issue third party created CSRs

2015-12-28 22:00:29 -05:00 · 2015-12-28 22:00:29 -05:00 · cabe2ae18d
parent 29bcde145c
commit cabe2ae18d
5 changed files with 25 additions and 11 deletions
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@ -1,18 +1,11 @@
 Changelog
 =========

-0.2.2 - `master` _
+0.2.1 - `master` _
 ~~~~~~~~~~~~~~~~~~

 .. note:: This version not yet released and is under active development

-0.2.1 - 2015-12-14
-~~~~~~~~~~~~~~~~~~
-
-* Fixed an issue with email templates
-* Fixed bug with search not refreshing values
-* Cleaned up documentation, including working supervisor example (thanks rpicard!)
-
 0.2.0 - 2015-12-02
 ~~~~~~~~~~~~~~~~~~~

--- a/lemur/about.py
+++ b/lemur/about.py
@ -9,7 +9,7 @@ __title__ = "lemur"
 __summary__ = ("Certificate management and orchestration service")
 __uri__ = "https://github.com/Netflix/lemur"

-__version__ = "0.2.1"
+__version__ = "0.2.1dev"

 __author__ = "The Lemur developers"
 __email__ = "security@netflix.com"
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -140,7 +140,12 @@ def mint(issuer_options):

    issuer = plugins.get(authority.plugin_name)

-    csr, private_key = create_csr(issuer_options)
+    # allow the CSR to be specified by the user
+    if not issuer_options.get('csr'):
+        csr, private_key = create_csr(issuer_options)
+    else:
+        csr = issuer_options.get('csr')
+        private_key = None

    issuer_options['creator'] = g.user.email
    cert_body, cert_chain = issuer.create_certificate(csr, issuer_options)
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@ -192,6 +192,7 @@ class CertificatesList(AuthenticatedResource):
                "owner": "bob@example.com",
                "description": "test",
                "selectedAuthority": "timetest2",
+                "csr",
                "authority": {
                    "body": "-----BEGIN...",
                    "name": "timetest2",
@ -325,6 +326,7 @@ class CertificatesList(AuthenticatedResource):
        self.reqparse.add_argument('organizationalUnit', type=str, location='json', required=True)
        self.reqparse.add_argument('owner', type=str, location='json', required=True)
        self.reqparse.add_argument('commonName', type=str, location='json', required=True)
+        self.reqparse.add_argument('csr', type=str, location='json')

        args = self.reqparse.parse_args()

--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@ -48,7 +48,7 @@
        </div>
      </div>
    </div>
-    <div ng-show="certificate.authority" class="form-group">
+    <div class="form-group">
      <label class="control-label col-sm-2">
        Certificate Template
      </label>
@ -110,6 +110,20 @@
        </div>
      </div>
    </div>
+    <div class="form-group"
+         ng-class="{'has-error': trackingForm.csr.$invalid&&trackingForm.csr.$dirty, 'has-success': !trackingForm.csr.$invalid&&trackingForm.csr.$dirty}">
+      <label class="control-label col-sm-2">
+        Certificate Signing Request (CSR)
+      </label>
+      <div class="col-sm-10">
+                <textarea tooltip="Values defined in the CSR will take precedence" name="certificate signing request" ng-model="certificate.csr"
+                          placeholder="PEM encoded string..." class="form-control"
+                          ng-pattern="/^-----BEGIN CERTIFICATE REQUEST-----/"></textarea>
+
+        <p ng-show="trackingForm.csr.$invalid && !trackingForm.csr.$pristine"
+           class="help-block">Enter a valid certificate signing request.</p>
+      </div>
+    </div>
    <div ng-include="'angular/certificates/certificate/replaces.tpl.html'"></div>
    <div ng-include="'angular/certificates/certificate/notifications.tpl.html'"></div>
    <div ng-include="'angular/certificates/certificate/destinations.tpl.html'"></div>