From cabe2ae18d2db0744bd2cddbf79b34ec9b976674 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Mon, 28 Dec 2015 22:00:29 -0500
Subject: [PATCH] Adding the ability to issue third party created CSRs

---
 CHANGELOG.rst                                    |  9 +--------
 lemur/__about__.py                               |  2 +-
 lemur/certificates/service.py                    |  7 ++++++-
 lemur/certificates/views.py                      |  2 ++
 .../certificates/certificate/tracking.tpl.html   | 16 +++++++++++++++-
 5 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 4ab2d19f..e024e01c 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,18 +1,11 @@
 Changelog
 =========
 
-0.2.2 - `master` _
+0.2.1 - `master` _
 ~~~~~~~~~~~~~~~~~~
 
 .. note:: This version not yet released and is under active development
 
-0.2.1 - 2015-12-14
-~~~~~~~~~~~~~~~~~~
-
-* Fixed an issue with email templates
-* Fixed bug with search not refreshing values
-* Cleaned up documentation, including working supervisor example (thanks rpicard!)
-
 0.2.0 - 2015-12-02
 ~~~~~~~~~~~~~~~~~~~
 
diff --git a/lemur/__about__.py b/lemur/__about__.py
index 8e1f9c0a..7e2f7c16 100644
--- a/lemur/__about__.py
+++ b/lemur/__about__.py
@@ -9,7 +9,7 @@ __title__ = "lemur"
 __summary__ = ("Certificate management and orchestration service")
 __uri__ = "https://github.com/Netflix/lemur"
 
-__version__ = "0.2.1"
+__version__ = "0.2.1dev"
 
 __author__ = "The Lemur developers"
 __email__ = "security@netflix.com"
diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py
index 5659eab9..ce372972 100644
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@@ -140,7 +140,12 @@ def mint(issuer_options):
 
     issuer = plugins.get(authority.plugin_name)
 
-    csr, private_key = create_csr(issuer_options)
+    # allow the CSR to be specified by the user
+    if not issuer_options.get('csr'):
+        csr, private_key = create_csr(issuer_options)
+    else:
+        csr = issuer_options.get('csr')
+        private_key = None
 
     issuer_options['creator'] = g.user.email
     cert_body, cert_chain = issuer.create_certificate(csr, issuer_options)
diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py
index 17cfca69..4bbe4c5e 100644
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@@ -192,6 +192,7 @@ class CertificatesList(AuthenticatedResource):
                 "owner": "bob@example.com",
                 "description": "test",
                 "selectedAuthority": "timetest2",
+                "csr",
                 "authority": {
                     "body": "-----BEGIN...",
                     "name": "timetest2",
@@ -325,6 +326,7 @@ class CertificatesList(AuthenticatedResource):
         self.reqparse.add_argument('organizationalUnit', type=str, location='json', required=True)
         self.reqparse.add_argument('owner', type=str, location='json', required=True)
         self.reqparse.add_argument('commonName', type=str, location='json', required=True)
+        self.reqparse.add_argument('csr', type=str, location='json')
 
         args = self.reqparse.parse_args()
 
diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
index 490e68a5..e56541f0 100644
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@@ -48,7 +48,7 @@
         </div>
       </div>
     </div>
-    <div ng-show="certificate.authority" class="form-group">
+    <div class="form-group">
       <label class="control-label col-sm-2">
         Certificate Template
       </label>
@@ -110,6 +110,20 @@
         </div>
       </div>
     </div>
+    <div class="form-group"
+         ng-class="{'has-error': trackingForm.csr.$invalid&&trackingForm.csr.$dirty, 'has-success': !trackingForm.csr.$invalid&&trackingForm.csr.$dirty}">
+      <label class="control-label col-sm-2">
+        Certificate Signing Request (CSR)
+      </label>
+      <div class="col-sm-10">
+                <textarea tooltip="Values defined in the CSR will take precedence" name="certificate signing request" ng-model="certificate.csr"
+                          placeholder="PEM encoded string..." class="form-control"
+                          ng-pattern="/^-----BEGIN CERTIFICATE REQUEST-----/"></textarea>
+
+        <p ng-show="trackingForm.csr.$invalid && !trackingForm.csr.$pristine"
+           class="help-block">Enter a valid certificate signing request.</p>
+      </div>
+    </div>
     <div ng-include="'angular/certificates/certificate/replaces.tpl.html'"></div>
     <div ng-include="'angular/certificates/certificate/notifications.tpl.html'"></div>
     <div ng-include="'angular/certificates/certificate/destinations.tpl.html'"></div>